diff options
author | Kyungwook Tak <k.tak@samsung.com> | 2015-07-13 10:43:23 +0900 |
---|---|---|
committer | Kyungwook Tak <k.tak@samsung.com> | 2015-07-16 18:08:33 +0900 |
commit | b854e72692792825c7d905df13eac186e73a1d2d (patch) | |
tree | cc22bc9ffed5f6b15c321c150667b2a47f9b1ad5 | |
parent | ee8181dce4bc0f6c38db8b43c5f1ea0c021cc8d4 (diff) | |
download | cert-svc-b854e72692792825c7d905df13eac186e73a1d2d.tar.gz cert-svc-b854e72692792825c7d905df13eac186e73a1d2d.tar.bz2 cert-svc-b854e72692792825c7d905df13eac186e73a1d2d.zip |
Update Tizen 2.4 latest codes
* remove dpl dependency (to wrt-commons)
* cert-server service added, which is moved from secure-storage
* add test codes
- turn test build flag on in spec file to build test cases
Change-Id: Id355e0e52220dd2b281a1a2225383fd366b876fe
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
644 files changed, 53497 insertions, 5360 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index b678e0a..bc061fa 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,157 +1,73 @@ CMAKE_MINIMUM_REQUIRED(VERSION 2.6) -PROJECT(certsvc) +PROJECT(cert-svc) INCLUDE(FindPkgConfig) SET(SO_VERSION 1) SET(VERSION "${SO_VERSION}.0.0") -# define debug output -SET(DEBUG_OUTPUT "-DCERT_SVC_LOG") # for debug -#SET(DEBUG_OUTPUT "-DCERT_SVC_LOG_CONSOLE") # for debug - -SET(TARGET_CERT_SVC_LIB "cert-svc") -SET(TARGET_VCORE_LIB "cert-svc-vcore") -#SET(TARGET_SIGN_TOOL "dpkg-pki-sig") - # compiler options -SET(GC_SECTIONS_FLAGS "-fdata-sections -ffunction-sections -Wl,--gc-sections") -SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${GC_SECTIONS_FLAGS}") -SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${GC_SECTIONS_FLAGS}") - -SET(CMAKE_C_FLAGS_RELEASE "-fvisibility=hidden -Wall -O2") -SET(CMAKE_CXX_FLAGS_RELEASE "-std=c++0x -Wall -O2") - -SET(CMAKE_C_FLAGS_DEBUG "-fvisibility=hidden -Wall -O0 -g") -SET(CMAKE_CXX_FLAGS_DEBUG "-std=c++0x -Wall -O0 -g") - -SET(CMAKE_C_FLAGS_CCOV "-fvisibility=hidden -Wall -O2 --coverage") -SET(CMAKE_CXX_FLAGS_CCOV "-std=c++0x -Wall -O2 --coverage") - +SET(GC_SECTIONS_FLAGS "-fdata-sections -ffunction-sections -Wl,--gc-sections") +SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${GC_SECTIONS_FLAGS}") +SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${GC_SECTIONS_FLAGS}") +SET(CMAKE_C_FLAGS_RELEASE "-g -O2") +SET(CMAKE_CXX_FLAGS_RELEASE "-g -std=c++0x -O2") +SET(CMAKE_C_FLAGS_DEBUG "-g -O0") +SET(CMAKE_CXX_FLAGS_DEBUG "-g -std=c++0x -O0") +SET(CMAKE_C_FLAGS_CCOV "-g -O2 --coverage") +SET(CMAKE_CXX_FLAGS_CCOV "-g -std=c++0x -O2 --coverage") SET(CMAKE_SHARED_LINKER_FLAGS "-Wl,--as-needed") -SET(CMAKE_EXE_LINKER_FLAGS "-Wl,--as-needed") -SET(CMAKE_SKIP_RPATH "TRUE") -SET(TZ_SYS_SHARE "${TZ_SYS_SHARE}") -SET(TZ_SYS_BIN "${TZ_SYS_BIN}") -SET(TZ_SYS_ETC "${TZ_SYS_ETC}") -#SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Werror -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wmissing-declarations") - -################################################################################ -# for libcert-svc.so -################################################################################ - -PKG_CHECK_MODULES(CERT_SVC_DEPS - openssl - dlog - glib-2.0 - libxml-2.0 - libtzplatform-config - REQUIRED -) - -SET(CERT_SVC_SOURCES - ${PROJECT_SOURCE_DIR}/srcs/cert-service.c - ${PROJECT_SOURCE_DIR}/srcs/cert-service-util.c - ${PROJECT_SOURCE_DIR}/srcs/cert-service-store.c - ${PROJECT_SOURCE_DIR}/srcs/cert-service-process.c -) - -IF(DEFINED DEBUG_OUTPUT) - SET_SOURCE_FILES_PROPERTIES(${CERT_SVC_SOURCES} - PROPERTIES COMPILE_FLAGS ${DEBUG_OUTPUT}) -ENDIF(DEFINED DEBUG_OUTPUT) - -INCLUDE_DIRECTORIES( - ${PROJECT_SOURCE_DIR}/include - ${CERT_SVC_DEPS_INCLUDE_DIRS} -) +SET(CMAKE_EXE_LINKER_FLAGS "-Wl,--as-needed") +SET(CMAKE_SKIP_RPATH "TRUE") +IF (CMAKE_BUILD_TYPE MATCHES "DEBUG") +ADD_DEFINITIONS("-DTIZEN_DEBUG_ENABLE") +ADD_DEFINITIONS("-DBUILD_TYPE_DEBUG") ADD_DEFINITIONS("-DDPL_LOGS_ENABLED") -IF(TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL) -MESSAGE("TIZEN_FEATURE_CERT_SVC_OCSP_CRL ENABLED") -ADD_DEFINITIONS("-DTIZEN_FEATURE_CERT_SVC_OCSP_CRL") -ENDIF(TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL) - -ADD_LIBRARY(${TARGET_CERT_SVC_LIB} SHARED ${CERT_SVC_SOURCES}) - -SET_TARGET_PROPERTIES(${TARGET_CERT_SVC_LIB} PROPERTIES - SOVERSION ${SO_VERSION} - VERSION ${VERSION} -) - -TARGET_LINK_LIBRARIES(${TARGET_CERT_SVC_LIB} - pthread - ${CERT_SVC_DEPS_LIBRARIES} -) +ENDIF (CMAKE_BUILD_TYPE MATCHES "DEBUG") +IF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) +MESSAGE("TIZEN_FEAT_CERT_SVC_OCSP_CRL ENABLED") +ADD_DEFINITIONS("-DTIZEN_FEATURE_CERT_SVC_OCSP_CRL") +ENDIF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) -################################################################################ +SET(TARGET_CERT_SVC_LIB "cert-svc") +SET(TARGET_VCORE_LIB "cert-svc-vcore") +SET(TARGET_CERT_SERVER "cert-server") + +# test binaries +SET(TARGET_VCOREC_TEST "cert-svc-tests-capi") +SET(TARGET_TEST_CERT_SVC_OGIG "cert-svc-tests-orig") +SET(TARGET_PKCS12_TEST "cert-svc-tests-pkcs12") +SET(TARGET_VCORE_TEST "cert-svc-tests-vcore") + +ADD_DEFINITIONS("-DCERTSVC_SYSTEM_STORE_DB=\"${TZ_SYS_SHARE}/cert-svc/dbspace/certs-meta.db\"") +ADD_DEFINITIONS("-DCERTSVC_VCORE_DB=\"${TZ_SYS_DB}/.cert_svc_vcore.db\"") +ADD_DEFINITIONS("-DCERTSVC_CRT_FILE_PATH=\"${TZ_SYS_SHARE}/cert-svc/ca-certificate.crt\"") +ADD_DEFINITIONS("-DFINGERPRINT_LIST_PATH=\"${TZ_SYS_SHARE}/ca-certificates/fingerprint/fingerprint_list.xml\"") +ADD_DEFINITIONS("-DFINGERPRINT_LIST_SCHEMA_PATH=\"${TZ_SYS_SHARE}/ca-certificates/fingerprint/fingerprint_list.xsd\"") +ADD_DEFINITIONS("-DROOT_CA_CERTS_DIR=\"${TZ_SYS_SHARE}/ca-certificates/\"") + +ADD_DEFINITIONS("-DCERTSVC_DIR=\"${TZ_SYS_SHARE}/cert-svc/certs/\"") +ADD_DEFINITIONS("-DCERTSVC_PKCS12_STORAGE_DIR=\"${TZ_SYS_SHARE}/cert-svc/pkcs12/\"") +ADD_DEFINITIONS("-DSYSTEM_CERT_DIR=\"${TZ_SYS_ETC}/ssl/certs/\"") +ADD_DEFINITIONS("-DCERTSVC_SSL_CERTS_DIR=\"${TZ_SYS_SHARE}/cert-svc/certs/ssl/\"") CONFIGURE_FILE(cert-svc.pc.in cert-svc.pc @ONLY) CONFIGURE_FILE(cert-svc-vcore.pc.in cert-svc-vcore.pc @ONLY) -INSTALL(TARGETS ${TARGET_CERT_SVC_LIB} DESTINATION ${LIB_INSTALL_DIR} COMPONENT RuntimeLibraries) -INSTALL(PROGRAMS ${TARGET_SIGN_TOOL} DESTINATION ${BINDIR}) INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/cert-svc.pc ${CMAKE_CURRENT_BINARY_DIR}/cert-svc-vcore.pc - DESTINATION ${LIB_INSTALL_DIR}/pkgconfig + DESTINATION ${LIBDIR}/pkgconfig ) -INSTALL(FILES ${PROJECT_SOURCE_DIR}/targetinfo DESTINATION ${TZ_SYS_SHARE}/cert-svc/) -#INSTALL(FILES ${PROJECT_SOURCE_DIR}/res/pin/.pin DESTINATION ${TZ_SYS_SHARE}/cert-svc/pin/) -INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/include/cert-service.h DESTINATION ${INCLUDEDIR}) -# Now we must create empty directory for certificates. -# Without this directories rpm package will fail during build. -#INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty -# DESTINATION ${TZ_SYS_SHARE}/cert-svc/ca-certs/code-signing/native -# FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH -#) -#INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty -# DESTINATION ${TZ_SYS_SHARE}/cert-svc/ca-certs/code-signing/wac -# FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH -#) -INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty - DESTINATION ${TZ_SYS_SHARE}/cert-svc/certs/code-signing/wac - FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH -) -INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty - DESTINATION ${TZ_SYS_SHARE}/cert-svc/certs/code-signing/tizen - FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH -) -IF(TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL) -INSTALL(FILES ${PROJECT_SOURCE_DIR}/res/fota/FOTA_ROOT.cer - DESTINATION ${TZ_SYS_SHARE}/cert-svc/certs/fota -) -ENDIF(TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL) -INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty - DESTINATION ${TZ_SYS_SHARE}/cert-svc/certs/sim/operator - FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH -) -INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty - DESTINATION ${TZ_SYS_SHARE}/cert-svc/certs/sim/thirdparty - FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH -) -INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty - DESTINATION ${TZ_SYS_SHARE}/cert-svc/certs/user - FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH -) -INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty - DESTINATION ${TZ_SYS_SHARE}/cert-svc/certs/trusteduser - FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH -) -INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty - DESTINATION ${TZ_SYS_SHARE}/cert-svc/certs/mdm/security - FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH -) -INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty - DESTINATION ${TZ_SYS_SHARE}/cert-svc/certs/mdm/security/cert - FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH -) -INSTALL(DIRECTORY ${PROJECT_SOURCE_DIR}/etc/empty - DESTINATION ${TZ_SYS_SHARE}/cert-svc/pkcs12 - FILES_MATCHING PATTERN THISPATTERNMUSTNOTMATCH -) +INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/include/cert-service.h DESTINATION ${INCLUDEDIR}) +ADD_SUBDIRECTORY(systemd) +ADD_SUBDIRECTORY(srcs) ADD_SUBDIRECTORY(vcore) ADD_SUBDIRECTORY(etc) +IF (DEFINED CERTSVC_TEST_BUILD) +ADD_SUBDIRECTORY(tests) +ENDIF (DEFINED CERTSVC_TEST_BUILD) diff --git a/cert-svc-vcore.pc.in b/cert-svc-vcore.pc.in index 2523cd4..311e7cb 100644 --- a/cert-svc-vcore.pc.in +++ b/cert-svc-vcore.pc.in @@ -1,12 +1,11 @@ prefix=@PREFIX@ exec_prefix=@EXEC_PREFIX@ -libdir=@LIB_INSTALL_DIR@ -includedir=@INCLUDEDIR@/cert-svc +libdir=@LIBDIR@ +includedir=@INCLUDEDIR@ Name: cert-svc-vcore Description: cert-svc-vcore Version: @VERSION@ -Requires: cert-svc libxml-2.0 libxslt openssl libsoup-2.4 dpl-efl secure-storage xmlsec1 -Libs: -lcert-svc-vcore -L${libdir} -Cflags: -I${includedir} - +Requires: cert-svc libxml-2.0 libxslt openssl libsoup-2.4 secure-storage xmlsec1 db-util +Libs: -L${libdir} -lcert-svc-vcore +Cflags: -I${includedir}/cert-svc diff --git a/cert-svc.pc.in b/cert-svc.pc.in index 1983766..6b0ebd2 100644 --- a/cert-svc.pc.in +++ b/cert-svc.pc.in @@ -1,6 +1,6 @@ prefix=@PREFIX@ exec_prefix=@EXEC_PREFIX@ -libdir=@LIB_INSTALL_DIR@ +libdir=@LIBDIR@ includedir=@INCLUDEDIR@ Name: certification-service diff --git a/etc/CMakeLists.txt b/etc/CMakeLists.txt index 57f93eb..0016057 100644 --- a/etc/CMakeLists.txt +++ b/etc/CMakeLists.txt @@ -2,11 +2,44 @@ SET(ETC_DIR ${PROJECT_SOURCE_DIR}/etc) INSTALL(FILES ${ETC_DIR}/schema.xsd - DESTINATION ${TZ_SYS_SHARE}/cert-svc/schema + DESTINATION ${TZ_SYS_RO_WRT_ENGINE} ) INSTALL(FILES + ${ETC_DIR}/make-ca-certificate.sh + DESTINATION ${TZ_SYS_BIN} + PERMISSIONS OWNER_READ + OWNER_WRITE + OWNER_EXECUTE + ) + + +IF (DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) +INSTALL(FILES ${ETC_DIR}/cert_svc_create_clean_db.sh DESTINATION ${TZ_SYS_BIN} + PERMISSIONS OWNER_READ + OWNER_WRITE + OWNER_EXECUTE + ) + +INSTALL(FILES + ${ETC_DIR}/cert_svc_vcore_db.sql + DESTINATION ${TZ_SYS_SHARE}/cert-svc ) +ENDIF (DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) + +INSTALL(FILES + ${ETC_DIR}/initialize_store_db.sh + ${ETC_DIR}/cert_svc_create_clean_store_db.sh + DESTINATION ${TZ_SYS_BIN} + PERMISSIONS OWNER_READ + OWNER_WRITE + OWNER_EXECUTE + ) + +INSTALL(FILES + ${ETC_DIR}/cert_svc_store_db.sql + DESTINATION ${TZ_SYS_SHARE}/cert-svc + ) diff --git a/etc/cert_svc_create_clean_db.sh b/etc/cert_svc_create_clean_db.sh index e1a8f08..6c4b444 100755 --- a/etc/cert_svc_create_clean_db.sh +++ b/etc/cert_svc_create_clean_db.sh @@ -24,15 +24,12 @@ do SQL=".read ${TZ_SYS_SHARE}/cert-svc/"$name"_db.sql" sqlite3 ${TZ_SYS_DB}/.$name.db "$SQL" touch ${TZ_SYS_DB}/.$name.db-journal - chown root:6026 ${TZ_SYS_DB}/.$name.db - chown root:6026 ${TZ_SYS_DB}/.$name.db-journal - chmod 660 ${TZ_SYS_DB}/.$name.db - chmod 660 ${TZ_SYS_DB}/.$name.db-journal - if [ -f /usr/lib/rpm-plugins/msm.so ] - then - chsmack -a "cert-svc::db" ${TZ_SYS_DB}/.$name.db - chsmack -a "cert-svc::db" ${TZ_SYS_DB}/.$name.db-journal - fi -done + chown system:system ${TZ_SYS_DB}/.$name + chown system:system ${TZ_SYS_DB}/.$name-journal + + chmod 664 ${TZ_SYS_DB}/.$name + chmod 664 ${TZ_SYS_DB}/.$name-journal +done +echo "cert_svc_create_clean_db.sh done" diff --git a/etc/cert_svc_create_clean_store_db.sh b/etc/cert_svc_create_clean_store_db.sh new file mode 100644 index 0000000..d73be31 --- /dev/null +++ b/etc/cert_svc_create_clean_store_db.sh @@ -0,0 +1,38 @@ +#!/bin/sh +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +source /etc/tizen-platform.conf + +DB_PATH=${TZ_SYS_SHARE}/cert-svc/dbspace +name="certs-meta.db" + +rm -f ${DB_PATH}/$name +rm -f ${DB_PATH}/$name-journal + +SQL="PRAGMA journal_mode = PERSIST;" +sqlite3 ${DB_PATH}/$name "$SQL" + +SQL=".read ${TZ_SYS_SHARE}/cert-svc/cert_svc_store_db.sql" +sqlite3 ${DB_PATH}/$name "$SQL" + +touch ${DB_PATH}/$name-journal + +chown system:system ${DB_PATH}/$name +chown system:system ${DB_PATH}/$name-journal + +chmod 664 ${DB_PATH}/$name +chmod 664 ${DB_PATH}/$name-journal + +echo "cert_svc_create_clean_store_db.sh done" diff --git a/etc/cert_svc_store_db.sql b/etc/cert_svc_store_db.sql new file mode 100644 index 0000000..1810c3c --- /dev/null +++ b/etc/cert_svc_store_db.sql @@ -0,0 +1,47 @@ + +PRAGMA foreign_keys = ON; + +BEGIN TRANSACTION; + +CREATE TABLE ssl ( + gname TEXT not null, + certificate TEXT not null, + file_hash TEXT not null, + subject_hash TEXT not null, + common_name TEXT not null, + enabled INT not null, + is_root_app_enabled INT not null); + +CREATE TABLE wifi ( + gname TEXT PRIMARY KEY not null, + common_name TEXT not null, + private_key_gname TEXT, + associated_gname TEXT, + is_root_cert INT, + enabled INT not null, + is_root_app_enabled INT not null); + +CREATE TABLE vpn ( + gname TEXT PRIMARY KEY not null, + common_name TEXT not null, + private_key_gname TEXT, + associated_gname TEXT, + is_root_cert INT, + enabled INT not null, + is_root_app_enabled INT not null); + +CREATE TABLE email ( + gname TEXT PRIMARY KEY not null, + common_name TEXT not null, + private_key_gname TEXT, + associated_gname TEXT, + is_root_cert INT, + enabled INT not null, + is_root_app_enabled INT not null); + +CREATE TABLE disabled_certs ( + gname TEXT PRIMARY KEY not null, + certificate TEXT not null); + +COMMIT; + diff --git a/vcore/cert_svc_vcore_db.sql b/etc/cert_svc_vcore_db.sql index b1254c1..b1254c1 100644 --- a/vcore/cert_svc_vcore_db.sql +++ b/etc/cert_svc_vcore_db.sql diff --git a/etc/initialize_store_db.sh b/etc/initialize_store_db.sh new file mode 100644 index 0000000..2f77179 --- /dev/null +++ b/etc/initialize_store_db.sh @@ -0,0 +1,57 @@ +#!/bin/bash +source /etc/tizen-platform.conf + +ROOT_CERT_SQL=${TZ_SYS_SHARE}/cert-svc/root-cert.sql +CERT_LIST_CRT=${TZ_SYS_SHARE}/cert-svc/ca-certificate.crt + +MOZILLA_SSL_DIRECTORY=${TZ_SYS_SHARE}/ca-certificates/mozilla +TIZEN_SSL_DIRECTORY=${TZ_SYS_SHARE}/ca-certificates/tizen + +function initialize_store_in_dir { + for i in `find $1/* -name '*'` + do + cert=`openssl x509 -in $i` + echo $cert >> ${CERT_LIST_CRT} + echo >> ${CERT_LIST_CRT} + + gname=`echo $i | cut -f 6 -d '/'` + filehash=`openssl x509 -in $i -hash -noout` + subjecthash=`openssl x509 -in $i -subject_hash_old -noout` + + commonname=`openssl x509 -in $i -subject -noout -nameopt multiline | grep commonName | cut -f 2 -d =` + if [[ $commonname == "" ]]; then + commonname=`openssl x509 -in $i -subject -noout -nameopt multiline | grep organizationUnitName | cut -f 2 -d =` + fi + if [[ $commonname == "" ]]; then + commonname=`openssl x509 -in $i -subject -noout -nameopt multiline | grep organizationName | cut -f 2 -d =` + fi + if [[ $commonname == "" ]]; then + commonname=`openssl x509 -in $i -subject -noout -nameopt multiline | grep emailAddress | cut -f 2 -d =` + fi + + commonname=${commonname:1} # cut first whitespace + + echo "INSERT INTO ssl (gname, certificate, file_hash, subject_hash, common_name, enabled, is_root_app_enabled) values (\"$gname\", \"$cert\", \"$filehash\", \"$subjecthash\", \"$commonname\", 1, 1);" >> ${ROOT_CERT_SQL} + done +} + +if [[ -e $ROOT_CERT_SQL ]] +then + rm $ROOT_CERT_SQL +fi + +if [[ -e $CERT_LIST_CRT ]] +then + rm $CERT_LIST_CRT +fi + +touch $ROOT_CERT_SQL +touch $CERT_LIST_CRT + +initialize_store_in_dir $MOZILLA_SSL_DIRECTORY +initialize_store_in_dir $TIZEN_SSL_DIRECTORY + +chown system:system ${CERT_LIST_CRT} +chmod 644 ${CERT_LIST_CRT} + +echo "initialize_store_db.sh done" diff --git a/etc/make-ca-certificate.sh b/etc/make-ca-certificate.sh new file mode 100755 index 0000000..9bd2c60 --- /dev/null +++ b/etc/make-ca-certificate.sh @@ -0,0 +1,29 @@ +#!/bin/bash +source /etc/tizen-platform.conf + +MOZILLA_SSL_DIRECTORY=${TZ_SYS_SHARE}/ca-certificates/mozilla +TIZEN_SSL_DIRECTORY=${TZ_SYS_SHARE}/ca-certificates/tizen + +CRT_PATH=${TZ_SYS_SHARE}/cert-svc/ca-certificate.crt + +function append_to_crt_file { + for i in `find $1/* -name '*'` + do + openssl x509 -in $i -outform PEM >> $CRT_PATH + done +} + +if [ -e $CRT_PATH ] +then + rm $CRT_PATH +fi + +touch $CRT_PATH + +append_to_crt_file $MOZILLA_SSL_DIRECTORY +append_to_crt_file $TIZEN_SSL_DIRECTORY + +chown system:system ${CRT_PATH} +chmod 644 ${CRT_PATH} + +echo "make-ca-certificate.sh done" diff --git a/include/cert-service-debug.h b/include/cert-service-debug.h index 3755894..d18d475 100644 --- a/include/cert-service-debug.h +++ b/include/cert-service-debug.h @@ -30,27 +30,12 @@ extern "C" { /*********************************************************************************/ /* Logging */ /*********************************************************************************/ -#ifdef CERT_SVC_LOG +#ifdef LOG_TAG +#undef LOG_TAG +#endif #define LOG_TAG "CERT_SVC" -#include <dlog.h> - -#elif CERT_SVC_LOG_CONSOLE -#define SLOGV(FMT, ARG ...) fprintf(stderr, FMT, ##ARG) -#define SLOGD(FMT, ARG ...) fprintf(stderr, FMT, ##ARG) -#define SLOGI(FMT, ARG ...) fprintf(stderr, FMT, ##ARG) -#define SLOGE(FMT, ARG ...) fprintf(stderr, FMT, ##ARG) -#define SLOGW(FMT, ARG ...) fprintf(stderr, FMT, ##ARG) -#define SLOGF(FMT, ARG ...) fprintf(stderr, FMT, ##ARG) -#else -#define SLOGV(FMT, ARG ...) {} -#define SLOGD(FMT, ARG ...) {} -#define SLOGI(FMT, ARG ...) {} -#define SLOGE(FMT, ARG ...) {} -#define SLOGW(FMT, ARG ...) {} -#define SLOGF(FMT, ARG ...) {} - -#endif +#include <dlog.h> #ifdef __cplusplus } diff --git a/include/cert-service-process.h b/include/cert-service-process.h index 86658ae..1026a3d 100644 --- a/include/cert-service-process.h +++ b/include/cert-service-process.h @@ -1,7 +1,7 @@ /* * certification service * - * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved * * Contact: Kidong Kim <kd0228.kim@samsung.com> * @@ -39,23 +39,10 @@ struct cert_svc_inode_set; /* Variable definitions */ /*********************************************************************************/ int parse_name_fld_data(unsigned char* str, cert_svc_name_fld_data* fld); -int parse_time_fld_data(unsigned char* before, unsigned char* after, cert_svc_validity_fld_data* fld); -int _parse_name_fld_data(unsigned char* str, cert_svc_name_fld_data* fld); int search_data_field(search_field fldName, char* fldData, cert_svc_cert_descriptor* certDesc); int get_filelist_recur(char* dirName, cert_svc_filename_list* fileNames, struct cert_svc_inode_set *visited); -int get_all_certificates(cert_svc_filename_list** allCerts); -int sort_cert_chain(cert_svc_linked_list** unsorted, cert_svc_linked_list** sorted); -cert_svc_linked_list* find_issuer_from_list(cert_svc_linked_list* list, cert_svc_linked_list* p); - -int is_CACert(cert_svc_mem_buff* cert, int* isCA); -int compare_period(int year, int month, int day, int hour, int min, int sec, struct tm* tm); -int is_expired(cert_svc_mem_buff* cert, int* isExpired); -int VerifyCallbackfunc(int ok, X509_STORE_CTX* store); -int _get_all_certificates(char* const *paths, cert_svc_filename_list **lst); - -int _verify_certificate(cert_svc_mem_buff* certBuf, cert_svc_linked_list** certList, cert_svc_filename_list* fileNames, int* validity); int _verify_certificate_with_caflag(cert_svc_mem_buff* certBuf, cert_svc_linked_list** certList, int checkCaFlag, cert_svc_filename_list* fileNames, int* validity); int _verify_signature(cert_svc_mem_buff* certBuf, unsigned char* message, int msgLen, unsigned char* signature, char* algo, int* validity); int _extract_certificate_data(cert_svc_mem_buff* cert, cert_svc_cert_descriptor* certDesc); @@ -63,7 +50,6 @@ int _search_certificate(cert_svc_filename_list** fileNames, search_field fldName #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL int _check_ocsp_status(cert_svc_mem_buff* cert, cert_svc_linked_list** certList, const char* uri); #endif -int _remove_selfsigned_cert_in_chain(cert_svc_linked_list** certList); int release_certificate_buf(cert_svc_mem_buff* certBuf); int release_certificate_data(cert_svc_cert_descriptor* certDesc); @@ -71,6 +57,7 @@ int release_cert_list(cert_svc_linked_list* certList); int release_filename_list(cert_svc_filename_list* fileNames); int get_visibility(CERT_CONTEXT* context, int* visibility); +int get_certificate_type(CERT_CONTEXT* context, int* cert_type); #ifdef __cplusplus } diff --git a/include/cert-service-util.h b/include/cert-service-util.h index 99d75af..f9dc26c 100644..100755 --- a/include/cert-service-util.h +++ b/include/cert-service-util.h @@ -42,11 +42,15 @@ int cert_svc_util_get_file_size(const char* filepath, unsigned long int* length) int cert_svc_util_load_file_to_buffer(const char* filePath, cert_svc_mem_buff* certBuf); int cert_svc_util_load_PFX_file_to_buffer(const char* filePath, cert_svc_mem_buff* certBuf, cert_svc_linked_list** certLink, unsigned char** privateKey, int* priKeyLen, char* passPhrase); int cert_svc_util_get_cert_path(const char* fileName, const char* location, char* retBuf); -int cert_svc_util_base64_encode(char* in, int inLen, char* out, int* outLen); -int cert_svc_util_base64_decode(char* in, int inLen, char* out, int* outLen); +int cert_svc_util_base64_encode(const unsigned char* in, int inLen, unsigned char* out, int* outLen); +int cert_svc_util_base64_decode(const unsigned char* in, int inLen, unsigned char* out, int* outLen); int cert_svc_util_get_extension(const char* filePath, cert_svc_mem_buff* certBuf); int push_cert_into_linked_list(cert_svc_linked_list** certLink, X509* popedCert); int get_visibility_by_fingerprint(const char* fingerprint, int* visibility); +int get_visibility_by_certificate(const unsigned char* cert_data, int data_len, int* visibility); +int get_type_by_fingerprint(const char* fingerprint, int* cert_type); +int get_certificate_fingerprint(const unsigned char *cert, int cert_size, char** fingerprint); + #ifdef __cplusplus } #endif // __cplusplus diff --git a/include/cert-service.h b/include/cert-service.h index 352eb1d..36c44fe 100644..100755 --- a/include/cert-service.h +++ b/include/cert-service.h @@ -23,8 +23,6 @@ #ifndef CERT_SERVICE_H #define CERT_SERVICE_H -#include <tzplatform_config.h> - #ifdef __cplusplus extern "C" { #endif // __cplusplus @@ -64,11 +62,12 @@ extern "C" { #define CERT_SVC_ERR_OCSP_INTERNAL -23 #define CERT_SVC_ERR_OCSP_REMOTE -24 #endif -/* default certificate file path */ -#define CERT_SVC_STORE_PATH tzplatform_mkpath(TZ_SYS_SHARE, "cert-svc/certs/") -#define CERT_SVC_STORE_PATH_DEFAULT tzplatform_mkpath(TZ_SYS_SHARE, "cert-svc/certs/ssl/") -#define CERT_SVC_SEARCH_PATH_RO tzplatform_mkpath(TZ_SYS_SHARE, "ca-certificates/tizen/") -#define CERT_SVC_SEARCH_PATH_RW tzplatform_mkpath(TZ_SYS_SHARE, "cert-svc/certs/") + +#define CERT_SVC_ERR_INVALID_NO_DEVICE_PROFILE -25 +#define CERT_SVC_ERR_INVALID_DEVICE_UNIQUE_ID -26 +#define CERT_SVC_ERR_INVALID_SDK_DEFAULT_AUTHOR_CERT -27 +#define CERT_SVC_ERR_IN_DISTRIBUTOR_CASE_AUTHOR_CERT -28 +#define CERT_SVC_ERR_IN_AUTHOR_CASE_DISTRIBUTOR_CERT -29 /*********************************************************************************/ /* Type definitions */ @@ -96,8 +95,6 @@ typedef enum { typedef enum cert_svc_visibility_t { CERT_SVC_VISIBILITY_DEVELOPER = 1, - CERT_SVC_VISIBILITY_TEST = 1 << 1, - CERT_SVC_VISIBILITY_VERIFY = 1 << 2, CERT_SVC_VISIBILITY_PUBLIC = 1 << 6, CERT_SVC_VISIBILITY_PARTNER = 1 << 7, CERT_SVC_VISIBILITY_PARTNER_OPERATOR = 1 << 8, @@ -105,6 +102,13 @@ typedef enum cert_svc_visibility_t { CERT_SVC_VISIBILITY_PLATFORM = 1 << 10 } cert_svc_visibility; +typedef enum cert_svc_type_t { + CERT_SVC_TYPE_NO_TYPE = 0, + CERT_SVC_TYPE_TEST = 1 << 1, + CERT_SVC_TYPE_VERIFY = 1 << 2, + CERT_SVC_TYPE_STORE = 1 << 3 +} cert_svc_type; + typedef struct { unsigned int firstSecond; unsigned int firstMinute; @@ -204,6 +208,7 @@ int cert_svc_push_file_into_context(CERT_CONTEXT* ctx, const char* filePath); int cert_svc_add_certificate_to_store(const char* filePath, const char* location); int cert_svc_delete_certificate_from_store(const char* fileName, const char* location); int cert_svc_verify_certificate(CERT_CONTEXT* ctx, int* validity); +int cert_svc_verify_package_certificate(CERT_CONTEXT* ctx, int* validity, const char* signatureFile); int cert_svc_verify_certificate_with_caflag(CERT_CONTEXT* ctx, int* validity); int cert_svc_verify_signature(CERT_CONTEXT* ctx, unsigned char* message, int msgLen, unsigned char* signature, char* algo, int* validity); int cert_svc_extract_certificate_data(CERT_CONTEXT* ctx); @@ -211,10 +216,14 @@ int cert_svc_search_certificate(CERT_CONTEXT* ctx, search_field fldName, char* f int cert_svc_get_visibility(CERT_CONTEXT* ctx, int* visibility); int cert_svc_get_visibility_by_root_certificate(const char* cert_data, int data_len, int* visibility); + #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL int cert_svc_check_ocsp_status(CERT_CONTEXT* ctx, const char* uri); #endif char* cert_svc_get_certificate_crt_file_path(void); + +int cert_svc_util_parse_name_fld_data(unsigned char* str, cert_svc_name_fld_data* fld); + #ifdef __cplusplus } #endif // __cplusplus diff --git a/make_cert.sh b/make_cert.sh deleted file mode 100755 index 0dc47f0..0000000 --- a/make_cert.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/sh - -CA_keyname=$3 -CA_certname=$4 -SDK_keyname=$1 -SDK_certreqname=SDK.csr -SDK_certname=$2 - -echo "*** parameter test ***" -echo "\$1 = "$1 -echo "\$2 = "$2 -echo "\$3 = "$3 -echo "\$4 = "$4 -echo "\$5 = "$5 - -if [ $# -le 4 ] -then - echo "[ERR] Check your input argument" - echo "num of args" $# - exit 1 -fi - -echo "*** pre-requirement ***" -mkdir ./demoCA -touch ./demoCA/serial -echo "00" > ./demoCA/serial -touch ./demoCA/index.txt - -echo "*** make key pair for SDK ***" -openssl genrsa -out ${SDK_keyname} 1024 - -echo "*** make certificate request ***" -openssl req -new -days 3650 -key ${SDK_keyname} -out ${SDK_certreqname} \ --subj '/C=KR/ST=Kyung-gi do/L=SuWon-si/O=Samsung/OU=DMC/CN='$5 - - -echo "*** make SDK cert ***" -openssl ca -in ${SDK_certreqname} -out ${SDK_certname} -keyfile ${CA_keyname} -cert ${CA_certname} -outdir . << EOF -y -y -EOF - -echo "*** remove temporary files ***" -rm -f ${SDK_certreqname} -rm -f *.pem -rm -rf ./demoCA diff --git a/packaging/cert-svc.changes b/packaging/cert-svc.changes deleted file mode 100644 index 3244810..0000000 --- a/packaging/cert-svc.changes +++ /dev/null @@ -1,6 +0,0 @@ -* Fri Jul 12 2013 Patrick McCarty <patrick.mccarty@linux.intel.com> 0ec2117 -- Fix the manifest installation - -* Tue Jun 04 2013 Xavier Roche <xavrock.os@gmail.com> accepted/tizen/20130520.101205@65f9420 -- Fix lib var path for x64 build - diff --git a/packaging/cert-svc.manifest b/packaging/cert-svc.manifest index 017d22d..a76fdba 100644 --- a/packaging/cert-svc.manifest +++ b/packaging/cert-svc.manifest @@ -1,5 +1,5 @@ <manifest> - <request> - <domain name="_"/> - </request> + <request> + <domain name="_" /> + </request> </manifest> diff --git a/packaging/cert-svc.spec b/packaging/cert-svc.spec index a3bb852..12e8d6f 100644 --- a/packaging/cert-svc.spec +++ b/packaging/cert-svc.spec @@ -1,26 +1,40 @@ +%define certsvc_feature_ocsp_crl 0 +%define certsvc_test_build 0 + Name: cert-svc Summary: Certification service Version: 1.0.1 Release: 45 -Group: System/Libraries +Group: Security/Libraries License: Apache-2.0 Source0: %{name}-%{version}.tar.gz Source1001: %{name}.manifest +Requires(post): findutils BuildRequires: cmake BuildRequires: pkgconfig(dlog) BuildRequires: pkgconfig(openssl) -BuildRequires: pkgconfig(dpl-efl) -BuildRequires: pkgconfig(libsoup-2.4) -BuildRequires: pkgconfig(libpcre) BuildRequires: pkgconfig(libpcrecpp) BuildRequires: pkgconfig(xmlsec1) -BuildRequires: pkgconfig(secure-storage) BuildRequires: pkgconfig(glib-2.0) BuildRequires: pkgconfig(libxml-2.0) BuildRequires: pkgconfig(libxslt) +BuildRequires: pkgconfig(icu-i18n) +BuildRequires: pkgconfig(libsoup-2.4) +BuildRequires: pkgconfig(db-util) +BuildRequires: pkgconfig(libsystemd-daemon) +BuildRequires: pkgconfig(key-manager) +BuildRequires: pkgconfig(secure-storage) BuildRequires: pkgconfig(libtzplatform-config) +BuildRequires: boost-devel +%if 0%{?certsvc_feature_ocsp_crl} +BuildRequires: pkgconfig(vconf) +BuildRequires: pkgconfig(sqlite3) +%endif +Requires: pkgconfig(libtzplatform-config) +Requires: ca-certificates-tizen +Requires: ca-certificates-mozilla Requires: ca-certificates -Requires: libtzplatform-config +Requires: openssl %description Certification service @@ -33,43 +47,105 @@ Requires: %{name} = %{version}-%{release} %description devel Certification service (development files) +%if 0%{?certsvc_test_build} +%package test +Summary: Certification service (tests) +Group: Security/Testing +BuildRequires: pkgconfig(dpl-test-efl) +Requires: boost-devel +Requires: ca-certificates-tizen +Requires: %{name} = %{version}-%{release} + +%description test +Certification service (tests) +%endif + %prep %setup -q -cp %{SOURCE1001} . +cp -a %{SOURCE1001} . %build +export CFLAGS="$CFLAGS -DTIZEN_DEBUG_ENABLE" +export CXXFLAGS="$CXXFLAGS -DTIZEN_DEBUG_ENABLE" +export FFLAGS="$FFLAGS -DTIZEN_DEBUG_ENABLE" + +export CFLAGS="$CFLAGS -DTIZEN_ENGINEER_MODE" +export CXXFLAGS="$CXXFLAGS -DTIZEN_ENGINEER_MODE" +export FFLAGS="$FFLAGS -DTIZEN_ENGINEER_MODE" + +%ifarch %{ix86} +export CFLAGS="$CFLAGS -DTIZEN_EMULATOR_MODE" +export CXXFLAGS="$CXXFLAGS -DTIZEN_EMULATOR_MODE" +export FFLAGS="$FFLAGS -DTIZEN_EMULATOR_MODE" +%endif + %{!?build_type:%define build_type "Release"} -%cmake . -DPREFIX=%{_prefix} \ +cmake . -DPREFIX=%{_prefix} \ -DEXEC_PREFIX=%{_exec_prefix} \ + -DLIBDIR=%{_libdir} \ -DBINDIR=%{_bindir} \ -DINCLUDEDIR=%{_includedir} \ - -DCMAKE_BUILD_TYPE=%{build_type} \ -DTZ_SYS_SHARE=%TZ_SYS_SHARE \ - -DTZ_SYS_BIN=%TZ_SYS_BIN + -DTZ_SYS_BIN=%TZ_SYS_BIN \ + -DTZ_SYS_ETC=%TZ_SYS_ETC \ + -DTZ_SYS_RO_WRT_ENGINE=%TZ_SYS_RO_WRT_ENGINE \ + -DTZ_SYS_DB=%TZ_SYS_DB \ +%if 0%{?certsvc_feature_ocsp_crl} + -DTIZEN_FEAT_CERTSVC_OCSP_CRL=1 \ +%endif +%if 0%{?certsvc_test_build} + -DCERTSVC_TEST_BUILD=1 \ + -DTZ_SYS_RO_APP=%TZ_SYS_RO_APP \ +%endif + -DCMAKE_BUILD_TYPE=%{build_type} \ + -DSYSTEMD_UNIT_DIR=%{_unitdir} make %{?jobs:-j%jobs} %install rm -rf %{buildroot} mkdir -p %{buildroot}%{TZ_SYS_SHARE}/license -cp LICENSE.APLv2 %{buildroot}%{TZ_SYS_SHARE}/license/%{name} +cp LICENSE %{buildroot}%{TZ_SYS_SHARE}/license/%{name} + +mkdir -p %{buildroot}%{TZ_SYS_SHARE}/cert-svc/certs/user +mkdir -p %{buildroot}%{TZ_SYS_SHARE}/cert-svc/certs/trusteduser +mkdir -p %{buildroot}%{TZ_SYS_SHARE}/cert-svc/pkcs12 +mkdir -p %{buildroot}%{TZ_SYS_SHARE}/cert-svc/dbspace + %make_install +mkdir -p %{buildroot}%{_unitdir}/multi-user.target.wants +mkdir -p %{buildroot}%{_unitdir}/sockets.target.wants +ln -s ../cert-server.service %{buildroot}%{_unitdir}/multi-user.target.wants/ +ln -s ../cert-server.socket %{buildroot}%{_unitdir}/sockets.target.wants/ + ln -sf %{TZ_SYS_ETC}/ssl/certs %{buildroot}%{TZ_SYS_SHARE}/cert-svc/certs/ssl -touch %{buildroot}%{TZ_SYS_SHARE}/cert-svc/pkcs12/storage -chmod 766 %{buildroot}%{TZ_SYS_SHARE}/cert-svc/pkcs12/storage %clean rm -rf %{buildroot} +%preun +if [ $1 == 0 ]; then + systemctl stop cert-server.service +fi + %post /sbin/ldconfig -%if 0%{?tizen_feature_certsvc_ocsp_crl} +systemctl daemon-reload +if [ $1 == 1 ]; then + systemctl restart cert-server.service +fi + +echo "make ca-certificate.crt" +%{TZ_SYS_BIN}/make-ca-certificate.sh +rm %{TZ_SYS_BIN}/make-ca-certificate.sh + +echo "create .cert_svc_vcore.db" +%if 0%{?certsvc_feature_ocsp_crl} if [ -z ${2} ]; then - echo "This is new install of wrt-security" - echo "Calling %{TZ_SYS_BIN}/cert_svc_create_clean_db.sh" + echo "This is new install of cert-svc" %{TZ_SYS_BIN}/cert_svc_create_clean_db.sh else - # Find out old and new version of databases + echo "Find out old and new version of databases" VCORE_OLD_DB_VERSION=`sqlite3 %{TZ_SYS_DB}/.cert_svc_vcore.db ".tables" | grep "DB_VERSION_"` VCORE_NEW_DB_VERSION=`cat %{TZ_SYS_SHARE}/cert-svc/cert_svc_vcore_db.sql | tr '[:blank:]' '\n' | grep DB_VERSION_` echo "OLD vcore database version ${VCORE_OLD_DB_VERSION}" @@ -79,59 +155,92 @@ else if [ ${VCORE_OLD_DB_VERSION} = ${VCORE_NEW_DB_VERSION} ]; then echo "Equal database detected so db installation ignored" else - echo "Calling %{TZ_SYS_BIN}/cert_svc_create_clean_db.sh" + echo "Calling /usr/bin/cert_svc_create_clean_db.sh" %{TZ_SYS_BIN}/cert_svc_create_clean_db.sh fi else - echo "Calling %{TZ_SYS_BIN}/cert_svc_create_clean_db.sh" + echo "Calling /usr/bin/cert_svc_create_clean_db.sh" %{TZ_SYS_BIN}/cert_svc_create_clean_db.sh fi fi +rm %{TZ_SYS_SHARE}/cert-svc/cert_svc_vcore_db.sql +rm %{TZ_SYS_BIN}/cert_svc_create_clean_db.sh +%endif + +echo "create certs-meta.db" +rm -rf %{TZ_SYS_SHARE}/cert-svc/dbspace/certs-meta.db +%{TZ_SYS_BIN}/cert_svc_create_clean_store_db.sh %{TZ_SYS_SHARE}/cert-svc/cert_svc_store_db.sql +%{TZ_SYS_BIN}/initialize_store_db.sh +if [[ -e %{TZ_SYS_SHARE}/cert-svc/dbspace/certs-meta.db ]]; then + cat %{TZ_SYS_SHARE}/cert-svc/root-cert.sql | sqlite3 %{TZ_SYS_SHARE}/cert-svc/dbspace/certs-meta.db +fi +rm %{TZ_SYS_SHARE}/cert-svc/cert_svc_store_db.sql +rm %{TZ_SYS_SHARE}/cert-svc/root-cert.sql +rm %{TZ_SYS_BIN}/cert_svc_create_clean_store_db.sh +rm %{TZ_SYS_BIN}/initialize_store_db.sh -chsmack -a 'User' %{TZ_SYS_DB}/.cert_svc_vcore.db* -%endif #tizen_feature_certsvc_ocsp_crl %postun /sbin/ldconfig %files - -%defattr(-,root,root,-) +%defattr(644,system,system,755) %manifest %{name}.manifest -%attr(0755,root,root) %{TZ_SYS_BIN}/cert_svc_create_clean_db.sh -%{_libdir}/*.so.* -#%{_bindir}/dpkg-pki-sig -%{TZ_SYS_SHARE}/cert-svc/targetinfo -%if 0%{?tizen_feature_certsvc_ocsp_crl} -%{TZ_SYS_SHARE}/cert-svc/cert_svc_vcore_db.sql -%endif -%{TZ_SYS_SHARE}/license/%{name} -%{TZ_SYS_SHARE}/cert-svc/schema/schema.xsd -%dir %attr(0755,root,use_cert) %{TZ_SYS_SHARE}/cert-svc -%dir %attr(0775,root,use_cert) %{TZ_SYS_SHARE}/cert-svc -%dir %attr(0775,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/certs -%dir %attr(0775,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/certs/sim -%dir %attr(0775,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/certs/sim/operator -%dir %attr(0775,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/certs/sim/thirdparty -%dir %attr(0777,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/certs/user -%dir %attr(0777,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/certs/trusteduser -%dir %attr(0775,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/certs/mdm -%dir %attr(0775,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/certs/mdm/security -%dir %attr(0775,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/certs/mdm/security/cert -%dir %attr(0777,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/pkcs12 -#%{TZ_SYS_SHARE}/cert-svc/pin/.pin -%{TZ_SYS_SHARE}/cert-svc/certs/ssl -%{TZ_SYS_SHARE}/cert-svc/pkcs12/storage -#%dir %attr(0700, root, root) %{TZ_SYS_SHARE}/cert-svc/pin -%if 0%{?tizen_feature_certsvc_ocsp_crl} -%attr(0755,root,use_cert) %{TZ_SYS_SHARE}/cert-svc/certs/fota/* +# Read only files install as root +%attr(755,root,root) %{TZ_SYS_BIN}/cert-server +%attr(644,root,root) %{_unitdir}/cert-server.service +%attr(644,root,root) %{_unitdir}/cert-server.socket +%attr(777,root,root) %{_unitdir}/multi-user.target.wants/cert-server.service +%attr(777,root,root) %{_unitdir}/sockets.target.wants/cert-server.socket +%attr(755,root,root) %{_libdir}/libcert-svc.so.* +%attr(755,root,root) %{_libdir}/libcert-svc-vcore.so.* +%attr(644,root,root) %{TZ_SYS_SHARE}/license/%{name} +%attr(644,root,root) %{TZ_SYS_RO_WRT_ENGINE}/schema.xsd +%attr(644,root,root) %{TZ_SYS_SHARE}/cert-svc/cert_svc_store_db.sql +%attr(755,root,root) %{TZ_SYS_BIN}/cert_svc_create_clean_store_db.sh +%attr(755,root,root) %{TZ_SYS_BIN}/make-ca-certificate.sh +%attr(755,root,root) %{TZ_SYS_BIN}/initialize_store_db.sh + +%if 0%{?certsvc_feature_ocsp_crl} +%attr(644,root,root) %{TZ_SYS_SHARE}/cert-svc/cert_svc_vcore_db.sql +%attr(755,root,root) %{TZ_SYS_BIN}/cert_svc_create_clean_db.sh %endif -#%{TZ_SYS_SHARE}/cert-svc/pin/.pin + +# Resource files install as system +%{TZ_SYS_SHARE}/cert-svc/certs/user +%{TZ_SYS_SHARE}/cert-svc/certs/trusteduser +%{TZ_SYS_SHARE}/cert-svc/pkcs12 +%{TZ_SYS_SHARE}/cert-svc/dbspace %{TZ_SYS_SHARE}/cert-svc/certs/ssl -%{TZ_SYS_SHARE}/cert-svc/pkcs12/storage + %files devel -%manifest %{name}.manifest %defattr(-,root,root,-) %{_includedir}/* %{_libdir}/pkgconfig/* -%{_libdir}/*.so +%{_libdir}/libcert-svc.so +%{_libdir}/libcert-svc-vcore.so + +%if 0%{?certsvc_test_build} +%files test +%defattr(644,system,system,755) +%attr(755,root,root) %{TZ_SYS_BIN}/cert-svc-test* +%{TZ_SYS_RO_APP}/widget/tests/vcore_widget_uncompressed/* +%{TZ_SYS_RO_APP}/widget/tests/vcore_widget_uncompressed_negative_hash/* +%{TZ_SYS_RO_APP}/widget/tests/vcore_widget_uncompressed_negative_signature/* +%{TZ_SYS_RO_APP}/widget/tests/vcore_widget_uncompressed_negative_certificate/* +%{TZ_SYS_RO_APP}/widget/tests/vcore_widget_uncompressed_partner/* +%{TZ_SYS_RO_APP}/widget/tests/vcore_widget_uncompressed_partner_operator/* +%{TZ_SYS_RO_APP}/widget/tests/vcore_keys/* +%{TZ_SYS_RO_APP}/widget/tests/vcore_certs/* +%{TZ_SYS_RO_APP}/widget/tests/vcore_config/* +%{TZ_SYS_RO_APP}/widget/tests/pkcs12/* +%{TZ_SYS_RO_APP}/widget/tests/reference/* +%{TZ_SYS_ETC}/ssl/certs/8956b9bc.0 +%{TZ_SYS_SHARE}/ca-certificates/wac/root_cacert0.pem +%{TZ_SYS_SHARE}/cert-svc/pkcs12/* +%{TZ_SYS_SHARE}/cert-svc/cert-type/* +%{TZ_SYS_SHARE}/cert-svc/tests/orig_c/data/caflag/* +%{TZ_SYS_SHARE}/cert-svc/certs/root_ca*.der +%{TZ_SYS_SHARE}/cert-svc/certs/second_ca*.der +%{TZ_SYS_SHARE}/cert-svc/tests/* +%endif diff --git a/srcs/CMakeLists.txt b/srcs/CMakeLists.txt new file mode 100644 index 0000000..6632d95 --- /dev/null +++ b/srcs/CMakeLists.txt @@ -0,0 +1,44 @@ +# compiler warning flags +ADD_DEFINITIONS("-Wall") +ADD_DEFINITIONS("-Wextra") +ADD_DEFINITIONS("-Werror") + +PKG_CHECK_MODULES(CERT_SVC_DEP + REQUIRED + openssl + dlog + glib-2.0 + libxml-2.0 + secure-storage + ) + +SET(CERT_SVC_PATH ${CMAKE_CURRENT_SOURCE_DIR}) + +SET(CERT_SVC_SOURCES + ${CERT_SVC_PATH}/cert-service.c + ${CERT_SVC_PATH}/cert-service-util.c + ${CERT_SVC_PATH}/cert-service-store.c + ${CERT_SVC_PATH}/cert-service-process.c + ) + +INCLUDE_DIRECTORIES( + SYSTEM + ${CERT_SVC_DEP_INCLUDE_DIRS} + ${PROJECT_SOURCE_DIR}/include + ) + +ADD_LIBRARY(${TARGET_CERT_SVC_LIB} SHARED ${CERT_SVC_SOURCES}) + +SET_TARGET_PROPERTIES( + ${TARGET_CERT_SVC_LIB} + PROPERTIES + COMPILE_FLAGS "-D_GNU_SOURCE -fPIC -fvisibility=hidden" + SOVERSION ${SO_VERSION} + VERSION ${VERSION} + ) + +TARGET_LINK_LIBRARIES(${TARGET_CERT_SVC_LIB} + ${CERT_SVC_DEP_LIBRARIES} + ) + +INSTALL(TARGETS ${TARGET_CERT_SVC_LIB} DESTINATION ${LIBDIR}) diff --git a/srcs/cert-service-process.c b/srcs/cert-service-process.c index 5d62ac4..c893a8f 100644 --- a/srcs/cert-service-process.c +++ b/srcs/cert-service-process.c @@ -19,7 +19,6 @@ * */ -#include <stdio.h> #include <string.h> #include <stdlib.h> #include <dirent.h> @@ -40,6 +39,7 @@ #define get_ASN1_OBJECT(x) OBJ_nid2ln(OBJ_obj2nid((x))) #define get_X509_NAME(x) X509_NAME_oneline((x), NULL, 0) + struct verify_context { int depth; }; @@ -50,7 +50,6 @@ typedef struct { int len; } name_field; -int _check_certificate_author(cert_svc_mem_buff* first, cert_svc_mem_buff* second); static unsigned char** __get_field_by_tag(unsigned char* str, int *tag_len, cert_svc_name_fld_data* fld) { const struct { @@ -107,110 +106,6 @@ int parse_name_fld_data(unsigned char* str, cert_svc_name_fld_data* fld) prev_field = field; } } -// SLOGD("! %s, %s, %s, %s, %s, %s, %s\n", fld->countryName, fld->stateOrProvinceName, fld->localityName, fld->organizationName, fld->organizationUnitName, fld->commonName, fld->emailAddress); - return ret; -} - -int _parse_name_fld_data(unsigned char* str, cert_svc_name_fld_data* fld) -{ - int ret = CERT_SVC_ERR_NO_ERROR; - int i = 0, j = 0, last = -1; - char* tmpAddr = NULL; - name_field tmpFld[7] = { - {"/C=", NULL, 0}, - {"/ST=", NULL, 0}, - {"/L=", NULL, 0}, - {"/O=", NULL, 0}, - {"/OU=", NULL, 0}, - {"/CN=", NULL, 0}, - {"/emailAddress=", NULL, 0} - }; - - for(i = 0; i < 7; i++) { - if((tmpAddr = strstr((const char*)str, (const char*)(tmpFld[i].unitName))) != NULL) - tmpFld[i].address = tmpAddr; - else - tmpFld[i].address = NULL; - } - - for(i = 0; i < 6; i++) { - if(tmpFld[i].address != NULL) { - for(j = i + 1; j < 7; j++) { - if(tmpFld[j].address != NULL) { - last = j; - tmpFld[i].len = (int)(tmpFld[j].address) - (int)(tmpFld[i].address) - strlen((const char*)(tmpFld[i].unitName)); - break; - } - } - } - } - tmpFld[last].len = strlen((const char*)str) - ((int)(tmpFld[last].address) - (int)str) - strlen((const char*)(tmpFld[last].unitName)); - - if(tmpFld[0].address != NULL) { - (*fld).countryName = (unsigned char*)malloc(sizeof(unsigned char) * (tmpFld[0].len + 1)); - if ((*fld).countryName != NULL) - { - memset((*fld).countryName, 0x00, (tmpFld[0].len + 1)); - memcpy((*fld).countryName, (tmpFld[0].address + strlen((const char*)(tmpFld[0].unitName))), tmpFld[0].len); - } - } - else - (*fld).countryName = NULL; - if(tmpFld[1].address != NULL) { - (*fld).stateOrProvinceName = (unsigned char*)malloc(sizeof(unsigned char) * (tmpFld[1].len + 1)); - if ((*fld).stateOrProvinceName != NULL) { - memset((*fld).stateOrProvinceName, 0x00, (tmpFld[1].len + 1)); - memcpy((*fld).stateOrProvinceName, (tmpFld[1].address + strlen((const char*)(tmpFld[1].unitName))), tmpFld[1].len); - } - } - else - (*fld).stateOrProvinceName = NULL; - if(tmpFld[2].address != NULL) { - (*fld).localityName = (unsigned char*)malloc(sizeof(unsigned char) * (tmpFld[2].len + 1)); - if ((*fld).localityName != NULL) { - memset((*fld).localityName, 0x00, (tmpFld[2].len + 1)); - memcpy((*fld).localityName, (tmpFld[2].address + strlen((const char*)(tmpFld[2].unitName))), tmpFld[2].len); - } - } - else - (*fld).localityName = NULL; - if(tmpFld[3].address != NULL) { - (*fld).organizationName = (unsigned char*)malloc(sizeof(unsigned char) * (tmpFld[3].len + 1)); - if ((*fld).organizationName != NULL) { - memset((*fld).organizationName, 0x00, (tmpFld[3].len + 1)); - memcpy((*fld).organizationName, (tmpFld[3].address + strlen((const char*)(tmpFld[3].unitName))), tmpFld[3].len); - } - } - else - (*fld).organizationName = NULL; - if(tmpFld[4].address != NULL) { - (*fld).organizationUnitName = (unsigned char*)malloc(sizeof(unsigned char) * (tmpFld[4].len + 1)); - if ((*fld).organizationUnitName != NULL) { - memset((*fld).organizationUnitName, 0x00, (tmpFld[4].len + 1)); - memcpy((*fld).organizationUnitName, (tmpFld[4].address + strlen((const char*)(tmpFld[4].unitName))), tmpFld[4].len); - } - } - else - (*fld).organizationUnitName = NULL; - if(tmpFld[5].address != NULL) { - (*fld).commonName = (unsigned char*)malloc(sizeof(unsigned char) * (tmpFld[5].len + 1)); - if ((*fld).commonName != NULL) { - memset((*fld).commonName, 0x00, (tmpFld[5].len + 1)); - memcpy((*fld).commonName, (tmpFld[5].address + strlen((const char*)(tmpFld[5].unitName))), tmpFld[5].len); - } - } - else - (*fld).commonName = NULL; - if(tmpFld[6].address != NULL) { - (*fld).emailAddress = (unsigned char*)malloc(sizeof(unsigned char) * (tmpFld[6].len + 1)); - if ((*fld).emailAddress != NULL) { - memset((*fld).emailAddress, 0x00, (tmpFld[6].len + 1)); - memcpy((*fld).emailAddress, (tmpFld[6].address + strlen((const char*)(tmpFld[6].unitName))), tmpFld[6].len); - } - } - else - (*fld).emailAddress = NULL; - return ret; } @@ -226,7 +121,7 @@ int parse_time_fld_data(unsigned char* before, unsigned char* after, cert_svc_va char second[3] = {0, }; if((strlen((char*)before) < 15) || (strlen((char*)after) < 15)) { - SLOGE("[ERR][%s] Fail to parse time fld.\n", __func__); + SLOGE("[ERR][%s] Fail to parse time fld.", __func__); ret = CERT_SVC_ERR_INVALID_CERTIFICATE; goto err; } @@ -274,21 +169,21 @@ cert_svc_linked_list* find_issuer_from_list(cert_svc_linked_list* list, cert_svc tmp1 = (cert_svc_cert_descriptor*)malloc(sizeof(cert_svc_cert_descriptor)); if (tmp1 == NULL) { - SLOGE("[ERR][%s] Fail to allocate certificate descriptor.\n", __func__); + SLOGE("[ERR][%s] Fail to allocate certificate descriptor.", __func__); return NULL; } memset(tmp1, 0x00, sizeof(cert_svc_cert_descriptor)); if(_extract_certificate_data(p->certificate, tmp1) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to extract certificate data.\n", __func__); + SLOGE("[ERR][%s] Fail to extract certificate data.", __func__); goto err; } for(q = list; q != NULL; q = q->next) { tmp2 = (cert_svc_cert_descriptor*)malloc(sizeof(cert_svc_cert_descriptor)); if (tmp2 == NULL) { - SLOGE("[ERR][%s] Fail to allocate certificate descriptor.\n", __func__); + SLOGE("[ERR][%s] Fail to allocate certificate descriptor.", __func__); goto err; } @@ -324,14 +219,14 @@ int sort_cert_chain(cert_svc_linked_list** unsorted, cert_svc_linked_list** sort for(p = (*sorted); p->next != NULL; p = p->next) { tmp1 = (cert_svc_cert_descriptor*)malloc(sizeof(cert_svc_cert_descriptor)); if(tmp1 == NULL) { - SLOGE("[ERR][%s] Fail to allocate certificate descriptor.\n", __func__); + SLOGE("[ERR][%s] Fail to allocate certificate descriptor.", __func__); return CERT_SVC_ERR_MEMORY_ALLOCATION; } memset(tmp1, 0x00, sizeof(cert_svc_cert_descriptor)); tmp2 = (cert_svc_cert_descriptor*)malloc(sizeof(cert_svc_cert_descriptor)); if(tmp2 == NULL) { release_certificate_data(tmp1); - SLOGE("[ERR][%s] Fail to allocate certificate descriptor.\n", __func__); + SLOGE("[ERR][%s] Fail to allocate certificate descriptor.", __func__); return CERT_SVC_ERR_MEMORY_ALLOCATION; } memset(tmp2, 0x00, sizeof(cert_svc_cert_descriptor)); @@ -340,7 +235,7 @@ int sort_cert_chain(cert_svc_linked_list** unsorted, cert_svc_linked_list** sort _extract_certificate_data(p->next->certificate, tmp2); if(strncmp((const char*)(tmp1->info.issuerStr), (const char*)(tmp2->info.subjectStr), strlen((const char*)(tmp2->info.subjectStr)))) { - SLOGE("[ERR][%s] Certificate chain is broken.\n", __func__); + SLOGE("[ERR][%s] Certificate chain is broken.", __func__); release_certificate_data(tmp1); release_certificate_data(tmp2); return CERT_SVC_ERR_BROKEN_CHAIN; @@ -371,7 +266,7 @@ int sort_cert_chain(cert_svc_linked_list** unsorted, cert_svc_linked_list** sort } if(q != NULL) { - SLOGE("[ERR][%s] Certificate chain is broken.\n", __func__); + SLOGE("[ERR][%s] Certificate chain is broken.", __func__); return CERT_SVC_ERR_BROKEN_CHAIN; } @@ -406,7 +301,7 @@ int is_CACert(cert_svc_mem_buff* cert, int* isCA) d2i_X509(&x, &p, cert->size); if(x == NULL) { - SLOGE("[ERR][%s] Certificate cannot be parsed.\n", __func__); + SLOGE("[ERR][%s] Certificate cannot be parsed.", __func__); ret = CERT_SVC_ERR_INVALID_CERTIFICATE; goto err; } @@ -423,150 +318,68 @@ err: return ret; } -int compare_period(int year, int month, int day, int hour, int min, int sec, struct tm* tm) -{ - int ret = 0; - // if return 0 --> same - // else if return 1 --> tm is bigger - // else if return -1 --> tm is smaller - - if(tm->tm_year > year) ret = 1; - else if(tm->tm_year < year) ret = -1; - else { // year is same - if(tm->tm_mon > month) ret = 1; - else if(tm->tm_mon < month) ret = -1; - else { // month is same - if(tm->tm_mday > day) ret = 1; - else if(tm->tm_mday < day) ret = -1; - else { // day is same - if(tm->tm_hour > hour) ret = 1; - else if(tm->tm_hour < hour) ret = -1; - else { // hour is same - if(tm->tm_min > min) ret = 1; - else if(tm->tm_min < min) ret = -1; - else { // minute is same - if(tm->tm_sec > sec) ret = 1; - else if(tm->tm_sec < sec) ret = -1; - else // second is same - ret = 0; - } - } - } - } - } - - return ret; -} - -int is_expired(cert_svc_mem_buff* cert, int* isExpired) +int VerifyCallbackfunc(int ok, X509_STORE_CTX* store) { - int ret = CERT_SVC_ERR_NO_ERROR; - cert_svc_cert_descriptor* certDesc = NULL; - int visibility = 0; - time_t t; - struct tm* tm; - unsigned char * certdata = NULL; - int certSize = 0; - unsigned char *fingerprint = NULL; - - // get current time - t = time(NULL); - tm = gmtime(&t); - - // get descriptor - certDesc = (cert_svc_cert_descriptor*)malloc(sizeof(cert_svc_cert_descriptor)); - if(certDesc == NULL) { - SLOGE("[ERR][%s] Fail to allocate certificate descriptor.\n", __func__); - return CERT_SVC_ERR_MEMORY_ALLOCATION; - } - memset(certDesc, 0x00, sizeof(cert_svc_cert_descriptor)); + char buf[256] = {0, }; + struct verify_context* verify_context = (struct verify_context*)X509_STORE_CTX_get_app_data(store); - if((ret = _extract_certificate_data(cert, certDesc)) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to extract certificate.\n", __func__); - (*isExpired) = 1; - goto err; + if(verify_context != NULL) { + verify_context->depth += 1; } - certdata = cert->data; - certSize = cert->size; + if(store->current_cert != NULL) + X509_NAME_oneline(X509_get_subject_name(store->current_cert), buf, 256); + else + strncpy(buf, "test", 4); - if(certdata == NULL || !certSize) - { - SLOGE("cert is or invalid!"); - ret = CERT_SVC_ERR_INVALID_CERTIFICATE; - (*isExpired) = 1; - goto err; + if(verify_context != NULL) { + SLOGD("[%s] Certificate %i: %s", __func__, verify_context->depth, buf); } - ret = get_certificate_fingerprint(certdata, certSize, &fingerprint); - if(ret != CERT_SVC_ERR_NO_ERROR) - { - SLOGE("Failed to get fingerprint data! %d", ret); - (*isExpired) = 1; - goto err; - } + return ok; +} - ret = get_visibility_by_fingerprint(fingerprint, &visibility); +int _is_default_sdk_author(cert_svc_mem_buff* signer_cert, int *is_default) +{ + static const char* _sdk_default_author_cert = + "MIIClTCCAX2gAwIBAgIGAUX+iaC6MA0GCSqGSIb3DQEBBQUAMFYxGjAYBgNVBAoMEVRpemVuIEFz" + "c29jaWF0aW9uMRowGAYDVQQLDBFUaXplbiBBc3NvY2lhdGlvbjEcMBoGA1UEAwwTVGl6ZW4gRGV2" + "ZWxvcGVycyBDQTAeFw0xMjExMDEwMDAwMDBaFw0xOTAxMDEwMDAwMDBaMBExDzANBgNVBAMMBmF1" + "dGhvcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAgKCL2LL2sZ9wpS9IMO5GKXCSPAz5oKD0" + "o5HMsGMQThCKmSTFPm9J4qj+MYomrufm2RMA8xp1KyJ79KK2BKg4/DE/5vvWLf1Fh8Jwut9JpkfW" + "1b8vNul87ft5NJ7ji5cu7wtQYvxC55BcaXAu3yv0AB0/oXVCRuvluSK5X7lvLHsCAwEAAaMyMDAw" + "DAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcN" + "AQEFBQADggEBADVYof211H9txSG7Bkmcv0erP4gu7uJt61A+4BYu7g2Gv0sVme8NTvu4289Kpdb8" + "pR5nosBnEL81eHJBuiCopWl1Yf12gc1hx/+nhlD8vdE3idXQUewCACLdaWNxJ5FO6RYZa3Stp6nO" + "y5U/hTktDpUMlq+ByR7DhjfIFd4D9O4IbQmp7VbsoGrMh8Jqm+q+mSQh6hth0qK2//Z5kHZLQGfi" + "m1q/W0L6BlE1+zPo8RdeLxEbsoRMYnvOzTYg2dgq5yPT64SCBEamRYeUdIOjbF+y86/1h6NMhmFu" + "12NOMj/hg9MfgsXIksRvusRX16blD7uOUz3DwsASa5YnlBdts48="; + + int encodeLen = (((signer_cert->size + 2) / 3) * 4) + 1; + int encodedLen = 0; + unsigned char *encodedBuffer = (unsigned char *)malloc(sizeof(unsigned char) * encodeLen); + if (encodedBuffer == NULL) + return CERT_SVC_ERR_MEMORY_ALLOCATION; + + int ret = cert_svc_util_base64_encode(signer_cert->data, signer_cert->size, encodedBuffer, &encodedLen); if(ret != CERT_SVC_ERR_NO_ERROR) { - SLOGE("Failed to get visibility! %d", ret); - (*isExpired) = 1; - goto err; + SLOGE("Failed to encode certificate"); + free(encodedBuffer); + return CERT_SVC_ERR_INVALID_CERTIFICATE; } - if(visibility == CERT_SVC_VISIBILITY_TEST || visibility == CERT_SVC_VISIBILITY_VERIFY) - { - // compare with not before - MUST bigger than this - if(compare_period(((int)certDesc->info.validPeriod.firstYear - 1900), - ((int)certDesc->info.validPeriod.firstMonth - 1), - (int)certDesc->info.validPeriod.firstDay, - (int)certDesc->info.validPeriod.firstHour, - (int)certDesc->info.validPeriod.firstMinute, - (int)certDesc->info.validPeriod.firstSecond, - tm) != 1) { - SLOGE("[ERR][%s] Certificate is expired.\n", __func__); - ret = CERT_SVC_ERR_IS_EXPIRED; - (*isExpired) = 1; - goto err; - } - - // compare with not after - MUST smaller than this - if(compare_period(((int)certDesc->info.validPeriod.secondYear - 1900), - ((int)certDesc->info.validPeriod.secondMonth - 1), - (int)certDesc->info.validPeriod.secondDay, - (int)certDesc->info.validPeriod.secondHour, - (int)certDesc->info.validPeriod.secondMinute, - (int)certDesc->info.validPeriod.secondSecond, - tm) != -1) { - SLOGE("[ERR][%s] Certificate is expired.\n", __func__); - ret = CERT_SVC_ERR_IS_EXPIRED; - (*isExpired) = 1; - goto err; - } - } - else// ignore check cert time with local time (internal concept) + if(!memcmp(_sdk_default_author_cert, encodedBuffer, encodedLen)) { - (*isExpired) = 0; // not expired + SLOGE("Error! Author signature signed by SDK default certificate."); + *is_default = 1; + free(encodedBuffer); + return CERT_SVC_ERR_INVALID_SDK_DEFAULT_AUTHOR_CERT; } -err: - release_certificate_data(certDesc); - - return ret; -} - -int VerifyCallbackfunc(int ok, X509_STORE_CTX* store) -{ - char buf[256] = {0, }; - struct verify_context* verify_context = (struct verify_context*)X509_STORE_CTX_get_app_data(store); - verify_context->depth += 1; - if(store->current_cert != NULL) - X509_NAME_oneline(X509_get_subject_name(store->current_cert), buf, 256); - else - strncpy(buf, "test", 4); - SECURE_SLOGD("[%s] Certificate %i: %s\n", __func__, verify_context->depth, buf); - - return ok; + free(encodedBuffer); + *is_default = 0; + return CERT_SVC_ERR_NO_ERROR; } int _remove_selfsigned_cert_in_chain(cert_svc_linked_list** certList) @@ -587,13 +400,13 @@ int _remove_selfsigned_cert_in_chain(cert_svc_linked_list** certList) certdesc = (cert_svc_cert_descriptor*)malloc(sizeof(cert_svc_cert_descriptor)); if(certdesc == NULL) { - SLOGE("[ERR][%s] Fail to allocate certificate descriptor.\n", __func__); + SLOGE("[ERR][%s] Fail to allocate certificate descriptor.", __func__); return CERT_SVC_ERR_MEMORY_ALLOCATION; } memset(certdesc, 0x00, sizeof(cert_svc_cert_descriptor)); if((ret = _extract_certificate_data(current->certificate, certdesc)) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to extract certificate data.\n", __func__); + SLOGE("[ERR][%s] Fail to extract certificate data.", __func__); goto err; } @@ -635,12 +448,6 @@ err: return ret; } -int _verify_certificate(cert_svc_mem_buff* certBuf, cert_svc_linked_list** certList, cert_svc_filename_list* rootPath, int* validity){ - int ca_cflag_check_false = 0; - - return _verify_certificate_with_caflag(certBuf, certList, ca_cflag_check_false, rootPath, validity); -} - int _verify_certificate_with_caflag(cert_svc_mem_buff* certBuf, cert_svc_linked_list** certList, int checkCaFlag, cert_svc_filename_list* rootPath, int* validity) { int ret = CERT_SVC_ERR_NO_ERROR; @@ -650,7 +457,7 @@ int _verify_certificate_with_caflag(cert_svc_mem_buff* certBuf, cert_svc_linked_ cert_svc_cert_descriptor* findRoot = NULL; cert_svc_filename_list* fileNames = NULL; cert_svc_mem_buff* CACert = NULL; - int isCA = -1, isExpired = -1; + int isCA = -1; // variables for verification int certNum = 0; int certIndex = 0, i = 0; @@ -663,14 +470,22 @@ int _verify_certificate_with_caflag(cert_svc_mem_buff* certBuf, cert_svc_linked_ STACK_OF(X509) *resultChain; X509* tmpCert = NULL; int caFlagValidity; + int is_default_author = 0; OpenSSL_add_all_algorithms(); tchain = sk_X509_new_null(); uchain = sk_X509_new_null(); + + ret = _is_default_sdk_author(certBuf, &is_default_author); + if(ret == CERT_SVC_ERR_INVALID_SDK_DEFAULT_AUTHOR_CERT && is_default_author) + return CERT_SVC_ERR_INVALID_SDK_DEFAULT_AUTHOR_CERT; + + if(ret != CERT_SVC_ERR_NO_ERROR) + return CERT_SVC_ERR_INVALID_CERTIFICATE; findRoot = (cert_svc_cert_descriptor*)malloc(sizeof(cert_svc_cert_descriptor)); if(findRoot == NULL) { - SLOGE("[ERR][%s] Failed to allocate memory for certificate descriptor.\n", __func__); + SLOGE("[ERR][%s] Failed to allocate memory for certificate descriptor.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } @@ -680,12 +495,12 @@ int _verify_certificate_with_caflag(cert_svc_mem_buff* certBuf, cert_svc_linked_ if((*certList) != NULL) { /* remove self-signed certificate in certList */ if((ret = _remove_selfsigned_cert_in_chain(certList)) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to remove self-signed certificate in chain.\n", __func__); + SLOGE("[ERR][%s] Fail to remove self-signed certificate in chain.", __func__); goto err; } /* sort certList */ if((ret = sort_cert_chain(certList, &sorted)) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to sort certificate chain.\n", __func__); + SLOGE("[ERR][%s] Fail to sort certificate chain.", __func__); goto err; } @@ -703,24 +518,24 @@ int _verify_certificate_with_caflag(cert_svc_mem_buff* certBuf, cert_svc_linked_ ret = _extract_certificate_data(certBuf, findRoot); if(ret != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to extract certificate data\n", __func__); + SLOGE("[ERR][%s] Fail to extract certificate data", __func__); goto err; } if((ret = _search_certificate(&fileNames, SUBJECT_STR, (char*)findRoot->info.issuerStr)) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to search root certificate\n", __func__); + SLOGE("[ERR][%s] Fail to search root certificate", __func__); goto err; } if(fileNames->filename == NULL) { - SLOGE("[ERR][%s] There is no CA certificate.\n", __func__); + SLOGE("[ERR][%s] There is no CA certificate.", __func__); ret = CERT_SVC_ERR_NO_ROOT_CERT; goto err; } CACert = (cert_svc_mem_buff*)malloc(sizeof(cert_svc_mem_buff)); if(CACert == NULL) { - SLOGE("[ERR][%s] Failed to allocate memory for ca cert.\n", __func__); + SLOGE("[ERR][%s] Failed to allocate memory for ca cert.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } @@ -729,7 +544,7 @@ int _verify_certificate_with_caflag(cert_svc_mem_buff* certBuf, cert_svc_linked_ // use the first found CA cert - ignore other certificate(s). assume that there is JUST one CA cert if((ret = cert_svc_util_load_file_to_buffer(fileNames->filename, CACert)) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to load CA cert to buffer.\n", __func__); + SLOGE("[ERR][%s] Fail to load CA cert to buffer.", __func__); goto err; } @@ -737,33 +552,23 @@ int _verify_certificate_with_caflag(cert_svc_mem_buff* certBuf, cert_svc_linked_ strncpy(rootPath->filename, fileNames->filename, CERT_SVC_MAX_FILE_NAME_SIZE - 1); rootPath->filename[CERT_SVC_MAX_FILE_NAME_SIZE - 1] = '\0'; - /* check validity - is CA?, is expired? */ if((ret = is_CACert(CACert, &isCA)) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] CA certificate is invalid.\n", __func__); + SLOGE("[ERR][%s] CA certificate is invalid.", __func__); goto err; } + if(isCA != 1) { // NOT CA certificate - SLOGE("[ERR][%s] Found certificate is NOT CA certificate.\n", __func__); + SLOGE("[ERR][%s] Found certificate is NOT CA certificate.", __func__); ret = CERT_SVC_ERR_NO_ROOT_CERT; goto err; } - if((ret = is_expired(CACert, &isExpired)) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] CA certificate is invalid.\n", __func__); - goto err; - } - if(isExpired != 0) { // expired - SLOGE("[ERR][%s] CA certificate is expired.\n", __func__); - ret = CERT_SVC_ERR_IS_EXPIRED; - goto err; - } - /* verify */ // insert root certificate into trusted chain certContent = CACert->data; d2i_X509(&rootCert, &certContent, CACert->size); if(!(sk_X509_push(tchain, rootCert))) { - SLOGE("[ERR][%s] Fail to push certificate into stack.\n", __func__); + SLOGE("[ERR][%s] Fail to push certificate into stack.", __func__); ret = CERT_SVC_ERR_INVALID_OPERATION; goto err; } @@ -778,7 +583,7 @@ int _verify_certificate_with_caflag(cert_svc_mem_buff* certBuf, cert_svc_linked_ certIndex = 0; interCert = (X509**)malloc(sizeof(X509*) * certNum); if(interCert == NULL) { - SLOGE("[ERR][%s] Failed to allocate memory for interim certificate.\n", __func__); + SLOGE("[ERR][%s] Failed to allocate memory for interim certificate.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } @@ -787,12 +592,12 @@ int _verify_certificate_with_caflag(cert_svc_mem_buff* certBuf, cert_svc_linked_ while(1) { certContent = q->certificate->data; if(!d2i_X509(&interCert[certIndex], &certContent, q->certificate->size)) { - SLOGE("[ERR][%s] Fail to load certificate into memory.\n", __func__); + SLOGE("[ERR][%s] Fail to load certificate into memory.", __func__); ret = CERT_SVC_ERR_INVALID_CERTIFICATE; goto err; } if(!(sk_X509_push(uchain, interCert[certIndex]))) { - SLOGE("[ERR][%s] Fail to push certificate into stack.\n", __func__); + SLOGE("[ERR][%s] Fail to push certificate into stack.", __func__); ret = CERT_SVC_ERR_INVALID_OPERATION; goto err; } @@ -806,12 +611,10 @@ int _verify_certificate_with_caflag(cert_svc_mem_buff* certBuf, cert_svc_linked_ } } - // initialize store and store context storeCtx = X509_STORE_CTX_new(); - // construct store context if(!X509_STORE_CTX_init(storeCtx, 0, targetCert, uchain)) { - SLOGE("[ERR][%s] Fail to initialize X509 store context.\n", __func__); + SLOGE("[ERR][%s] Fail to initialize X509 store context.", __func__); goto err; } struct verify_context verify_context = { 0 }; @@ -819,20 +622,66 @@ int _verify_certificate_with_caflag(cert_svc_mem_buff* certBuf, cert_svc_linked_ X509_STORE_CTX_set_verify_cb(storeCtx, VerifyCallbackfunc); X509_STORE_CTX_trusted_stack(storeCtx, tchain); - // verify + SLOGD("verify signer certificate"); if(((*validity) = X509_verify_cert(storeCtx)) != 1) { - SLOGE("[ERR][%s] Fail to verify certificate chain, validity: [%d]\n", __func__, (*validity)); - SLOGE("err str: [%s]\n", X509_verify_cert_error_string(X509_STORE_CTX_get_error(storeCtx))); - goto err; + int error = X509_STORE_CTX_get_error(storeCtx); + + SLOGE("[ERR][%s] Fail to verify certificate chain, validity: [%d]", __func__, (*validity)); + SLOGE("err str: [%s]", X509_verify_cert_error_string(error)); + + // check level + int cert_type=0; + char *fingerprint = NULL; + unsigned char *certdata = NULL; + int certSize = 0; + + certdata = CACert->data; + certSize = CACert->size; + + ret = get_certificate_fingerprint(certdata, certSize, &fingerprint); + if(ret != CERT_SVC_ERR_NO_ERROR) + { + SLOGE("Failed to get fingerprint data! %d", ret); + goto err; + } + + ret = get_type_by_fingerprint(fingerprint, &cert_type); + if(ret != CERT_SVC_ERR_NO_ERROR) + { + SLOGE("Failed to get level! %d", ret); + goto err; + } + + SLOGD("cert_type = %d", cert_type); + if(cert_type != CERT_SVC_TYPE_TEST && cert_type != CERT_SVC_TYPE_VERIFY){ + + SLOGD("Level is not Test or Verity"); + if( error == X509_V_ERR_CERT_NOT_YET_VALID || + error == X509_V_ERR_CERT_HAS_EXPIRED || + error == X509_V_ERR_CRL_NOT_YET_VALID || + error == X509_V_ERR_CRL_HAS_EXPIRED || + error == X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD || + error == X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD || + error == X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD || + error == X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD) { + + SLOGD("Skip checking valid time of signer cert"); + (*validity) = 1; + } + } + else{ + ret = CERT_SVC_ERR_IS_EXPIRED; + goto err; + } } if(checkCaFlag) { // check strictly resultChain = X509_STORE_CTX_get1_chain(storeCtx); while((tmpCert = sk_X509_pop(resultChain))) { caFlagValidity = X509_check_ca(tmpCert); - if(caFlagValidity != 1 && (tmpCert = sk_X509_pop(resultChain)) != NULL) { // the last one is not a CA. + if(caFlagValidity != 1 && (sk_X509_pop(resultChain)) != NULL) { // the last one is not a CA. (*validity) = 0; - SLOGE("[ERR][%s] Invalid CA Flag for CA Certificate, validity: [%d]\n", __func__, (*validity)); + SLOGE("[ERR][%s] Invalid CA Flag for CA Certificate, validity: [%d]", __func__, (*validity)); break; } } @@ -858,7 +707,7 @@ err: free(interCert); } - EVP_cleanup(); + //EVP_cleanup(); release_certificate_buf(CACert); release_certificate_data(findRoot); release_filename_list(fileNames); @@ -888,7 +737,7 @@ int _verify_signature(cert_svc_mem_buff* certBuf, unsigned char* message, int ms p = certBuf->data; d2i_X509(&x, &p, certBuf->size); if(x == NULL) { - SLOGE("[ERR][%s] Fail to allocate X509 structure.\n", __func__); + SLOGE("[ERR][%s] Fail to allocate X509 structure.", __func__); ret = CERT_SVC_ERR_INVALID_CERTIFICATE; goto err; } @@ -898,13 +747,13 @@ int _verify_signature(cert_svc_mem_buff* certBuf, unsigned char* message, int ms decodedSigLen = ((sigLen / 4) * 3) + 1; if(!(decodedSig = (unsigned char*)malloc(sizeof(unsigned char) * decodedSigLen))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } memset(decodedSig, 0x00, decodedSigLen); - if((ret = cert_svc_util_base64_decode((char*)signature, sigLen, (char*)decodedSig, &decodedSigLen)) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to base64 decode.\n", __func__); + if((ret = cert_svc_util_base64_decode(signature, sigLen, decodedSig, &decodedSigLen)) != CERT_SVC_ERR_NO_ERROR) { + SLOGE("[ERR][%s] Fail to base64 decode.", __func__); ret = CERT_SVC_ERR_INVALID_OPERATION; goto err; } @@ -913,17 +762,21 @@ int _verify_signature(cert_svc_mem_buff* certBuf, unsigned char* message, int ms pkey = X509_get_pubkey(x); /* make EVP_MD_CTX */ - mdctx = EVP_MD_CTX_create(); + if(!(mdctx = EVP_MD_CTX_create())) { + ret = CERT_SVC_ERR_MEMORY_ALLOCATION; + goto err; + } + if(algo == NULL) { // if hash algorithm is not defined, if(!(md = EVP_get_digestbyobj(x->cert_info->signature->algorithm))) { // get hash algorithm - SLOGE("[ERR][%s] Fail to get hash algorithm.\n", __func__); + SLOGE("[ERR][%s] Fail to get hash algorithm.", __func__); ret = CERT_SVC_ERR_INVALID_CERTIFICATE; goto err; } } else { // if hash algorithm is defined, if(!(md = EVP_get_digestbyname(algo))) { // get hash algorithm - SLOGE("[ERR][%s] Fail to get hash algorithm.\n", __func__); + SLOGE("[ERR][%s] Fail to get hash algorithm.", __func__); ret = CERT_SVC_ERR_INVALID_CERTIFICATE; goto err; } @@ -931,17 +784,17 @@ int _verify_signature(cert_svc_mem_buff* certBuf, unsigned char* message, int ms /* initialization */ if(EVP_VerifyInit_ex(mdctx, md, NULL) != 1) { - SLOGE("[ERR][%s] Fail to execute EVP_VerifyInit_ex().\n", __func__); + SLOGE("[ERR][%s] Fail to execute EVP_VerifyInit_ex().", __func__); ret = CERT_SVC_ERR_INVALID_CERTIFICATE; goto err; } if(EVP_VerifyUpdate(mdctx, message, msgLen) != 1) { - SLOGE("[ERR][%s] Fail to execute EVP_VerifyUpdate().\n", __func__); + SLOGE("[ERR][%s] Fail to execute EVP_VerifyUpdate().", __func__); ret = CERT_SVC_ERR_INVALID_CERTIFICATE; goto err; } if(((*validity) = EVP_VerifyFinal(mdctx, decodedSig, decodedSigLen, pkey)) != 1) { - SLOGE("[ERR][%s] Fail to verify signature.\n", __func__); + SLOGE("[ERR][%s] Fail to verify signature.", __func__); ret = CERT_SVC_ERR_INVALID_SIGNATURE; goto err; } @@ -955,7 +808,7 @@ err: EVP_PKEY_free(pkey); if(mdctx != NULL) EVP_MD_CTX_destroy(mdctx); - EVP_cleanup(); + //EVP_cleanup(); return ret; } @@ -1002,7 +855,7 @@ int _extract_certificate_data(cert_svc_mem_buff* cert, cert_svc_cert_descriptor* p = cert->data; d2i_X509(&x, &p, cert->size); if(x == NULL) { - SLOGE("[ERR][%s] Fail to allocate X509 structure.\n", __func__); + SLOGE("[ERR][%s] Fail to allocate X509 structure.", __func__); ret = CERT_SVC_ERR_INVALID_CERTIFICATE; goto err; } @@ -1015,10 +868,15 @@ int _extract_certificate_data(cert_svc_mem_buff* cert, cert_svc_cert_descriptor* certDesc->info.serialNumber = get_ASN1_INTEGER(x->cert_info->serialNumber); /* get signature algorithm */ signatureAlgo = (char*)get_ASN1_OBJECT(x->cert_info->signature->algorithm); + if(signatureAlgo == NULL) { + SLOGE("[ERR][%s] Failed to allocate memory.", __func__); + ret = CERT_SVC_ERR_MEMORY_ALLOCATION; + goto err; + } sigLen = strlen((const char*)signatureAlgo); certDesc->info.sigAlgo = (unsigned char*)malloc(sizeof(unsigned char) * (sigLen + 1)); if(certDesc->info.sigAlgo == NULL) { - SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Failed to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } @@ -1029,7 +887,7 @@ int _extract_certificate_data(cert_svc_mem_buff* cert, cert_svc_cert_descriptor* issuerStrLen = strlen((const char*)tmpIssuerStr); certDesc->info.issuerStr = (unsigned char*)malloc(sizeof(unsigned char) * (issuerStrLen + 1)); if(certDesc->info.issuerStr == NULL) { - SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Failed to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } @@ -1037,14 +895,14 @@ int _extract_certificate_data(cert_svc_mem_buff* cert, cert_svc_cert_descriptor* memcpy(certDesc->info.issuerStr, tmpIssuerStr, issuerStrLen); if((ret = parse_name_fld_data(tmpIssuerStr, &(certDesc->info.issuer))) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to parse cert_svc_name_fld_data.\n", __func__); + SLOGE("[ERR][%s] Fail to parse cert_svc_name_fld_data.", __func__); goto err; } /* get time */ ASN1_TIME_to_generalizedtime(x->cert_info->validity->notBefore, &timeNotBefore); ASN1_TIME_to_generalizedtime(x->cert_info->validity->notAfter, &timeNotAfter); if((ret = parse_time_fld_data(timeNotBefore->data, timeNotAfter->data, &(certDesc->info.validPeriod))) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to parse cert_svc_validity_fld_data.\n", __func__); + SLOGE("[ERR][%s] Fail to parse cert_svc_validity_fld_data.", __func__); goto err; } /* get subject */ @@ -1052,7 +910,7 @@ int _extract_certificate_data(cert_svc_mem_buff* cert, cert_svc_cert_descriptor* subjectStrLen = strlen((const char*)tmpSubjectStr); certDesc->info.subjectStr = (unsigned char*)malloc(sizeof(unsigned char) * (subjectStrLen + 1)); if(certDesc->info.subjectStr == NULL) { - SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Failed to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } @@ -1060,15 +918,21 @@ int _extract_certificate_data(cert_svc_mem_buff* cert, cert_svc_cert_descriptor* memcpy(certDesc->info.subjectStr, tmpSubjectStr, subjectStrLen); if((ret = parse_name_fld_data(tmpSubjectStr, &(certDesc->info.subject))) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to parse cert_svc_name_fld_data.\n", __func__); + SLOGE("[ERR][%s] Fail to parse cert_svc_name_fld_data.", __func__); goto err; } /* get public key algorithm */ publicKeyAlgo = (char*)get_ASN1_OBJECT(x->cert_info->key->algor->algorithm); + if(publicKeyAlgo == NULL) { + SLOGE("[ERR][%s] Failed to allocate memory.", __func__); + ret = CERT_SVC_ERR_MEMORY_ALLOCATION; + goto err; + } + publicKeyAlgoLen = strlen((const char*)publicKeyAlgo); certDesc->info.pubKeyAlgo = (unsigned char*)malloc(sizeof(unsigned char) * (publicKeyAlgoLen + 1)); if(certDesc->info.pubKeyAlgo == NULL) { - SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Failed to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } @@ -1076,14 +940,14 @@ int _extract_certificate_data(cert_svc_mem_buff* cert, cert_svc_cert_descriptor* memcpy(certDesc->info.pubKeyAlgo, publicKeyAlgo, publicKeyAlgoLen); /* get public key */ if((evp = X509_get_pubkey(x)) == NULL) { - SLOGE("[ERR][%s] Public key is null.\n", __func__); + SLOGE("[ERR][%s] Public key is null.", __func__); ret = CERT_SVC_ERR_INVALID_CERTIFICATE; goto err; } pkeyLen = i2d_PublicKey(x->cert_info->key->pkey, NULL); certDesc->info.pubKey = (unsigned char*)malloc(sizeof(unsigned char) * (pkeyLen + 1)); if(certDesc->info.pubKey == NULL) { - SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Failed to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } @@ -1095,7 +959,7 @@ int _extract_certificate_data(cert_svc_mem_buff* cert, cert_svc_cert_descriptor* issuerUidLen = x->cert_info->issuerUID->length; certDesc->info.issuerUID = (unsigned char*)malloc(sizeof(unsigned char) * (issuerUidLen + 1)); if(certDesc->info.issuerUID == NULL) { - SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Failed to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } @@ -1110,7 +974,7 @@ int _extract_certificate_data(cert_svc_mem_buff* cert, cert_svc_cert_descriptor* subjectUidLen = x->cert_info->subjectUID->length; certDesc->info.subjectUID = (unsigned char*)malloc(sizeof(unsigned char) * (subjectUidLen + 1)); if(certDesc->info.subjectUID == NULL) { - SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Failed to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } @@ -1125,7 +989,7 @@ int _extract_certificate_data(cert_svc_mem_buff* cert, cert_svc_cert_descriptor* certDesc->ext.numOfFields = sk_X509_EXTENSION_num(x->cert_info->extensions); certDesc->ext.fields = (cert_svc_cert_fld_desc*)malloc(sizeof(cert_svc_cert_fld_desc) * certDesc->ext.numOfFields); if(certDesc->ext.fields == NULL) { - SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Failed to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } @@ -1134,10 +998,15 @@ int _extract_certificate_data(cert_svc_mem_buff* cert, cert_svc_cert_descriptor* ext = sk_X509_EXTENSION_value(x->cert_info->extensions, i); if(ext != NULL) { extObject = (char*)get_ASN1_OBJECT(ext->object); + if(extObject == NULL) { + SLOGE("[ERR][%s] Failed to allocate memory.", __func__); + ret = CERT_SVC_ERR_MEMORY_ALLOCATION; + goto err; + } extObjLen = strlen((const char*)extObject); certDesc->ext.fields[i].name = (unsigned char*)malloc(sizeof(unsigned char) * (extObjLen + 1)); if(certDesc->ext.fields[i].name == NULL) { - SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Failed to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } @@ -1148,7 +1017,7 @@ int _extract_certificate_data(cert_svc_mem_buff* cert, cert_svc_cert_descriptor* extValLen = ext->value->length; certDesc->ext.fields[i].data = (unsigned char*)malloc(sizeof(unsigned char) * (extValLen + 1)); if(certDesc->ext.fields[i].data == NULL) { - SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Failed to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } @@ -1161,10 +1030,15 @@ int _extract_certificate_data(cert_svc_mem_buff* cert, cert_svc_cert_descriptor* } /* get signature algorithm and signature */ sigAlgo = (char*)get_ASN1_OBJECT(x->sig_alg->algorithm); + if(sigAlgo == NULL) { + SLOGE("[ERR][%s] Failed to allocate memory.", __func__); + ret = CERT_SVC_ERR_MEMORY_ALLOCATION; + goto err; + } sigAlgoLen = strlen((const char*)sigAlgo); certDesc->signatureAlgo = (unsigned char*)malloc(sizeof(unsigned char) * (sigAlgoLen + 1)); if(certDesc->signatureAlgo == NULL) { - SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Failed to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } @@ -1175,7 +1049,7 @@ int _extract_certificate_data(cert_svc_mem_buff* cert, cert_svc_cert_descriptor* certDesc->signatureLen = sigDataLen; certDesc->signatureData = (unsigned char*)malloc(sizeof(unsigned char) * (sigDataLen + 1)); if(certDesc->signatureData == NULL) { - SLOGE("[ERR][%s] Failed to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Failed to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } @@ -1384,7 +1258,7 @@ int search_data_field(search_field fldName, char* fldData, cert_svc_cert_descrip return ret; } -int _get_all_certificates(char* const *paths, cert_svc_filename_list **lst) { +int _get_all_certificates(char *const *paths, cert_svc_filename_list **lst) { int ret = CERT_SVC_ERR_NO_ERROR; FTS *fts = NULL; FTSENT *ftsent; @@ -1396,7 +1270,7 @@ int _get_all_certificates(char* const *paths, cert_svc_filename_list **lst) { if (NULL == (fts = fts_open(paths, FTS_LOGICAL, NULL))) { ret = CERT_SVC_ERR_FILE_IO; - SLOGE("[ERR][%s] Fail to open directories.\n", __func__); + SLOGE("[ERR][%s] Fail to open directories.", __func__); goto out; } @@ -1404,7 +1278,7 @@ int _get_all_certificates(char* const *paths, cert_svc_filename_list **lst) { if (ftsent->fts_info == FTS_ERR || ftsent->fts_info == FTS_NS) { ret = CERT_SVC_ERR_FILE_IO; - SLOGE("[ERR][%s] Fail to read directories.\n", __func__); + SLOGE("[ERR][%s] Fail to read directories.", __func__); goto out; } @@ -1414,20 +1288,23 @@ int _get_all_certificates(char* const *paths, cert_svc_filename_list **lst) { if (-1 != readlink(ftsent->fts_path, tmp, 10)) continue; + len = strlen((const char *)(ftsent->fts_path)); + if (strcmp((ftsent->fts_path + len - strlen(".pem")), ".pem") != 0) + continue; + el = (cert_svc_filename_list*)malloc(sizeof(cert_svc_filename_list)); if (!el) { ret = CERT_SVC_ERR_MEMORY_ALLOCATION; - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); goto out; } el->next = local; local = el; - len = strlen((const char*)(ftsent->fts_path)); local->filename = (char*)malloc(len+1); if (!local->filename) { ret = CERT_SVC_ERR_MEMORY_ALLOCATION; - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); goto out; } strncpy(local->filename, ftsent->fts_path, len+1); @@ -1452,15 +1329,18 @@ out: int get_all_certificates(cert_svc_filename_list** allCerts) { int ret; - char ** buffer[] = {(char **)CERT_SVC_SEARCH_PATH_RO, (char **)CERT_SVC_SEARCH_PATH_RW, NULL}; + char *buffer[2]; + + buffer[0] = ROOT_CA_CERTS_DIR; + buffer[1] = NULL; if (!allCerts) { - SLOGE("[ERR][%s] Invalid argument.\n", __func__); + SLOGE("[ERR][%s] Invalid argument.", __func__); return CERT_SVC_ERR_INVALID_PARAMETER; } - if ((ret = _get_all_certificates((char* const *) buffer, allCerts)) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to get filelist.\n", __func__); + if ((ret = _get_all_certificates(buffer, allCerts)) != CERT_SVC_ERR_NO_ERROR) { + SLOGE("[ERR][%s] Fail to get filelist.", __func__); return ret; } @@ -1480,7 +1360,7 @@ int _search_certificate(cert_svc_filename_list** fileNames, search_field fldName struct stat file_info; if((ret = get_all_certificates(&allCerts)) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to get all certificate file list, ret: [%d]\n", __func__, ret); + SLOGE("[ERR][%s] Fail to get all certificate file list, ret: [%d]", __func__, ret); goto err; } @@ -1489,25 +1369,25 @@ int _search_certificate(cert_svc_filename_list** fileNames, search_field fldName while(1) { if((lstat(p->filename, &file_info)) < 0) { // get file information - SECURE_SLOGE("[ERR][%s] Fail to get file(%s) information.\n", __func__, p->filename); + SLOGE("[ERR][%s] Fail to get file(%s) information.", __func__, p->filename); ret = CERT_SVC_ERR_INVALID_OPERATION; goto err; } if((file_info.st_mode & S_IFLNK) == S_IFLNK) { // if symbolic link, continue -// SLOGD("[LOG][%s] %s is symbolic link, ignored.\n", __func__, p->filename); + SLOGD("[LOG][%s] %s is symbolic link, ignored.", __func__, p->filename); goto fail_to_load_file; } // allocate memory if(!(certBuf = (cert_svc_mem_buff*)malloc(sizeof(cert_svc_mem_buff)))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } // load content into buffer if((ret = cert_svc_util_load_file_to_buffer(p->filename, certBuf)) != CERT_SVC_ERR_NO_ERROR) { - SECURE_SLOGE("[ERR][%s] Fail to load file to buffer, filename: [%s], ret: [%d]\n", __func__, p->filename, ret); + SLOGE("[ERR][%s] Fail to load file to buffer, filename: [%s], ret: [%d]", __func__, p->filename, ret); free(certBuf); certBuf = NULL; goto fail_to_load_file; @@ -1515,14 +1395,14 @@ int _search_certificate(cert_svc_filename_list** fileNames, search_field fldName // allocate memory if(!(certDesc = (cert_svc_cert_descriptor*)malloc(sizeof(cert_svc_cert_descriptor)))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } // load content into descriptor buffer if((ret = _extract_certificate_data(certBuf, certDesc)) != CERT_SVC_ERR_NO_ERROR) { - SECURE_SLOGE("[ERR][%s] Fail to extract certificate data, filename: [%s], ret: [%d]\n", __func__, p->filename, ret); + SLOGE("[ERR][%s] Fail to extract certificate data, filename: [%s], ret: [%d]", __func__, p->filename, ret); goto fail_to_extract_file; } @@ -1531,12 +1411,12 @@ int _search_certificate(cert_svc_filename_list** fileNames, search_field fldName matched = 1; if(!(newNode = (cert_svc_filename_list*)malloc(sizeof(cert_svc_filename_list)))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } if(!(newNode->filename = (char*)malloc(sizeof(char) * CERT_SVC_MAX_FILE_NAME_SIZE))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; free(newNode); goto err; @@ -1573,7 +1453,7 @@ fail_to_load_file: } if(matched != 1) { // not founded - SLOGE("[ERR][%s] Cannot find any certificate you want.\n", __func__); + SLOGE("[ERR][%s] Cannot find any certificate you want.", __func__); ret = CERT_SVC_ERR_NO_MORE_CERTIFICATE; } else @@ -1586,7 +1466,9 @@ err: return ret; } -X509 *__loadCert(const char *file) { + +X509 *__loadCert(const char *file) +{ FILE *fp = fopen(file, "r"); if(fp == NULL) return NULL; @@ -1599,7 +1481,8 @@ X509 *__loadCert(const char *file) { return cert; } -int __loadSystemCerts(STACK_OF(X509) *systemCerts) { +int __loadSystemCerts(STACK_OF(X509) *systemCerts) +{ int ret = CERT_SVC_ERR_NO_ERROR; cert_svc_filename_list* allCerts = NULL; cert_svc_filename_list* p = NULL; @@ -1607,19 +1490,19 @@ int __loadSystemCerts(STACK_OF(X509) *systemCerts) { X509 *cert; if((ret = get_all_certificates(&allCerts)) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to get all certificate file list, ret: [%d]\n", __func__, ret); + SLOGE("[ERR][%s] Fail to get all certificate file list, ret: [%d]", __func__, ret); goto err; } p = allCerts; while(1) { if((lstat(p->filename, &file_info)) < 0) { // get file information - SECURE_SLOGE("[ERR][%s] Fail to get file(%s) information.\n", __func__, p->filename); + SLOGE("[ERR][%s] Fail to get file(%s) information.", __func__, p->filename); ret = CERT_SVC_ERR_INVALID_OPERATION; goto err; } if((file_info.st_mode & S_IFLNK) == S_IFLNK) { // if symbolic link, continue -// SLOGD("[LOG][%s] %s is symbolic link, ignored.\n", __func__, p->filename); +// SLOGD("[LOG][%s] %s is symbolic link, ignored.", __func__, p->filename); goto fail_to_load_file; } @@ -1796,11 +1679,10 @@ int __ocsp_verify(X509 *cert, X509 *issuer, STACK_OF(X509) *systemCerts, char *u OCSP_RESPONSE_free(resp); OCSP_BASICRESP_free(bs); X509_STORE_free(trustedStore); - + // int err = ERR_get_error(); // char errStr[100]; // ERR_error_string(err,errStr); -// printf("OCSP_basic_verify fail.error = %s\n", errStr); return CERT_SVC_ERR_OCSP_VERIFICATION_ERROR; } @@ -1867,8 +1749,8 @@ int __ocsp_verify(X509 *cert, X509 *issuer, STACK_OF(X509) *systemCerts, char *u } if(trustedStore) { - X509_STORE_free(trustedStore); - trustedStore = NULL; + X509_STORE_free(trustedStore); + trustedStore = NULL; } if (reason != -1) { @@ -1897,7 +1779,7 @@ int _check_ocsp_status(cert_svc_mem_buff* certBuf, cert_svc_linked_list** certLi findRoot = (cert_svc_cert_descriptor*)malloc(sizeof(cert_svc_cert_descriptor)); if(findRoot == NULL) { - SLOGE("[ERR][%s] Failed to allocate memory for certificate descriptor.\n", __func__); + SLOGE("[ERR][%s] Failed to allocate memory for certificate descriptor.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } @@ -1906,12 +1788,12 @@ int _check_ocsp_status(cert_svc_mem_buff* certBuf, cert_svc_linked_list** certLi if(certList != NULL && (*certList) != NULL) { /* remove self-signed certificate in certList */ if((ret = _remove_selfsigned_cert_in_chain(certList)) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to remove self-signed certificate in chain.\n", __func__); + SLOGE("[ERR][%s] Fail to remove self-signed certificate in chain.", __func__); goto err; } /* sort certList */ if((ret = sort_cert_chain(certList, &sorted)) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to sort certificate chain.\n", __func__); + SLOGE("[ERR][%s] Fail to sort certificate chain.", __func__); goto err; } @@ -1929,30 +1811,30 @@ int _check_ocsp_status(cert_svc_mem_buff* certBuf, cert_svc_linked_list** certLi } if(ret != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to extract certificate data\n", __func__); + SLOGE("[ERR][%s] Fail to extract certificate data", __func__); goto err; } if((ret = _search_certificate(&fileNames, SUBJECT_STR, findRoot->info.issuerStr)) != CERT_SVC_ERR_NO_ERROR) { ret = CERT_SVC_ERR_NO_ROOT_CERT; - SLOGE("[ERR][%s] Fail to search root certificate\n", __func__); + SLOGE("[ERR][%s] Fail to search root certificate", __func__); goto err; } if(fileNames->filename == NULL) { - SLOGE("[ERR][%s] There is no CA certificate.\n", __func__); + SLOGE("[ERR][%s] There is no CA certificate.", __func__); ret = CERT_SVC_ERR_NO_ROOT_CERT; goto err; } CACert = (cert_svc_mem_buff*)malloc(sizeof(cert_svc_mem_buff)); if(CACert == NULL) { - SLOGE("[ERR][%s] Failed to allocate memory for ca cert.\n", __func__); + SLOGE("[ERR][%s] Failed to allocate memory for ca cert.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } memset(CACert, 0x00, sizeof(cert_svc_mem_buff)); // use the first found CA cert - ignore other certificate(s). assume that there is JUST one CA cert if((ret = cert_svc_util_load_file_to_buffer(fileNames->filename, CACert)) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to load CA cert to buffer.\n", __func__); + SLOGE("[ERR][%s] Fail to load CA cert to buffer.", __func__); goto err; } // ============================= @@ -1965,11 +1847,11 @@ int _check_ocsp_status(cert_svc_mem_buff* certBuf, cert_svc_linked_list** certLi parentCert = q->certificate; // OCSP Check if(CERT_SVC_ERR_NO_ERROR != (ret = _verify_ocsp(childCert, parentCert, uri, &ocspStatus))) { - SLOGE("[ERR][%s] Error Occurred during OCSP Checking.\n", __func__); + SLOGE("[ERR][%s] Error Occurred during OCSP Checking.", __func__); goto err; } if(ocspStatus != 0) { // CERT_SVC_OCSP_GOOD - SLOGE("[ERR][%s] Invalid Certificate OCSP Status. ocspStatus=%d.\n", __func__, ocspStatus); + SLOGE("[ERR][%s] Invalid Certificate OCSP Status. ocspStatus=%d.", __func__, ocspStatus); switch(ocspStatus) { case 0 : //OCSP_GOOD @@ -1996,7 +1878,7 @@ int _check_ocsp_status(cert_svc_mem_buff* certBuf, cert_svc_linked_list** certLi // Final OCSP Check parentCert = CACert; if(CERT_SVC_ERR_NO_ERROR != (ret = _verify_ocsp(childCert, parentCert, uri, &ocspStatus))) { - SLOGE("[ERR][%s] Error Occurred during OCSP Checking.\n", __func__); + SLOGE("[ERR][%s] Error Occurred during OCSP Checking.", __func__); goto err; } switch(ocspStatus) { @@ -2014,7 +1896,7 @@ int _check_ocsp_status(cert_svc_mem_buff* certBuf, cert_svc_linked_list** certLi break; } if(ret != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Invalid Certificate OCSP Status. ocspStatus=%d.\n", __func__, ocspStatus); + SLOGE("[ERR][%s] Invalid Certificate OCSP Status. ocspStatus=%d.", __func__, ocspStatus); goto err; } // ============================= @@ -2061,7 +1943,7 @@ int _verify_ocsp(cert_svc_mem_buff* child, cert_svc_mem_buff* parent, const char targetUrl = certAiaUrl; } if(targetUrl == NULL) { - SLOGE("[ERR][%s] No URI for OCSP.\n", __func__); + SLOGE("[ERR][%s] No URI for OCSP.", __func__); ret = CERT_SVC_ERR_OCSP_NO_SUPPORT; goto err; } @@ -2070,13 +1952,13 @@ int _verify_ocsp(cert_svc_mem_buff* child, cert_svc_mem_buff* parent, const char systemCerts = sk_X509_new_null(); ret = __loadSystemCerts(systemCerts) ; if(ret != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to extract certificate data\n", __func__); + SLOGE("[ERR][%s] Fail to extract certificate data", __func__); goto err; } // Do OCSP Check ret = __ocsp_verify(childCert, parentCert, systemCerts, targetUrl, ocspStatus); - SLOGD("[%s] OCSP Response. ocspstaus=%d, ret=%d.\n", __func__, *ocspStatus, ret); + SLOGD("[%s] OCSP Response. ocspstaus=%d, ret=%d.", __func__, *ocspStatus, ret); err: if(childData != NULL && *childData != NULL) @@ -2178,7 +2060,7 @@ int release_cert_list(cert_svc_linked_list* certList) while(1) { curCert = startCert; startCert = startCert->next; - + if(curCert->certificate != NULL) { if(curCert->certificate->data != NULL) { free(curCert->certificate->data); @@ -2234,33 +2116,65 @@ int release_filename_list(cert_svc_filename_list* fileNames) return ret; } - -void __print_finger_print(const unsigned char *fingerPrint, unsigned int length) +int get_visibility(CERT_CONTEXT* context, int* visibility) { - int i=0; - char buffer[21] = {0,}; + int ret = CERT_SVC_ERR_NO_ERROR; + unsigned char * cert = NULL; + int certSize = 0; + char *fingerprint = NULL; - for(; i<20; i++) - snprintf(buffer+i, 20, "%0X", fingerPrint[i]); + if(!context->certBuf) + { + SLOGE("certBuf is NULL!"); + return CERT_SVC_ERR_INVALID_PARAMETER; + } + if(!context->certBuf->size) + { + SLOGE("certBuf size is wrong"); + return CERT_SVC_ERR_INVALID_PARAMETER; + } + + cert = context->certBuf->data; + certSize = context->certBuf->size; - SLOGE("FingerPrint : %s", buffer); + if(cert == NULL || !certSize) + { + SLOGE("cert is or invalid!"); + return CERT_SVC_ERR_INVALID_CERTIFICATE; + } + + ret = get_certificate_fingerprint(cert, certSize, &fingerprint); + if(ret != CERT_SVC_ERR_NO_ERROR) + { + SLOGE("Failed to get fingerprint data! %d", ret); + return ret; + } + + ret = get_visibility_by_fingerprint(fingerprint, visibility); + if(ret != CERT_SVC_ERR_NO_ERROR) + { + SLOGE("Failed to get visibility! %d", ret); + return ret; + } + + return CERT_SVC_ERR_NO_ERROR; } -int get_visibility(CERT_CONTEXT* context, int* visibility) +int get_certificate_type(CERT_CONTEXT* context, int* cert_type) { int ret = CERT_SVC_ERR_NO_ERROR; unsigned char * cert = NULL; int certSize = 0; - unsigned char *fingerprint = NULL; + char *fingerprint = NULL; if(!context->certBuf) { - LOGE("certBuf is NULL!"); + SLOGE("certBuf is NULL!"); return CERT_SVC_ERR_INVALID_PARAMETER; } if(!context->certBuf->size) { - LOGE("certBuf size is wrong"); + SLOGE("certBuf size is wrong"); return CERT_SVC_ERR_INVALID_PARAMETER; } @@ -2269,7 +2183,7 @@ int get_visibility(CERT_CONTEXT* context, int* visibility) if(cert == NULL || !certSize) { - LOGE("cert is or invalid!"); + SLOGE("cert is or invalid!"); return CERT_SVC_ERR_INVALID_CERTIFICATE; } @@ -2279,8 +2193,8 @@ int get_visibility(CERT_CONTEXT* context, int* visibility) SLOGE("Failed to get fingerprint data! %d", ret); return ret; } - - ret = get_visibility_by_fingerprint(fingerprint, visibility); + + ret = get_type_by_fingerprint(fingerprint, cert_type); if(ret != CERT_SVC_ERR_NO_ERROR) { SLOGE("Failed to get visibility! %d", ret); @@ -2289,3 +2203,4 @@ int get_visibility(CERT_CONTEXT* context, int* visibility) return CERT_SVC_ERR_NO_ERROR; } + diff --git a/srcs/cert-service-store.c b/srcs/cert-service-store.c index 132dd6a..0749f25 100644 --- a/srcs/cert-service-store.c +++ b/srcs/cert-service-store.c @@ -38,11 +38,12 @@ int get_file_full_path(char* originalName, const char* location, char* outBuf) char pathLocation[CERT_SVC_MAX_FILE_NAME_SIZE]; char buf[CERT_SVC_MAX_FILE_NAME_SIZE]; char* token = NULL; + char* context = NULL; char seps[] = "_"; int nameSize = 0 ; if (originalName == NULL) { - SLOGE("[ERR][%s] Check your parameter. Maybe file path is NULL.\n", __func__); + SLOGE("[ERR][%s] Check your parameter. Maybe file path is NULL.", __func__); ret = CERT_SVC_ERR_INVALID_PARAMETER; goto err; } @@ -50,7 +51,7 @@ int get_file_full_path(char* originalName, const char* location, char* outBuf) nameSize = strlen(originalName); if (nameSize <= 0 || nameSize >= CERT_SVC_MAX_FILE_NAME_SIZE) { - SLOGE("[ERR][%s] Check your parameter. File path is too long.\n", __func__); + SLOGE("[ERR][%s] Check your parameter. File path is too long.", __func__); ret = CERT_SVC_ERR_INVALID_PARAMETER; goto err; } @@ -59,38 +60,36 @@ int get_file_full_path(char* originalName, const char* location, char* outBuf) memset(pathLocation, 0x00, sizeof(pathLocation)); if(location == NULL) { // use default path - strncpy(buf, CERT_SVC_STORE_PATH_DEFAULT, sizeof(buf) - 1); + strncpy(buf, CERTSVC_SSL_CERTS_DIR, sizeof(buf) - 1); } else { - int locSize = strlen(location) + strlen(CERT_SVC_STORE_PATH); + int locSize = strlen(location) + strlen(CERTSVC_DIR); if (locSize <= 0 || locSize >= CERT_SVC_MAX_FILE_NAME_SIZE) { - SLOGE("[ERR][%s] Check your parameter. Location is too long.\n", __func__); + SLOGE("[ERR][%s] Check your parameter. Location is too long.", __func__); ret = CERT_SVC_ERR_INVALID_PARAMETER; goto err; } strncpy(pathLocation, location, sizeof(pathLocation) - 1); - strncpy(buf, CERT_SVC_STORE_PATH, sizeof(buf) - 1); - - token = strtok(pathLocation, seps); - - while(token) { - if((strlen(buf) + strlen(token)) < (CERT_SVC_MAX_FILE_NAME_SIZE - 1)) { - strncat(buf, token, strlen(token)); - strncat(buf, "/", 1); - token = strtok(NULL, seps); - } - else { - ret = CERT_SVC_ERR_INVALID_PARAMETER; - goto err; - } + strncpy(buf, CERTSVC_DIR, sizeof(buf) - 1); + + token = strtok_r(pathLocation, seps, &context); + size_t sizeBuf = sizeof(buf); + while (token) { + if (sizeBuf < (strlen(buf) + strlen(token) + 2)) { + ret = CERT_SVC_ERR_MEMORY_ALLOCATION; + goto err; + } + strncat(buf, token, strlen(token)); + strncat(buf, "/", 1); + token = strtok_r(NULL, seps, &context); } } if ((nameSize + strlen(buf)) >= CERT_SVC_MAX_FILE_NAME_SIZE) { - SLOGE("[ERR][%s] Check your parameter. File path is too long.\n", __func__); + SLOGE("[ERR][%s] Check your parameter. File path is too long.", __func__); ret = CERT_SVC_ERR_INVALID_PARAMETER; goto err; } @@ -118,7 +117,7 @@ int _add_certificate_to_store(const char* filePath, const char* location) /* initialize variable */ fileFullPath = (char*)malloc(sizeof(char) * CERT_SVC_MAX_FILE_NAME_SIZE); if(fileFullPath == NULL) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } @@ -127,7 +126,7 @@ int _add_certificate_to_store(const char* filePath, const char* location) /* get real file name */ realFileName = strrchr(filePath, '/'); if(realFileName == NULL) { - SLOGE("[ERR][%s] File path MUST be absolute path\n", __func__); + SLOGE("[ERR][%s] File path MUST be absolute path", __func__); ret = CERT_SVC_ERR_FILE_IO; goto err; } @@ -137,12 +136,12 @@ int _add_certificate_to_store(const char* filePath, const char* location) /* file open and write */ if(!(fp_in = fopen(filePath, "rb"))) { - SECURE_SLOGE("[ERR][%s] Fail to open file, [%s]\n", __func__, filePath); + SECURE_SLOGE("[ERR][%s] Fail to open file, [%s]", __func__, filePath); ret = CERT_SVC_ERR_FILE_IO; goto err; } if(!(fp_out = fopen(fileFullPath, "wb"))) { - SECURE_SLOGE("[ERR][%s] Fail to open file, [%s]\n", __func__, fileFullPath); + SECURE_SLOGE("[ERR][%s] Fail to open file, [%s]", __func__, fileFullPath); if(errno == EACCES) ret = CERT_SVC_ERR_PERMISSION_DENIED; else @@ -151,25 +150,25 @@ int _add_certificate_to_store(const char* filePath, const char* location) } if((ret = cert_svc_util_get_file_size(filePath, &inFileLen)) != CERT_SVC_ERR_NO_ERROR) { - SECURE_SLOGE("[ERR][%s] Fail to get file size, [%s]\n", __func__, filePath); + SECURE_SLOGE("[ERR][%s] Fail to get file size, [%s]", __func__, filePath); goto err; } fileContent = (char*)malloc(sizeof(char) * (int)inFileLen); if(fileContent == NULL) { - SLOGE("[ERR][%s] Fail to allocate memory\n", __func__); + SLOGE("[ERR][%s] Fail to allocate memory", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } memset(fileContent, 0x00, inFileLen); if(fread(fileContent, sizeof(char), inFileLen, fp_in) != inFileLen) { - SECURE_SLOGE("[ERR][%s] Fail to read file, [%s]\n", __func__, filePath); + SECURE_SLOGE("[ERR][%s] Fail to read file, [%s]", __func__, filePath); ret = CERT_SVC_ERR_FILE_IO; goto err; } if(fwrite(fileContent, sizeof(char), inFileLen, fp_out) != inFileLen) { - SECURE_SLOGE("[ERR][%s] Fail to write file, [%s]\n", __func__, fileFullPath); + SECURE_SLOGE("[ERR][%s] Fail to write file, [%s]", __func__, fileFullPath); ret = CERT_SVC_ERR_FILE_IO; goto err; } @@ -196,7 +195,7 @@ int _delete_certificate_from_store(const char* fileName, const char* location) /* initialize variable */ fileFullPath = (char*)malloc(sizeof(char) * CERT_SVC_MAX_FILE_NAME_SIZE); if(fileFullPath == NULL) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } @@ -207,7 +206,7 @@ int _delete_certificate_from_store(const char* fileName, const char* location) /* delete designated certificate */ if(unlink(fileFullPath) == -1) { - SECURE_SLOGE("[ERR][%s] Fail to delete file, [%s]\n", __func__, fileName); + SECURE_SLOGE("[ERR][%s] Fail to delete file, [%s]", __func__, fileName); if(errno == EACCES) ret = CERT_SVC_ERR_PERMISSION_DENIED; else diff --git a/srcs/cert-service-util.c b/srcs/cert-service-util.c index af5ade7..21cdfff 100644 --- a/srcs/cert-service-util.c +++ b/srcs/cert-service-util.c @@ -44,7 +44,7 @@ #define ICERT_BODY_SUFIX "-----END TRUSTED CERTIFICATE-----" /* Tables for base64 operation */ -static const char base64Table[] = { +static const unsigned char base64Table[] = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', // 0 ~ 15 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', // 16 ~ 31 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', // 32 ~ 47 @@ -73,9 +73,9 @@ int get_content_into_buf_PEM(unsigned char* content, cert_svc_mem_buff* cert) { int ret = CERT_SVC_ERR_NO_ERROR; char *startPEM, *endPEM; + unsigned char* original = NULL; long size = 0; - char* original = NULL; - char* decoded = NULL; + unsigned char* decoded = NULL; int decodedSize = 0; int i = 0, j = 0; @@ -101,8 +101,8 @@ int get_content_into_buf_PEM(unsigned char* content, cert_svc_mem_buff* cert) size = (long)endPEM - (long)startPEM; } - if(!(original = (char*)malloc(sizeof(char) * (size + 1)))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); + if(!(original = (unsigned char *)malloc(sizeof(unsigned char) * (size + 1)))) { + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } @@ -113,28 +113,28 @@ int get_content_into_buf_PEM(unsigned char* content, cert_svc_mem_buff* cert) original[j++] = startPEM[i]; } - size = strlen(original); + size = strlen((char *)original); decodedSize = ((size / 4) * 3) + 1; - if(!(decoded = (char*)malloc(sizeof(char) * decodedSize))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); + if(!(decoded = (unsigned char *)malloc(sizeof(unsigned char) * decodedSize))) { + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } memset(decoded, 0x00, decodedSize); if((ret = cert_svc_util_base64_decode(original, size, decoded, &decodedSize)) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to base64 decode.\n", __func__); + SLOGE("[ERR][%s] Fail to base64 decode.", __func__); free(decoded); ret = CERT_SVC_ERR_INVALID_OPERATION; goto err; } - cert->data = (unsigned char*)decoded; + cert->data = decoded; cert->size = decodedSize; err: - if(original != NULL) - free(original); + free(original); + return ret; } @@ -145,7 +145,7 @@ int get_content_into_buf_DER(unsigned char* content, cert_svc_mem_buff* cert) certData = (unsigned char*)malloc(sizeof(unsigned char) * (cert->size)); if(certData == NULL) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } @@ -163,7 +163,7 @@ int cert_svc_util_get_file_size(const char* filepath, unsigned long int* length) FILE* fp_in = NULL; if(!(fp_in = fopen(filepath, "r"))) { - SECURE_SLOGE("[ERR][%s] Fail to open file, [%s]\n", __func__, filepath); + SLOGE("[ERR][%s] Fail to open file, [%s]", __func__, filepath); ret = CERT_SVC_ERR_FILE_IO; goto err; } @@ -185,7 +185,7 @@ int cert_svc_util_get_extension(const char* filePath, cert_svc_mem_buff* certBuf X509 *x = NULL; if ((in = fopen(filePath, "r")) == NULL) { - SECURE_SLOGE("[ERR] Error opening file %s\n", filePath); + SLOGE("[ERR] Error opening file %s", filePath); ret = CERT_SVC_ERR_FILE_IO; goto end; } @@ -209,7 +209,7 @@ int cert_svc_util_get_extension(const char* filePath, cert_svc_mem_buff* certBuf goto end; } - SECURE_SLOGE("[ERR] Unknown file type: %s\n", filePath); + SLOGE("[ERR] Unknown file type: %s", filePath); ret = CERT_SVC_ERR_FILE_IO; end: @@ -231,34 +231,35 @@ int cert_svc_util_load_file_to_buffer(const char* filePath, cert_svc_mem_buff* c /* get file size */ if((ret = cert_svc_util_get_file_size(filePath, &fileSize)) != CERT_SVC_ERR_NO_ERROR) { - SECURE_SLOGE("[ERR][%s] Fail to get file size, [%s]\n", __func__, filePath); + SLOGE("[ERR][%s] Fail to get file size, [%s]", __func__, filePath); goto err; } certBuf->size = fileSize; /* open file and write to buffer */ if(!(fp_in = fopen(filePath, "rb"))) { - SECURE_SLOGE("[ERR][%s] Fail to open file, [%s]\n", __func__, filePath); + SLOGE("[ERR][%s] Fail to open file, [%s]", __func__, filePath); ret = CERT_SVC_ERR_FILE_IO; goto err; } if(!(content = (unsigned char*)malloc(sizeof(unsigned char) * (unsigned int)(fileSize + 1)))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } memset(content, 0x00, (fileSize + 1)); //ensuring that content[] will be NULL terminated if(fread(content, sizeof(unsigned char), fileSize, fp_in) != fileSize) { - SECURE_SLOGE("[ERR][%s] Fail to read file, [%s]\n", __func__, filePath); + SLOGE("[ERR][%s] Fail to read file, [%s]", __func__, filePath); ret = CERT_SVC_ERR_FILE_IO; goto err; } + content[fileSize] = 0; // insert null on the end to make null-terminated string /* find out certificate type */ memset(certBuf->type, 0x00, 4); if (cert_svc_util_get_extension(filePath, certBuf) != CERT_SVC_ERR_NO_ERROR) { - SECURE_SLOGE("[ERR] cert_svc_util_get_extension failed to identify %s\n", filePath); + SLOGE("[ERR] cert_svc_util_get_extension failed to identify %s", filePath); ret = CERT_SVC_ERR_FILE_IO; goto err; } @@ -266,13 +267,13 @@ int cert_svc_util_load_file_to_buffer(const char* filePath, cert_svc_mem_buff* c /* load file into buffer */ if(!strncmp(certBuf->type, "PEM", sizeof(certBuf->type))) { // PEM format if((ret = get_content_into_buf_PEM(content, certBuf)) != CERT_SVC_ERR_NO_ERROR) { - SECURE_SLOGE("[ERR][%s] Fail to load file to buffer, [%s]\n", __func__, filePath); + SLOGE("[ERR][%s] Fail to load file to buffer, [%s]", __func__, filePath); goto err; } } else if(!strncmp(certBuf->type, "DER", sizeof(certBuf->type))) { // DER format if((ret = get_content_into_buf_DER(content, certBuf)) != CERT_SVC_ERR_NO_ERROR) { - SECURE_SLOGE("[ERR][%s] Fail to load file to buffer, [%s]\n", __func__, filePath); + SLOGE("[ERR][%s] Fail to load file to buffer, [%s]", __func__, filePath); goto err; } } @@ -297,12 +298,12 @@ int push_cert_into_linked_list(cert_svc_linked_list** certLink, X509* popedCert) int certLen = 0; if(!(newNode = (cert_svc_linked_list*)malloc(sizeof(cert_svc_linked_list)))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } if(!(newNode->certificate = (cert_svc_mem_buff*)malloc(sizeof(cert_svc_mem_buff)))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); free(newNode); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; @@ -310,13 +311,13 @@ int push_cert_into_linked_list(cert_svc_linked_list** certLink, X509* popedCert) /* get certificate data and store in certLink */ if((certLen = i2d_X509(popedCert, NULL)) < 0) { - SLOGE("[ERR][%s] Fail to convert certificate.\n", __func__); + SLOGE("[ERR][%s] Fail to convert certificate.", __func__); release_cert_list(newNode); ret = CERT_SVC_ERR_INVALID_OPERATION; goto err; } if(!(bufCert = (unsigned char*)malloc(sizeof(unsigned char) * certLen))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; release_cert_list(newNode); goto err; @@ -326,6 +327,7 @@ int push_cert_into_linked_list(cert_svc_linked_list** certLink, X509* popedCert) newNode->certificate->data = bufCert; newNode->certificate->size = certLen; + newNode->next = NULL; if(NULL == *certLink) { // first item *certLink = newNode; @@ -365,19 +367,19 @@ int cert_svc_util_load_PFX_file_to_buffer(const char* filePath, cert_svc_mem_buf /* open file and write to buffer */ if(!(fp_in = fopen(filePath, "rb"))) { - SECURE_SLOGE("[ERR][%s] Fail to open file, [%s]\n", __func__, filePath); + SLOGE("[ERR][%s] Fail to open file, [%s]", __func__, filePath); ret = CERT_SVC_ERR_FILE_IO; goto err; } if(!(p12 = d2i_PKCS12_fp(fp_in, NULL))) { - SLOGE("[ERR][%s] Fail to get certificate data.\n", __func__); + SLOGE("[ERR][%s] Fail to get certificate data.", __func__); ret = CERT_SVC_ERR_INVALID_CERTIFICATE; goto err; } /* parse PKCS#12 certificate */ if((ret = PKCS12_parse(p12, passPhrase, &pkey, &cert, &ca)) != 1) { - SLOGE("[ERR][%s] Fail to parse PKCS#12 certificate.\n", __func__); + SLOGE("[ERR][%s] Fail to parse PKCS#12 certificate.", __func__); ret = CERT_SVC_ERR_INVALID_OPERATION; goto err; } @@ -388,12 +390,12 @@ int cert_svc_util_load_PFX_file_to_buffer(const char* filePath, cert_svc_mem_buf /* load certificate into buffer */ if((certLen = i2d_X509(cert, NULL)) < 0) { - SLOGE("[ERR][%s] Fail to convert certificate.\n", __func__); + SLOGE("[ERR][%s] Fail to convert certificate.", __func__); ret = CERT_SVC_ERR_INVALID_OPERATION; goto err; } if(!(bufCert = (unsigned char*)malloc(sizeof(unsigned char) * certLen))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } @@ -405,13 +407,13 @@ int cert_svc_util_load_PFX_file_to_buffer(const char* filePath, cert_svc_mem_buf /* load private key into buffer */ if((prikeyLen = i2d_PrivateKey(pkey, NULL)) < 0) { - SLOGE("[ERR][%s] Fail to convert private key.\n", __func__); + SLOGE("[ERR][%s] Fail to convert private key.", __func__); ret = CERT_SVC_ERR_INVALID_OPERATION; goto err; } - SLOGE("[LOG] private key length: [%d]\n", prikeyLen); + SLOGE("[LOG] private key length: [%d]", prikeyLen); if(!(bufPrikey = (unsigned char*)malloc(sizeof(unsigned char) * prikeyLen))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } @@ -424,7 +426,7 @@ int cert_svc_util_load_PFX_file_to_buffer(const char* filePath, cert_svc_mem_buf /* load ca certificates(if exists) into buffer */ while((popedCert = sk_X509_pop(ca)) != NULL) { if((ret = push_cert_into_linked_list(certLink, popedCert)) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to make linked list.\n", __func__); + SLOGE("[ERR][%s] Fail to make linked list.", __func__); goto err; } } @@ -440,20 +442,20 @@ err: EVP_PKEY_free(pkey); if(ca != NULL) sk_X509_pop_free(ca, X509_free); - EVP_cleanup(); + //EVP_cleanup(); return ret; } CERT_SVC_API -int cert_svc_util_base64_encode(char* in, int inLen, char* out, int* outLen) +int cert_svc_util_base64_encode(const unsigned char *in, int inLen, unsigned char *out, int *outLen) { int ret = CERT_SVC_ERR_NO_ERROR; int inputLen = 0, i = 0; - char* cur = NULL; + const unsigned char *cur = NULL; if((in == NULL) || (inLen < 1)) { - SLOGE("[ERR][%s] Check your parameter.\n", __func__); + SLOGE("[ERR][%s] Check your parameter.", __func__); ret = CERT_SVC_ERR_INVALID_PARAMETER; goto err; } @@ -493,16 +495,17 @@ int cert_svc_util_base64_encode(char* in, int inLen, char* out, int* outLen) err: return ret; } + CERT_SVC_API -int cert_svc_util_base64_decode(char* in, int inLen, char* out, int* outLen) +int cert_svc_util_base64_decode(const unsigned char *in, int inLen, unsigned char *out, int* outLen) { int ret = CERT_SVC_ERR_NO_ERROR; int inputLen = 0, i = 0, j = 0, tail = 0; - char* cur = NULL; - char tmpBuf[4]; + const unsigned char *cur = NULL; + unsigned char tmpBuf[4]; if((in == NULL) || (inLen < 1)) { - SLOGE("[ERR][%s] Check your parameter.\n", __func__); + SLOGE("[ERR][%s] Check your parameter.", __func__); ret = CERT_SVC_ERR_INVALID_PARAMETER; goto err; } @@ -519,7 +522,7 @@ int cert_svc_util_base64_decode(char* in, int inLen, char* out, int* outLen) tmpBuf[j] = 0x00; } else - tmpBuf[j] = base64DecodeTable[(int)cur[j]]; + tmpBuf[j] = (unsigned char)base64DecodeTable[(int)cur[j]]; } out[i++] = ((tmpBuf[0] & 0x3f) << 2) + ((tmpBuf[1] & 0x30) >> 4); @@ -542,17 +545,17 @@ err: // fingerprint format - AA:BB:CC:DD:EE... // cert - der(binary) format -int get_certificate_fingerprint(const char *cert, int cert_size, unsigned char** fingerprint) +int get_certificate_fingerprint(const unsigned char *cert, int cert_size, char** fingerprint) { X509* x509Cert = NULL; - unsigned char x509_fingerprint[EVP_MAX_MD_SIZE] = {0,}; - char* uniformedFingerprint[EVP_MAX_MD_SIZE *3] = {0,}; + unsigned char x509_fingerprint[EVP_MAX_MD_SIZE] = {0}; + char uniformedFingerprint[EVP_MAX_MD_SIZE * 3] = {0}; int fp_len = 0; - int i = 0; - char buff[8] = {0,}; - int x509_length = 0; + char buff[8] = {0}; + unsigned int x509_length = 0; + unsigned int i = 0; - if(d2i_X509(&x509Cert, &cert, cert_size) == NULL) + if(!d2i_X509(&x509Cert, &cert, cert_size)) { SLOGE("d2i_x509 failed!"); *fingerprint = NULL; @@ -567,15 +570,15 @@ int get_certificate_fingerprint(const char *cert, int cert_size, unsigned char** return CERT_SVC_ERR_INVALID_CERTIFICATE; } - for(i=0; i < x509_length; i++) + for(i = 0; i < x509_length; i++) { snprintf(buff, sizeof(buff), "%02X:", x509_fingerprint[i]); strncat(uniformedFingerprint, buff, 3); } - uniformedFingerprint[x509_length*3-1] = 0; // remove last : + uniformedFingerprint[x509_length * 3 - 1] = 0; // remove last : fp_len = strlen(uniformedFingerprint); - *fingerprint = (char*)calloc(sizeof(char),fp_len + 1); + *fingerprint = (char*)calloc(sizeof(char), fp_len + 1); if(*fingerprint == NULL) { SLOGE("Failed to allocate memory"); @@ -584,9 +587,9 @@ int get_certificate_fingerprint(const char *cert, int cert_size, unsigned char** return CERT_SVC_ERR_MEMORY_ALLOCATION; } - memcpy(*fingerprint, uniformedFingerprint, fp_len-1); + memcpy(*fingerprint, uniformedFingerprint, fp_len + 1); - LOGD("fingerprint : %s", *fingerprint); + SLOGD("fingerprint : %s", *fingerprint); X509_free(x509Cert); @@ -595,31 +598,25 @@ int get_certificate_fingerprint(const char *cert, int cert_size, unsigned char** int get_visibility_by_fingerprint(const char* fingerprint, int* visibility) { - LOGD("fingerprint : %s", fingerprint); + SLOGD("fingerprint : %s", fingerprint); int ret = 0; - xmlChar *xmlPathCertificateSet = (xmlChar*) "CertificateSet"; - xmlChar *xmlPathCertificateDomain = (xmlChar*) "CertificateDomain";// name=\"tizen-platform\""; xmlChar *xmlPathDomainPlatform = (xmlChar*) "tizen-platform"; xmlChar *xmlPathDomainPublic = (xmlChar*) "tizen-public"; xmlChar *xmlPathDomainPartner = (xmlChar*) "tizen-partner"; xmlChar *xmlPathDomainDeveloper = (xmlChar*) "tizen-developer"; - xmlChar *xmlPathDomainTest = (xmlChar*) "tizen-test"; - xmlChar *xmlPathDomainVerify = (xmlChar*) "tizen-verify"; - xmlChar *xmlPathFingerPrintSHA1 = (xmlChar*) "FingerprintSHA1"; /* load file */ - xmlDocPtr doc = xmlParseFile(tzplatform_mkpath(TZ_SYS_SHARE, "ca-certificates/fingerprint/fingerprint_list.xml")); - + xmlDocPtr doc = xmlParseFile(FINGERPRINT_LIST_PATH); if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)) { - LOGE("Failed to prase fingerprint_list.xml"); + SLOGE("Failed to prase fingerprint_list.xml"); return CERT_SVC_ERR_FILE_IO; } xmlNodePtr curPtr = xmlFirstElementChild(xmlDocGetRootElement(doc)); if(curPtr == NULL) { - LOGE("Can not find root"); + SLOGE("Can not find root"); xmlFreeDoc(doc); return CERT_SVC_ERR_FILE_IO; } @@ -629,26 +626,29 @@ int get_visibility_by_fingerprint(const char* fingerprint, int* visibility) xmlAttr* attr = curPtr->properties; if(!attr->children || !attr->children->content) { - LOGE("Failed to get fingerprints from list"); + SLOGE("Failed to get fingerprints from list"); ret = CERT_SVC_ERR_NO_ROOT_CERT; goto out; } xmlChar* strLevel = attr->children->content; xmlNodePtr FpPtr = xmlFirstElementChild(curPtr); + + /* if(FpPtr == NULL) { - LOGE("Could not find fingerprint"); + SLOGE("Could not find fingerprint"); ret = CERT_SVC_ERR_NO_ROOT_CERT; goto out; } + */ while(FpPtr) { xmlChar *content = xmlNodeGetContent(FpPtr); if(xmlStrcmp(content, (xmlChar*)fingerprint) == 0) { - LOGD("fingerprint : %s are %s", content, strLevel); + SLOGD("fingerprint : %s are %s", content, strLevel); if(!xmlStrcmp(strLevel, xmlPathDomainPlatform)){ *visibility = CERT_SVC_VISIBILITY_PLATFORM; ret = CERT_SVC_ERR_NO_ERROR; @@ -665,17 +665,80 @@ int get_visibility_by_fingerprint(const char* fingerprint, int* visibility) goto out; } else if(!xmlStrcmp(strLevel, xmlPathDomainDeveloper)){ - *visibility = CERT_SVC_VISIBILITY_DEVELOPER; + *visibility = CERT_SVC_VISIBILITY_DEVELOPER; ret = CERT_SVC_ERR_NO_ERROR; goto out; } - else if(!xmlStrcmp(strLevel, xmlPathDomainTest)){ - *visibility = CERT_SVC_VISIBILITY_TEST; + } + FpPtr = xmlNextElementSibling(FpPtr); + } + curPtr = xmlNextElementSibling(curPtr); + } + + SLOGE("Could not find fingerrpint"); + + xmlFreeDoc(doc); + return CERT_SVC_ERR_NO_ROOT_CERT; + +out: + xmlFreeDoc(doc); + return ret; +} + +int get_type_by_fingerprint(const char* fingerprint, int* cert_type) +{ + int ret = CERT_SVC_ERR_NO_ERROR; + xmlChar *xmlPathDomainTest = (xmlChar*) "tizen-test"; + xmlChar *xmlPathDomainVerify = (xmlChar*) "tizen-verify"; + xmlChar *xmlPathDomainStore = (xmlChar*) "tizen-store"; + + /* load file */ + xmlDocPtr doc = xmlParseFile(FINGERPRINT_LIST_PATH); + if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)) + { + SLOGE("Failed to prase fingerprint_list.xml"); + return CERT_SVC_ERR_FILE_IO; + } + + xmlNodePtr curPtr = xmlFirstElementChild(xmlDocGetRootElement(doc)); + if(curPtr == NULL) + { + SLOGE("Can not find root"); + xmlFreeDoc(doc); + return CERT_SVC_ERR_FILE_IO; + } + + while(curPtr != NULL) + { + xmlAttr* attr = curPtr->properties; + if(!attr->children || !attr->children->content) + { + SLOGE("Failed to get fingerprints from list"); + ret = CERT_SVC_ERR_NO_ROOT_CERT; + goto out; + } + + xmlChar* strLevel = attr->children->content; + xmlNodePtr FpPtr = xmlFirstElementChild(curPtr); + + while(FpPtr) + { + xmlChar *content = xmlNodeGetContent(FpPtr); + if(xmlStrcmp(content, (xmlChar*)fingerprint) == 0) + { + SLOGD("fingerprint : %s matched %s", content, strLevel); + if(!xmlStrcmp(strLevel, xmlPathDomainTest)){ + *cert_type = CERT_SVC_TYPE_TEST; ret = CERT_SVC_ERR_NO_ERROR; goto out; } else if(!xmlStrcmp(strLevel, xmlPathDomainVerify)){ - *visibility = CERT_SVC_VISIBILITY_VERIFY; + *cert_type = CERT_SVC_TYPE_VERIFY; + ret = CERT_SVC_ERR_NO_ERROR; + goto out; + } + else if(!xmlStrcmp(strLevel, xmlPathDomainStore)){ + *cert_type = CERT_SVC_TYPE_STORE; ret = CERT_SVC_ERR_NO_ERROR; goto out; } @@ -685,8 +748,10 @@ int get_visibility_by_fingerprint(const char* fingerprint, int* visibility) curPtr = xmlNextElementSibling(curPtr); } + SLOGD("Could not find fingerprint"); xmlFreeDoc(doc); - return CERT_SVC_ERR_NO_ROOT_CERT; + *cert_type = CERT_SVC_TYPE_NO_TYPE; + return CERT_SVC_ERR_NO_ERROR; out: xmlFreeDoc(doc); @@ -695,7 +760,7 @@ out: // expect input cert data is base64 encoded format -int get_visibility_by_certificate(const char* cert_data, int data_len, int* visibility) +int get_visibility_by_certificate(const unsigned char *cert_data, int data_len, int* visibility) { if(!cert_data || !data_len) { @@ -703,11 +768,11 @@ int get_visibility_by_certificate(const char* cert_data, int data_len, int* visi } int decodedSize = ((data_len / 4) * 3) + 1; - char* decoded = NULL; - char* fingerprint = NULL; + unsigned char *decoded = NULL; + char *fingerprint = NULL; int ret = CERT_SVC_ERR_NO_ERROR; - if(!(decoded = (char*)malloc(sizeof(char) * decodedSize))) { + if(!(decoded = (unsigned char *)malloc(sizeof(unsigned char) * decodedSize))) { SLOGE("Fail to allocate memory."); return CERT_SVC_ERR_MEMORY_ALLOCATION; } @@ -723,14 +788,14 @@ int get_visibility_by_certificate(const char* cert_data, int data_len, int* visi ret = get_certificate_fingerprint(decoded, decodedSize, &fingerprint); if(ret != CERT_SVC_ERR_NO_ERROR) { - LOGE("Can not get fingerprint! %d", ret); + SLOGE("Can not get fingerprint! %d", ret); return ret; } - + ret = get_visibility_by_fingerprint(fingerprint, visibility); if(ret != CERT_SVC_ERR_NO_ERROR) { - LOGE("Can not find visibility %d", ret); + SLOGE("Can not find visibility %d", ret); return ret; } diff --git a/srcs/cert-service.c b/srcs/cert-service.c index c073c7a..a45f1fe 100644 --- a/srcs/cert-service.c +++ b/srcs/cert-service.c @@ -1,7 +1,7 @@ /* * certification service * - * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved * * Contact: Kidong Kim <kd0228.kim@samsung.com> * @@ -19,12 +19,12 @@ * */ -#include <stdio.h> #include <string.h> #include <stdlib.h> #include <errno.h> #include <unistd.h> -#include <tzplatform_config.h> +#include <dlfcn.h> +#include <fcntl.h> #include "cert-service.h" #include "cert-service-util.h" @@ -32,94 +32,99 @@ #include "cert-service-store.h" #include "cert-service-process.h" -/* Set visibility */ #ifndef CERT_SVC_API #define CERT_SVC_API __attribute__((visibility("default"))) #endif -#define CRT_FILE_PATH tzplatform_mkpath(TZ_USER_SHARE, "certs/ca-certificate.crt") +#define AUTHOR_SIGNATURE "author-signature.xml" +#define DISTRIBUTOR_SIGNATURE "signature1.xml" -CERT_SVC_API -int cert_svc_add_certificate_to_store(const char* filePath, const char* location) +int __is_certified_device(const unsigned char* cert, int certSize) { - int ret = CERT_SVC_ERR_NO_ERROR; - char _filePath[CERT_SVC_MAX_FILE_NAME_SIZE]; - int pathSize = 0; + int (*CheckFunc)(const unsigned char *, int) = NULL; + int (*CheckFile)(void) = NULL; + void *handle = NULL; + int result; + unsigned char *base64cert = NULL; + int base64certSize = 0; - if(filePath == NULL) { - SLOGE("[ERR][%s] Check your parameter. Maybe file path is NULL.\n", __func__); - ret = CERT_SVC_ERR_INVALID_PARAMETER; - goto err; + handle = dlopen("libcert-svc-vcore.so", RTLD_LAZY | RTLD_GLOBAL); + if (!handle) { + SLOGE("Failed to open notification binary"); + return 0; } - pathSize = strlen(filePath); - - if (pathSize <= 0 || pathSize >= CERT_SVC_MAX_FILE_NAME_SIZE) { - SLOGE("[ERR][%s] Check your parameter. Maybe file path is NULL.\n", __func__); - ret = CERT_SVC_ERR_INVALID_PARAMETER; - goto err; + CheckFile = (int(*)(void))(dlsym(handle, "CheckProfileFile")); + if (!CheckFile) { + SLOGE("Failed to open symbol CheckProfileFile"); + result = 0; + goto err; } - memset(_filePath, 0x0, sizeof(_filePath)); - - if(filePath[0] != '/') { // not absolute path, this is regarded relative file path - if (getcwd(_filePath, sizeof(_filePath))) { - int cwdSize = 0; - //just in case - _filePath[sizeof(_filePath) - 1] = '\0'; - - cwdSize = strlen(_filePath); - - if (cwdSize <=0 || (cwdSize + pathSize + 1) >= CERT_SVC_MAX_FILE_NAME_SIZE) { - SLOGE("[ERR][%s] Check your parameter. Maybe file path is NULL.\n", __func__); - ret = CERT_SVC_ERR_INVALID_OPERATION; - goto err; - } + result = CheckFile(); + if (!result){ + SLOGD("checking file. device profile dose not exist."); + result = -1; + goto err; + } - strncat(_filePath, "/", 1); - strncat(_filePath, filePath, pathSize); + base64cert = (unsigned char *)calloc(certSize*2, 1); + if (!base64cert) { + result = 0; + goto err; + } + cert_svc_util_base64_encode(cert, certSize, base64cert, &base64certSize); - } else { - SLOGE("[ERR][%s] Check your parameter. Maybe file path is NULL.\n", __func__); - ret = CERT_SVC_ERR_INVALID_OPERATION; - goto err; - } - } - else { - strncpy(_filePath, filePath, pathSize); + CheckFunc = (int(*)(const unsigned char *, int))(dlsym(handle, "CheckDevice")); + if (!CheckFunc) { + SLOGE("Failed to open symbol CheckDevice"); + result = 0; + goto err_ret_after_free; } - ret = _add_certificate_to_store(_filePath, location); + result = CheckFunc(base64cert, base64certSize); + SLOGD("Result of checking device : %d", result); - if(ret != CERT_SVC_ERR_NO_ERROR) { - SECURE_SLOGE("[ERR][%s] Fail to store certificate, [%s]\n", __func__, _filePath); - goto err; - } - SECURE_SLOGD("[%s] Success to add certificate [%s].\n", __func__, filePath); +err_ret_after_free: + free(base64cert); err: - return ret; + dlclose(handle); + return result; } -CERT_SVC_API -int cert_svc_delete_certificate_from_store(const char* fileName, const char* location) +int cert_svc_get_certificate_type(CERT_CONTEXT *ctx, int* cert_type) { + CERT_CONTEXT* context = NULL; int ret = CERT_SVC_ERR_NO_ERROR; - if((fileName == NULL) || (fileName[0] == '/')) { - SLOGE("[ERR][%s] Check your parameter. Maybe file name is NULL or is not single name.\n", __func__); - ret = CERT_SVC_ERR_INVALID_PARAMETER; - goto err; + if (!ctx || !cert_type) { + SLOGE("Invalid prameters"); + return CERT_SVC_ERR_INVALID_PARAMETER; } - ret = _delete_certificate_from_store(fileName, location); - if(ret != CERT_SVC_ERR_NO_ERROR) { - SECURE_SLOGE("[ERR][%s] Fail to delete certificate, [%s]\n", __func__, fileName); - goto err; + if (!ctx->fileNames || !ctx->fileNames->filename) { + SLOGE("Can not find root certificate path"); + return CERT_SVC_ERR_INVALID_PARAMETER; } - SECURE_SLOGD("[%s] Success to delete certificate [%s].\n", __func__, fileName); -err: + context = cert_svc_cert_context_init(); + if (!context) { + SLOGE("Out of memory"); + return CERT_SVC_ERR_MEMORY_ALLOCATION; + } + + ret = cert_svc_load_file_to_context(context, ctx->fileNames->filename); + if (ret != CERT_SVC_ERR_NO_ERROR) { + SLOGE("failed to load root certficiate"); + cert_svc_cert_context_final(context); + return CERT_SVC_ERR_INVALID_CERTIFICATE; + } + + ret = get_certificate_type(context, cert_type); + + cert_svc_cert_context_final(context); + return ret; } @@ -127,55 +132,198 @@ int _cert_svc_verify_certificate_with_caflag(CERT_CONTEXT* ctx, int checkCAFlag, { int ret = CERT_SVC_ERR_NO_ERROR; - if((ctx == NULL) || (ctx->certBuf == NULL)) { - SLOGE("[ERR][%s] Check your parameter. Cannot find certificate.\n", __func__); - ret = CERT_SVC_ERR_INVALID_PARAMETER; - goto err; - } - if(ctx->fileNames != NULL) { - SLOGE("[ERR][%s] Check your parameter. fileNames field is NOT NULL.\n", __func__); - ret = CERT_SVC_ERR_INVALID_PARAMETER; - goto err; + int cert_type = 0; + unsigned char *cert = NULL; + int size=0; + int result = 0; + + if (!ctx || !ctx->certBuf || !ctx->certLink || !ctx->certLink->certificate || ctx->fileNames) { + SLOGE("[ERR][%s] Check your parameter. Cannot find certificate.", __func__); + return CERT_SVC_ERR_INVALID_PARAMETER; } - /* memory allocation for root file path */ + size = ctx->certLink->certificate->size; + cert = (unsigned char *)calloc(size, 1); + if (!cert) + return CERT_SVC_ERR_MEMORY_ALLOCATION; + + memcpy(cert, ctx->certLink->certificate->data, size); + if(!(ctx->fileNames = (cert_svc_filename_list*)malloc(sizeof(cert_svc_filename_list)))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } if(!(ctx->fileNames->filename = (char*)malloc(sizeof(char) * CERT_SVC_MAX_FILE_NAME_SIZE))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); ret = CERT_SVC_ERR_MEMORY_ALLOCATION; goto err; } memset(ctx->fileNames->filename, 0x00, CERT_SVC_MAX_FILE_NAME_SIZE); ctx->fileNames->next = NULL; - /* call verify function */ if((ret = _verify_certificate_with_caflag(ctx->certBuf, &(ctx->certLink), checkCAFlag, ctx->fileNames, validity)) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to verify certificate.\n", __func__); + SLOGE("[ERR][%s] Fail to verify certificate.", __func__); goto err; } - SLOGD("[%s] Success to verify certificate.\n", __func__); + SECURE_LOGD("root cert path : %s", ctx->fileNames->filename); + ret = cert_svc_get_certificate_type(ctx, &cert_type); + if (ret != CERT_SVC_ERR_NO_ERROR) { + SLOGE("failed to cert_svc_get_certificate_type"); + goto err; + } + + SLOGD("cert_type = %d", cert_type); + if (cert_type == CERT_SVC_TYPE_TEST) { + SLOGD("Checking DUID"); + result = __is_certified_device(cert, size); + + if (result == -1){ + SLOGE("Device profile file does not exist in Device."); + ret = CERT_SVC_ERR_INVALID_NO_DEVICE_PROFILE; + goto err; + } else if (result == 0) { + SLOGE("Device Unique ID (DUID) is not registered."); + ret = CERT_SVC_ERR_INVALID_DEVICE_UNIQUE_ID; + goto err; + } + } + + SLOGD("[%s] Success to verify certificate.", __func__); err: + free(cert); return ret; } + + CERT_SVC_API -int cert_svc_verify_certificate(CERT_CONTEXT* ctx, int* validity) +int cert_svc_add_certificate_to_store(const char* filePath, const char* location) { + int ret = CERT_SVC_ERR_NO_ERROR; + char _filePath[CERT_SVC_MAX_FILE_NAME_SIZE]; + int pathSize = 0; + + if (!filePath) { + SLOGE("[ERR][%s] Check your parameter. Maybe file path is NULL.", __func__); + return CERT_SVC_ERR_INVALID_PARAMETER; + } + + pathSize = strlen(filePath); + + if (pathSize <= 0 || pathSize >= CERT_SVC_MAX_FILE_NAME_SIZE) { + SLOGE("[ERR][%s] Check your parameter. Maybe file path is NULL.", __func__); + return CERT_SVC_ERR_INVALID_PARAMETER; + } + + memset(_filePath, 0x0, sizeof(_filePath)); + + if (filePath[0] != '/') { // not absolute path, this is regarded relative file path + if (!getcwd(_filePath, sizeof(_filePath))) { + SLOGE("[ERR][%s] Check your parameter. Maybe file path is NULL.", __func__); + return CERT_SVC_ERR_INVALID_OPERATION; + } + + int cwdSize = 0; + _filePath[sizeof(_filePath) - 1] = '\0'; + + cwdSize = strlen(_filePath); + + if (cwdSize <=0 || (cwdSize + pathSize + 1) >= CERT_SVC_MAX_FILE_NAME_SIZE) { + SLOGE("[ERR][%s] Check your parameter. Maybe file path is NULL.", __func__); + return CERT_SVC_ERR_INVALID_OPERATION; + } + + strncat(_filePath, "/", 1); + strncat(_filePath, filePath, pathSize); + } else { + strncpy(_filePath, filePath, pathSize); + } + + ret = _add_certificate_to_store(_filePath, location); + + if (ret != CERT_SVC_ERR_NO_ERROR) { + SLOGE("[ERR][%s] Fail to store certificate, [%s]", __func__, _filePath); + return ret; + } + SLOGD("[%s] Success to add certificate [%s].", __func__, filePath); + + return CERT_SVC_ERR_NO_ERROR; +} + +CERT_SVC_API +int cert_svc_delete_certificate_from_store(const char* fileName, const char* location) +{ + int ret = CERT_SVC_ERR_NO_ERROR; + + if (!fileName || fileName[0] == '/') { + SLOGE("[ERR][%s] Check your parameter. Maybe file name is NULL or is not single name.", __func__); + return CERT_SVC_ERR_INVALID_PARAMETER; + } + + ret = _delete_certificate_from_store(fileName, location); + if (ret != CERT_SVC_ERR_NO_ERROR) { + SLOGE("[ERR][%s] Fail to delete certificate, [%s]", __func__, fileName); + return ret; + } + + SLOGD("[%s] Success to delete certificate [%s].", __func__, fileName); + + return CERT_SVC_ERR_NO_ERROR; +} + + +CERT_SVC_API +int cert_svc_verify_package_certificate(CERT_CONTEXT* ctx, int* validity, const char* signatureFile) +{ + SLOGD("cert_svc_verify_package_certificate"); int ca_cflag_check_false = 0; - return _cert_svc_verify_certificate_with_caflag(ctx, ca_cflag_check_false, validity); + + int ret = _cert_svc_verify_certificate_with_caflag(ctx, ca_cflag_check_false, validity); + if (ret != CERT_SVC_ERR_NO_ERROR) + return ret; + + int visibility = 0; + ret = cert_svc_get_visibility(ctx, &visibility); + if (ret != CERT_SVC_ERR_NO_ERROR) + return ret; + + char* sig_file_name = NULL; + if ((sig_file_name = strstr(signatureFile, AUTHOR_SIGNATURE))) { + SLOGD("signature file : %s %d", sig_file_name, visibility); + if (strncmp(sig_file_name, AUTHOR_SIGNATURE, strlen(sig_file_name)) == 0) { + if (visibility != CERT_SVC_VISIBILITY_DEVELOPER) { + SLOGE("Author signature signed as distributor signature. Invalid!"); + *validity = 0; + return CERT_SVC_ERR_IN_AUTHOR_CASE_DISTRIBUTOR_CERT; + } + } + } else if ((sig_file_name = strstr(signatureFile, DISTRIBUTOR_SIGNATURE))) { + SLOGD("signature file : %s %d", sig_file_name, visibility); + if (strncmp(sig_file_name, DISTRIBUTOR_SIGNATURE, strlen(sig_file_name)) == 0) { + if (visibility == CERT_SVC_VISIBILITY_DEVELOPER) { + SLOGE("Distributor signature signed as author signature. Invalid!"); + *validity = 0; + return CERT_SVC_ERR_IN_DISTRIBUTOR_CASE_AUTHOR_CERT; + } + } + } + + return CERT_SVC_ERR_NO_ERROR; +} + +CERT_SVC_API +int cert_svc_verify_certificate(CERT_CONTEXT* ctx, int* validity) +{ + return _cert_svc_verify_certificate_with_caflag(ctx, 0, validity); } CERT_SVC_API int cert_svc_verify_certificate_with_caflag(CERT_CONTEXT* ctx, int* validity) { - int ca_cflag_check_true = 1; - return _cert_svc_verify_certificate_with_caflag(ctx, ca_cflag_check_true, validity); + return _cert_svc_verify_certificate_with_caflag(ctx, 1, validity); } /* @@ -187,20 +335,19 @@ int cert_svc_verify_signature(CERT_CONTEXT* ctx, unsigned char* message, int msg { int ret = CERT_SVC_ERR_NO_ERROR; - if((message == NULL) || (signature == NULL) || (ctx == NULL) || (ctx->certBuf == NULL)) { - SLOGE("[ERR][%s] Invalid parameter, please check your parameter\n", __func__); - ret = CERT_SVC_ERR_INVALID_PARAMETER; - goto err; + if (!message || !signature || !ctx || !ctx->certBuf) { + SLOGE("[ERR][%s] Invalid parameter, please check your parameter", __func__); + return CERT_SVC_ERR_INVALID_PARAMETER; } - if((ret = _verify_signature(ctx->certBuf, message, msgLen, signature, algo, validity)) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to verify signature.\n", __func__); - goto err; + if ((ret = _verify_signature(ctx->certBuf, message, msgLen, signature, algo, validity)) != CERT_SVC_ERR_NO_ERROR) { + SLOGE("[ERR][%s] Fail to verify signature.", __func__); + return ret; } - SLOGD("[%s] Success to verify signature.\n", __func__); -err: - return ret; + SLOGD("[%s] Success to verify signature.", __func__); + + return CERT_SVC_ERR_NO_ERROR; } CERT_SVC_API @@ -208,42 +355,32 @@ int cert_svc_extract_certificate_data(CERT_CONTEXT* ctx) { int ret = CERT_SVC_ERR_NO_ERROR; - /* chec parameter */ - if(ctx == NULL) { - SLOGE("[ERR][%s] Check your parameter.\n", __func__); - ret = CERT_SVC_ERR_INVALID_PARAMETER; - goto err; + if (!ctx || !ctx->certBuf) { + SLOGE("[ERR][%s] Check your parameter.", __func__); + return CERT_SVC_ERR_INVALID_PARAMETER; } - /* check context */ - if(ctx->certBuf == NULL) { - SLOGE("[ERR][%s] Cannot find certificate to be extracted.\n", __func__); - ret = CERT_SVC_ERR_INVALID_PARAMETER; - goto err; - } - if(ctx->certDesc != NULL) { - SLOGE("[ERR][%s] certDesc is not NULL. cannot load content.\n", __func__); - ret = CERT_SVC_ERR_INVALID_PARAMETER; - goto err; + if (ctx->certDesc != NULL) { + SLOGE("[ERR][%s] certDesc field already be used.", __func__); + return CERT_SVC_ERR_INVALID_OPERATION; } - /* memory allocation of cert descriptor */ - if(!(ctx->certDesc = (cert_svc_cert_descriptor*)malloc(sizeof(cert_svc_cert_descriptor)))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); - ret = CERT_SVC_ERR_MEMORY_ALLOCATION; - goto err; + if (!(ctx->certDesc = (cert_svc_cert_descriptor*)malloc(sizeof(cert_svc_cert_descriptor)))) { + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); + return CERT_SVC_ERR_MEMORY_ALLOCATION; } memset(ctx->certDesc, 0x00, sizeof(cert_svc_cert_descriptor)); - /* call extract function */ - if((ret = _extract_certificate_data(ctx->certBuf, ctx->certDesc)) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to extract certificate data.\n", __func__); - goto err; + if ((ret = _extract_certificate_data(ctx->certBuf, ctx->certDesc)) != CERT_SVC_ERR_NO_ERROR) { + SLOGE("[ERR][%s] Fail to extract certificate data.", __func__); + free(ctx->certDesc); + ctx->certDesc = NULL; + return ret; } - SLOGD("[%s] Success to extract certificate.\n", __func__); -err: - return ret; + SLOGD("[%s] Success to extract certificate.", __func__); + + return CERT_SVC_ERR_NO_ERROR; } CERT_SVC_API @@ -251,30 +388,24 @@ int cert_svc_search_certificate(CERT_CONTEXT* ctx, search_field fldName, char* f { int ret = CERT_SVC_ERR_NO_ERROR; - /* check parameter, fldName is unsigned int. It will never be negative */ - if((ctx == NULL) || (fldName > SEARCH_FIELD_END) || (fldData == NULL)) { - SLOGE("[ERR][%s] Invalid parameter. Check your parameter\n", __func__); - ret = CERT_SVC_ERR_INVALID_PARAMETER; - goto err; + if (!ctx || fldName > SEARCH_FIELD_END || !fldData) { + SLOGE("[ERR][%s] Invalid parameter. Check your parameter", __func__); + return CERT_SVC_ERR_INVALID_PARAMETER; } - /* check conext */ - if(ctx->fileNames != NULL) { - SLOGE("[ERR][%s] fileNames field already be used.\n", __func__); - ret = CERT_SVC_ERR_INVALID_OPERATION; - goto err; + if (ctx->fileNames != NULL) { + SLOGE("[ERR][%s] fileNames field already be used.", __func__); + return CERT_SVC_ERR_INVALID_OPERATION; } - /* search specific field */ - if((ret = _search_certificate(&(ctx->fileNames), fldName, fldData)) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to search certificate.\n", __func__); - SLOGE("[ERR][%s] Fail to search certificate.\n", ctx->fileNames); - goto err; + if ((ret = _search_certificate(&(ctx->fileNames), fldName, fldData)) != CERT_SVC_ERR_NO_ERROR) { + SLOGE("[ERR][%s] Fail to search certificate.", ctx->fileNames); + return ret; } - SLOGD("[%s] Success to search certificate(s).\n", __func__); -err: - return ret; + SLOGD("[%s] Success to search certificate(s).", __func__); + + return CERT_SVC_ERR_NO_ERROR; } CERT_SVC_API @@ -282,8 +413,8 @@ CERT_CONTEXT* cert_svc_cert_context_init() { CERT_CONTEXT* ctx = NULL; - if(!(ctx = (CERT_CONTEXT*)malloc(sizeof(CERT_CONTEXT)))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); + if (!(ctx = (CERT_CONTEXT*)malloc(sizeof(CERT_CONTEXT)))) { + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); return NULL; } @@ -292,7 +423,7 @@ CERT_CONTEXT* cert_svc_cert_context_init() ctx->certLink = NULL; ctx->fileNames = NULL; - SLOGD("[%s] Success to initialize context.\n", __func__); + SLOGD("[%s] Success to initialize context.", __func__); return ctx; } @@ -300,87 +431,71 @@ CERT_CONTEXT* cert_svc_cert_context_init() CERT_SVC_API int cert_svc_cert_context_final(CERT_CONTEXT* context) { - int ret = CERT_SVC_ERR_NO_ERROR; + if (!context) + return CERT_SVC_ERR_NO_ERROR; - if(context == NULL) // already be freed - goto err; - - // free certBuf - if(context->certBuf != NULL) { - if(context->certBuf->data != NULL) - free(context->certBuf->data); - context->certBuf->data = NULL; + if (context->certBuf) { + free(context->certBuf->data); free(context->certBuf); + context->certBuf = NULL; } - context->certBuf = NULL; release_certificate_data(context->certDesc); release_cert_list(context->certLink); release_filename_list(context->fileNames); - // free context free(context); context = NULL; - SLOGD("[%s] Success to finalize context.\n", __func__); + SLOGD("[%s] Success to finalize context.", __func__); -err: - return ret; + return CERT_SVC_ERR_NO_ERROR; } CERT_SVC_API -int cert_svc_load_buf_to_context(CERT_CONTEXT* ctx, unsigned char* buf) +int cert_svc_load_buf_to_context(CERT_CONTEXT* ctx, unsigned char *buf) { int ret = CERT_SVC_ERR_NO_ERROR; - int size = 0, decodedSize = 0; - char* decodedStr = NULL; + int size = 0; + unsigned char *decodedBuf = NULL; + int decodedSize = 0; - /* check parameter */ - if((ctx == NULL) || (buf == NULL)) { - SLOGE("[ERR][%s] context or buf is NULL.\n", __func__); - ret = CERT_SVC_ERR_INVALID_PARAMETER; - goto err; + if (!ctx || !buf) { + SLOGE("[ERR][%s] context or buf is NULL.", __func__); + return CERT_SVC_ERR_INVALID_PARAMETER; } - /* memory allocation for ctx->certBuf */ - if(ctx->certBuf != NULL) { - SLOGE("[ERR][%s] certBuf is already used. we cannot load buffer content.\n", __func__); - ret = CERT_SVC_ERR_INVALID_OPERATION; - goto err; + if (ctx->certBuf) { + SLOGE("[ERR][%s] certBuf is already used. we cannot load buffer content.", __func__); + return CERT_SVC_ERR_INVALID_OPERATION; } - if(!(ctx->certBuf = (cert_svc_mem_buff*)malloc(sizeof(cert_svc_mem_buff)))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); - ret = CERT_SVC_ERR_MEMORY_ALLOCATION; - goto err; + + if (!(ctx->certBuf = (cert_svc_mem_buff*)malloc(sizeof(cert_svc_mem_buff)))) { + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); + return CERT_SVC_ERR_MEMORY_ALLOCATION; } memset(ctx->certBuf, 0x00, sizeof(cert_svc_mem_buff)); - /* memory allocation for decoded string */ - size = strlen((char*)buf); + size = strlen((char *)buf); decodedSize = ((size / 4) * 3) + 1; - if(!(decodedStr = (char*)malloc(sizeof(char) * decodedSize))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); - ret = CERT_SVC_ERR_MEMORY_ALLOCATION; - goto err; + if (!(decodedBuf = (unsigned char *)malloc(sizeof(unsigned char) * decodedSize))) { + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); + return CERT_SVC_ERR_MEMORY_ALLOCATION; } - /* decode */ - if((ret = cert_svc_util_base64_decode((char*)buf, size, decodedStr, &decodedSize)) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to decode string, ret: [%d]\n", __func__, ret); - ret = CERT_SVC_ERR_INVALID_OPERATION; - free(decodedStr); - goto err; + if ((ret = cert_svc_util_base64_decode(buf, size, decodedBuf, &decodedSize)) != CERT_SVC_ERR_NO_ERROR) { + SLOGE("[ERR][%s] Fail to decode string, ret: [%d]", __func__, ret); + free(decodedBuf); + return CERT_SVC_ERR_INVALID_OPERATION; } - /* load content to CERT_CONTEXT */ - ctx->certBuf->data = (unsigned char*)decodedStr; + ctx->certBuf->data = decodedBuf; ctx->certBuf->size = decodedSize; - SLOGD("[%s] Success to load certificate buffer content to context.\n", __func__); + SLOGD("[%s] Success to load certificate buffer content to context.", __func__); -err: - return ret; + return CERT_SVC_ERR_NO_ERROR; } CERT_SVC_API @@ -388,37 +503,32 @@ int cert_svc_load_file_to_context(CERT_CONTEXT* ctx, const char* filePath) { int ret = CERT_SVC_ERR_NO_ERROR; - /* check parameter */ - if((ctx == NULL) || (filePath == NULL)) { - SLOGE("[ERR][%s] context or file path is NULL.\n", __func__); - ret = CERT_SVC_ERR_INVALID_PARAMETER; - goto err; + if (!ctx || !filePath) { + SLOGE("[ERR][%s] context or file path is NULL.", __func__); + return CERT_SVC_ERR_INVALID_PARAMETER; } - /* memory allocation for (*ctx)->certBuf */ - if(ctx->certBuf != NULL) { - SLOGE("[ERR][%s] certBuf is already used. we cannot load file.\n", __func__); - ret = CERT_SVC_ERR_INVALID_OPERATION; - goto err; + if (ctx->certBuf) { + SLOGE("[ERR][%s] certBuf is already used. we cannot load file.", __func__); + return CERT_SVC_ERR_INVALID_OPERATION; } - if(!(ctx->certBuf = (cert_svc_mem_buff*)malloc(sizeof(cert_svc_mem_buff)))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); - ret = CERT_SVC_ERR_MEMORY_ALLOCATION; - goto err; + + if (!(ctx->certBuf = (cert_svc_mem_buff*)malloc(sizeof(cert_svc_mem_buff)))) { + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); + return CERT_SVC_ERR_MEMORY_ALLOCATION; } memset(ctx->certBuf, 0x00, sizeof(cert_svc_mem_buff)); - /* get content to (*ctx)->certBuf */ - if((ret = cert_svc_util_load_file_to_buffer(filePath, ctx->certBuf)) != CERT_SVC_ERR_NO_ERROR) { - SECURE_SLOGE("[ERR][%s] Fail to load file, filepath: [%s], ret: [%d]\n", __func__, filePath, ret); - ret = CERT_SVC_ERR_INVALID_OPERATION; - goto err; + if ((ret = cert_svc_util_load_file_to_buffer(filePath, ctx->certBuf)) != CERT_SVC_ERR_NO_ERROR) { + SLOGE("[ERR][%s] Fail to load file, filepath: [%s], ret: [%d]", __func__, filePath, ret); + free(ctx->certBuf); + ctx->certBuf = NULL; + return CERT_SVC_ERR_INVALID_OPERATION; } + + SLOGD("[%s] Success to load certificate file content to context.", __func__); - SLOGD("[%s] Success to load certificate file content to context.\n", __func__); - -err: - return ret; + return CERT_SVC_ERR_NO_ERROR; } CERT_SVC_API @@ -427,68 +537,61 @@ int cert_svc_push_buf_into_context(CERT_CONTEXT *ctx, unsigned char* buf) int ret = CERT_SVC_ERR_NO_ERROR; cert_svc_linked_list* cur = NULL; cert_svc_linked_list* new = NULL; - int size = 0, decodedSize = 0; - char* decodedStr = NULL; + int size = 0; + unsigned char* decodedBuf = NULL; + int decodedSize = 0; - /* check parameter */ - if((ctx == NULL) || (buf == NULL)) { - SLOGE("[ERR][%s] context or buf is NULL.\n", __func__); - ret = CERT_SVC_ERR_INVALID_PARAMETER; - goto err; + if (!ctx || !buf) { + SLOGE("[ERR][%s] context or buf is NULL.", __func__); + return CERT_SVC_ERR_INVALID_PARAMETER; } /* memory alloction new item */ - if(!(new = (cert_svc_linked_list*)malloc(sizeof(cert_svc_linked_list)))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); - ret = CERT_SVC_ERR_MEMORY_ALLOCATION; - goto err; + if (!(new = (cert_svc_linked_list*)malloc(sizeof(cert_svc_linked_list)))) { + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); + return CERT_SVC_ERR_MEMORY_ALLOCATION; } - if(!(new->certificate = (cert_svc_mem_buff*)malloc(sizeof(cert_svc_mem_buff)))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); + + if (!(new->certificate = (cert_svc_mem_buff*)malloc(sizeof(cert_svc_mem_buff)))) { + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); free(new); - ret = CERT_SVC_ERR_MEMORY_ALLOCATION; - goto err; + return CERT_SVC_ERR_MEMORY_ALLOCATION; } - /* memory allocation for decoded string */ - size = strlen((char*)buf); + size = strlen((char *)buf); decodedSize = ((size / 4) * 3) + 1; - if(!(decodedStr = (char*)malloc(sizeof(char) * decodedSize))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); + if (!(decodedBuf = (unsigned char *)malloc(sizeof(unsigned char) * decodedSize))) { + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); release_cert_list(new); - ret = CERT_SVC_ERR_MEMORY_ALLOCATION; - goto err; + return CERT_SVC_ERR_MEMORY_ALLOCATION; } - /* decode */ - if((ret = cert_svc_util_base64_decode((char*)buf, size, decodedStr, &decodedSize)) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to decode string, ret: [%d]\n", __func__, ret); + if ((ret = cert_svc_util_base64_decode(buf, size, decodedBuf, &decodedSize)) != CERT_SVC_ERR_NO_ERROR) { + SLOGE("[ERR][%s] Fail to decode string, ret: [%d]", __func__, ret); release_cert_list(new); - free(decodedStr); - ret = CERT_SVC_ERR_INVALID_OPERATION; - goto err; + free(decodedBuf); + return CERT_SVC_ERR_INVALID_OPERATION; } - /* load content to CERT_CONTEXT */ - new->certificate->data = (unsigned char*)decodedStr; + new->certificate->data = decodedBuf; new->certificate->size = decodedSize; new->next = NULL; /* attach new structure */ - if(ctx->certLink == NULL) + if (!ctx->certLink) { ctx->certLink = new; - else { + } else { cur = ctx->certLink; - while(cur->next) + while (cur->next) cur = cur->next; + cur->next = new; } + + SLOGD("[%s] Success to push certificate buffer content to context.", __func__); - SLOGD("[%s] Success to push certificate buffer content to context.\n", __func__); - -err: - return ret; + return CERT_SVC_ERR_NO_ERROR; } CERT_SVC_API @@ -498,52 +601,45 @@ int cert_svc_push_file_into_context(CERT_CONTEXT *ctx, const char* filePath) cert_svc_linked_list* cur = NULL; cert_svc_linked_list* new = NULL; - /* check parameter */ - if((ctx == NULL) || (filePath == NULL)) { - SLOGE("[ERR][%s] context or file path is NULL.\n", __func__); - ret = CERT_SVC_ERR_INVALID_PARAMETER; - goto err; + if (!ctx || !filePath) { + SLOGE("[ERR][%s] context or file path is NULL.", __func__); + return CERT_SVC_ERR_INVALID_PARAMETER; } - /* memory alloction new item */ - if(!(new = (cert_svc_linked_list*)malloc(sizeof(cert_svc_linked_list)))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); - ret = CERT_SVC_ERR_MEMORY_ALLOCATION; - goto err; + if (!(new = (cert_svc_linked_list*)malloc(sizeof(cert_svc_linked_list)))) { + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); + return CERT_SVC_ERR_MEMORY_ALLOCATION; } memset(new, 0x00, sizeof(cert_svc_linked_list)); - if(!(new->certificate = (cert_svc_mem_buff*)malloc(sizeof(cert_svc_mem_buff)))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); - ret = CERT_SVC_ERR_MEMORY_ALLOCATION; + + if (!(new->certificate = (cert_svc_mem_buff*)malloc(sizeof(cert_svc_mem_buff)))) { + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); free(new); - goto err; + return CERT_SVC_ERR_MEMORY_ALLOCATION; } memset(new->certificate, 0x00, sizeof(cert_svc_mem_buff)); - /* get content to ctx->certBuf */ - if((ret = cert_svc_util_load_file_to_buffer(filePath, new->certificate)) != CERT_SVC_ERR_NO_ERROR) { - SECURE_SLOGE("[ERR][%s] Fail to load file, filepath: [%s], ret: [%d]\n", __func__, filePath, ret); + if ((ret = cert_svc_util_load_file_to_buffer(filePath, new->certificate)) != CERT_SVC_ERR_NO_ERROR) { + SLOGE("[ERR][%s] Fail to load file, filepath: [%s], ret: [%d]", __func__, filePath, ret); release_cert_list(new); - ret = CERT_SVC_ERR_INVALID_OPERATION; - goto err; + return CERT_SVC_ERR_INVALID_OPERATION; } new->next = NULL; /* attach new structure */ - if(ctx->certLink == NULL) // first + if (!ctx->certLink) { ctx->certLink = new; - else { + } else { cur = ctx->certLink; - while(cur->next != NULL) + while (cur->next) cur = cur->next; cur->next = new; } + + SLOGD("[%s] Success to push certificate file content to context.", __func__); - SLOGD("[%s] Success to push certificate file content to context.\n", __func__); - -err: - return ret; + return CERT_SVC_ERR_NO_ERROR; } CERT_SVC_API @@ -551,37 +647,32 @@ int cert_svc_load_PFX_file_to_context(CERT_CONTEXT* ctx, unsigned char** private { int ret = CERT_SVC_ERR_NO_ERROR; - /* check parameter */ - if((ctx == NULL) || (filePath == NULL)) { - SLOGE("[ERR][%s] context or file path is NULL.\n", __func__); - ret = CERT_SVC_ERR_INVALID_PARAMETER; - goto err; + if (!ctx || !filePath) { + SLOGE("[ERR][%s] context or file path is NULL.", __func__); + return CERT_SVC_ERR_INVALID_PARAMETER; } - /* memory allocation for ctx->certBuf */ - if(ctx->certBuf != NULL) { - SLOGE("[ERR][%s] certBuf is already used. we cannot load file.\n", __func__); - ret = CERT_SVC_ERR_INVALID_OPERATION; - goto err; + if (ctx->certBuf) { + SLOGE("[ERR][%s] certBuf is already used. we cannot load file.", __func__); + return CERT_SVC_ERR_INVALID_OPERATION; } - if(!(ctx->certBuf = (cert_svc_mem_buff*)malloc(sizeof(cert_svc_mem_buff)))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); - ret = CERT_SVC_ERR_MEMORY_ALLOCATION; - goto err; + + if (!(ctx->certBuf = (cert_svc_mem_buff*)malloc(sizeof(cert_svc_mem_buff)))) { + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); + return CERT_SVC_ERR_MEMORY_ALLOCATION; } memset(ctx->certBuf, 0x00, sizeof(cert_svc_mem_buff)); - /* get content to ctx->certBuf */ - if((ret = cert_svc_util_load_PFX_file_to_buffer(filePath, ctx->certBuf, &ctx->certLink, privateKey, priKeyLen, passPhrase)) != CERT_SVC_ERR_NO_ERROR) { - SECURE_SLOGE("[ERR][%s] Fail to load file, filepath: [%s], ret: [%d]\n", __func__, filePath, ret); - ret = CERT_SVC_ERR_INVALID_OPERATION; - goto err; + if ((ret = cert_svc_util_load_PFX_file_to_buffer(filePath, ctx->certBuf, &ctx->certLink, privateKey, priKeyLen, passPhrase)) != CERT_SVC_ERR_NO_ERROR) { + SLOGE("[ERR][%s] Fail to load file, filepath: [%s], ret: [%d]", __func__, filePath, ret); + free(ctx->certBuf); + ctx->certBuf = NULL; + return CERT_SVC_ERR_INVALID_OPERATION; } + + SLOGD("[%s] Success to load certificate file content to context.", __func__); - SLOGD("[%s] Success to load certificate file content to context.\n", __func__); - -err: - return ret; + return CERT_SVC_ERR_NO_ERROR; } #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL @@ -591,32 +682,27 @@ int cert_svc_check_ocsp_status(CERT_CONTEXT* ctx, const char* uri) int ret = CERT_SVC_ERR_NO_ERROR; cert_svc_linked_list** certList=NULL; - /* check revocation status */ - /* check parameter */ - if((ctx == NULL) || (ctx->certBuf == NULL)) { - SLOGE("[ERR][%s] certBuf must have value.\n", __func__); - ret = CERT_SVC_ERR_INVALID_PARAMETER; - goto err; + if (!ctx || !ctx->certBuf) { + SLOGE("[ERR][%s] certBuf must have value.", __func__); + return CERT_SVC_ERR_INVALID_PARAMETER; } - /* check revocation status */ - if(ctx->certLink != NULL) { + if (ctx->certLink) { certList = &(ctx->certLink); - } - if((ret = _check_ocsp_status(ctx->certBuf, certList, uri)) != CERT_SVC_ERR_NO_ERROR) { - SLOGE("[ERR][%s] Fail to check revocation status.\n", __func__); - goto err; + + if ((ret = _check_ocsp_status(ctx->certBuf, certList, uri)) != CERT_SVC_ERR_NO_ERROR) { + SLOGE("[ERR][%s] Fail to check revocation status.", __func__); + return ret; } -err: - return ret; + return CERT_SVC_ERR_NO_ERROR; } #endif CERT_SVC_API char* cert_svc_get_certificate_crt_file_path(void) { - return CRT_FILE_PATH; + return CERTSVC_CRT_FILE_PATH; } CERT_SVC_API @@ -624,30 +710,25 @@ int cert_svc_get_visibility(CERT_CONTEXT *ctx, int* visibility) { CERT_CONTEXT* context = NULL; int ret = CERT_SVC_ERR_NO_ERROR; - const char* root_cert_path = NULL; - if(!ctx || !visibility) - { + if (!ctx || !visibility) { SLOGE("Invalid prameters"); return CERT_SVC_ERR_INVALID_PARAMETER; } - if(!ctx->fileNames || !ctx->fileNames->filename) - { + if (!ctx->fileNames || !ctx->fileNames->filename) { SLOGE("Can not find root certificate path"); return CERT_SVC_ERR_INVALID_PARAMETER; } context = cert_svc_cert_context_init(); - if(!context) - { + if (!context) { SLOGE("Out of memory"); return CERT_SVC_ERR_MEMORY_ALLOCATION; } ret = cert_svc_load_file_to_context(context, ctx->fileNames->filename); - if(ret != CERT_SVC_ERR_NO_ERROR) - { + if (ret != CERT_SVC_ERR_NO_ERROR) { SLOGE("failed to load root certficiate"); cert_svc_cert_context_final(context); return CERT_SVC_ERR_INVALID_CERTIFICATE; @@ -660,19 +741,49 @@ int cert_svc_get_visibility(CERT_CONTEXT *ctx, int* visibility) return ret; } + CERT_SVC_API int cert_svc_get_visibility_by_root_certificate(const char* base64_encoded_data, int data_len, int* visibility) { - if(!base64_encoded_data|| !data_len) - { + if (!base64_encoded_data|| !data_len) { return CERT_SVC_ERR_INVALID_PARAMETER; } - int ret = get_visibility_by_certificate(base64_encoded_data, data_len, visibility); - if(ret != CERT_SVC_ERR_NO_ERROR) - { + int ret = get_visibility_by_certificate((const unsigned char *)base64_encoded_data, data_len, visibility); + if (ret != CERT_SVC_ERR_NO_ERROR) { SLOGE("Failed to get_visibility :%d", ret); return ret; } + return CERT_SVC_ERR_NO_ERROR; } + +CERT_SVC_API +int cert_svc_util_parse_name_fld_data(unsigned char* str, cert_svc_name_fld_data* fld) +{ + return parse_name_fld_data(str, fld); +} + +void hex_encoder(const char *src, int srcLen, char *out) +{ + int i = 0; + unsigned char cLow = 0; + unsigned char cHigh = 0; + + for (i = 0; i < srcLen ; i++) { + cLow = src[i] & 0x0f; + cHigh = (src[i] >> 4) & 0x0f; + + if (cLow <= 9) + out[i * 2 + 1] = cLow + '0'; + else + out[i * 2 + 1] = cLow - 10 + 'A'; + + if (cHigh <= 9) + out[i * 2] = cHigh + '0'; + else + out[i * 2] = cHigh - 10 + 'A'; + } + +} + diff --git a/srcs/dpkg-pki-sig.c b/srcs/dpkg-pki-sig.c deleted file mode 100644 index d7a372f..0000000 --- a/srcs/dpkg-pki-sig.c +++ /dev/null @@ -1,936 +0,0 @@ -/* - * certification service - * - * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Kidong Kim <kd0228.kim@samsung.com> - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> -#include <time.h> -#include <dirent.h> -#include <error.h> -#include <limits.h> - -#include <sys/stat.h> -#include <sys/types.h> -#include <sys/wait.h> - -#include <openssl/sha.h> -#include <openssl/rsa.h> -#include <openssl/bio.h> -#include <openssl/pem.h> -#include <openssl/err.h> -#include <tzplatform_config.h> - -#include "cert-service.h" - -#define DPS_OPERATION_SUCCESS 0 -#define DPS_FILE_ERR -1 -#define DPS_MEMORY_ERR -2 -#define DPS_PARAMETER_ERR -3 -#define DPS_INVALID_OPERATION -4 - -#define SDK_CERT_PATH "./SDK.crt" -#define SDK_PRIVKEY_PATH "./SDK.key" -#define CA_PRIVKEY_PATH "./ca.key" - -void print_usage(void) -{ - fprintf(stdout, "\n This program signs or verifies signature on package(.deb).\n\n"); - fprintf(stdout, " [USAGE] dpkg-pki-sig [COMMAND] [ARGUMENT(s)]\n\n"); - fprintf(stdout, " - COMMAND:\n"); - fprintf(stdout, " -- gencert [SDK prikey path] [SDK cert path] [CA prikey path] [CA cert path] [output directory] ([target info])\n"); - fprintf(stdout, " : generates certificate for SDK, and that certificate will be signed by CA.\n"); - fprintf(stdout, " : If you use target which be linked your SDK, you must use target information in specific storage of target.\n"); - fprintf(stdout, " Otherwise, your package does not be executed in target.\n"); - fprintf(stdout, " -- sign [debian package path] [private key path of user] [certificate path of user]\n"); - fprintf(stdout, " : signs your debian package with inputed secret key.\n"); - fprintf(stdout, " -- verify [debian package path]\n"); - fprintf(stdout, " : verifies your debian package with public key in pre-defined certificate.\n\n"); - fprintf(stdout, " - EXAMPLES:\n"); - fprintf(stdout, " -- dpkg-pki-sig gencert ./SDKpri.key ./SDKcert.crt ./CApri.key ./CAcert.crt ./ (target info)\n"); - fprintf(stdout, " -- dpkg-pki-sig sign ./test.deb ./private.key ./mycert.crt\n"); - fprintf(stdout, " -- dpkg-pki-sig verify ./test.deb\n\n"); -} - -int delete_directory(const char* path) -{ - int ret = DPS_OPERATION_SUCCESS; - DIR* dir = NULL; - struct dirent* dirent = NULL; - char filename[128]; - - if((dir = opendir(path)) == NULL) { - fprintf(stderr, "[ERR][%s] Fail to open directory, [%s]\n", __func__, path); - ret = DPS_FILE_ERR; - goto err; - } - - while((dirent = readdir(dir)) != NULL) { - memset(filename, 0x00, 128); - if((strncmp(dirent->d_name, ".", 1) == 0) || (strncmp(dirent->d_name, "..", 2) == 0)) - continue; - snprintf(filename, 128, "%s/%s", path, dirent->d_name); - if(unlink(filename) != 0) { - fprintf(stderr, "[ERR][%s] Fail to remove file, [%s]\n", __func__, filename); - perror("ERR!!"); - ret = DPS_FILE_ERR; - goto err; - } - } - - if(rmdir(path) != 0) { - fprintf(stderr, "[ERR][%s] Fail to remove directory, [%s]\n", __func__, path); - ret = DPS_FILE_ERR; - goto err; - } - -err: - if(dir != NULL) closedir(dir); - - return ret; -} - -int get_files_from_deb(FILE* fp_deb) -{ - int ret = DPS_OPERATION_SUCCESS; - int readcount = 0; - int writecount = 0; - unsigned long int size = 0; - FILE* fp_control = NULL; - FILE* fp_data = NULL; - FILE* fp_sig = NULL; - /* size+1 for null termination */ - char tempbuf[65]; - char filename[17]; - char filelen[11]; - char* buf = NULL; - - if (fp_deb == NULL) { - fprintf(stderr, "[ERR] Null file pointer passed to function\n"); - ret = DPS_FILE_ERR; - return ret; - } - - memset(tempbuf, 0x00, 65); - memset(filename, 0x00, 17); - memset(filelen, 0x00, 11); - - if(!(fp_control = fopen("./temp/control.tar.gz", "wb"))) { - fprintf(stderr, "[ERR][%s] Fail to open file, [control.tar.gz]\n", __func__); - ret = DPS_FILE_ERR; - goto err; - } - if(!(fp_data = fopen("./temp/data.tar.gz", "wb"))) { - fprintf(stderr, "[ERR][%s] Fail to open file, [data.tar.gz]\n", __func__); - ret = DPS_FILE_ERR; - goto err; - } - if(!(fp_sig = fopen("./temp/_sigandcert", "wb"))) { - fprintf(stderr, "[ERR][%s] Fail to open file, [_sigandcert]\n", __func__); - ret = DPS_FILE_ERR; - goto err; - } - - while(fgets(tempbuf, 64, fp_deb)) { - strncpy(filename, tempbuf, 16); - if(memcmp(filename, "!<arch>\n", 8) == 0) { - memset(tempbuf, 0x00, 65); - continue; - } - if((memcmp(filename, "control.tar.gz", 14) == 0) || - (memcmp(filename, "data.tar.gz", 11) == 0) || - (memcmp(filename, "_sigandcert", 11) == 0) - ) { - strncpy(filelen, tempbuf + 48, 10); - size = strtoul(filelen, NULL, 10); - if((int)size <= 0) { - fprintf(stderr, "[ERR][%s] Fail to get filelen\n", __func__); - ret = DPS_FILE_ERR; - goto err; - } - if(!(buf = (char*)malloc(sizeof(char) * (int)size))) { - fprintf(stderr, "[ERR][%s] Fail to allocate memory\n", __func__); - ret = DPS_MEMORY_ERR; - goto err; - } - memset(buf, 0x00, (int)size); - - if((readcount = fread(buf, sizeof(char), (int)size, fp_deb)) != (int)size) { // read error - fprintf(stderr, "[ERR][%s] Read error, [%s]\n", __func__, filename); - ret = DPS_FILE_ERR; - goto err; - } - - if(!strncmp(filename, "control.tar.gz", 14)) - writecount = fwrite(buf, sizeof(char), (int)size, fp_control); - else if(!strncmp(filename, "data.tar.gz", 11)) - writecount = fwrite(buf, sizeof(char), (int)size, fp_data); - else if(!strncmp(filename, "_sigandcert", 11)) - writecount = fwrite(buf, sizeof(char), (int)size, fp_sig); - - if(writecount != (int)size) { // write error - fprintf(stderr, "[ERR][%s] Write error, [%s]\n", __func__, filename); - ret = DPS_FILE_ERR; - goto err; - } - - free(buf); - buf = NULL; - } - } - -err: - if(fp_control != NULL) fclose(fp_control); - if(fp_data != NULL) fclose(fp_data); - if(fp_sig != NULL) fclose(fp_sig); - - if(buf != NULL) free(buf); - - return ret; -} - -int sha256_hash(char* in, unsigned char* out, int len) -{ - int ret = DPS_OPERATION_SUCCESS; - SHA256_CTX sctx; - - if(!SHA256_Init(&sctx)) { - fprintf(stderr, "[ERR][%s] Fail to init hash structure\n", __func__); - ret = DPS_INVALID_OPERATION; - goto err; - } - if(!SHA256_Update(&sctx, in, len)) { - fprintf(stderr, "[ERR][%s] Fail to update hash structure\n", __func__); - ret = DPS_INVALID_OPERATION; - goto err; - } - if(!SHA256_Final(out, &sctx)) { - fprintf(stderr, "[ERR][%s] Fail to final hash structure\n", __func__); - ret = DPS_INVALID_OPERATION; - goto err; - } - -err: - return ret; -} - -int sha256_hashing_file(FILE* fp_file, char* out) -{ - int filelen = 0; - int i = 0; - char* in = NULL; - unsigned char* hashout = NULL; - int ret = DPS_OPERATION_SUCCESS; - - fseek(fp_file, 0L, SEEK_END); - if (-1 == (filelen = ftell(fp_file))) { - fprintf(stderr, "[ERR] Error returned by ftell()"); - ret = DPS_FILE_ERR; - goto err; - } - fseek(fp_file, 0L, SEEK_SET); - - if(!(in = (char*)malloc(sizeof(char) * (filelen + 1)))) { - fprintf(stderr, "[ERR][%s] Fail to allocate memory.", __func__); - ret = DPS_MEMORY_ERR; - goto err; - } - if(!(hashout = (unsigned char*)malloc(sizeof(unsigned char) * SHA256_DIGEST_LENGTH))) { - fprintf(stderr, "[ERR][%s] Fail to allocate memory.", __func__); - ret = DPS_MEMORY_ERR; - goto err; - } - memset(in, 0x00, (filelen + 1)); - memset(hashout, 0x00, SHA256_DIGEST_LENGTH); - - if(fread(in, sizeof(char), filelen, fp_file) != filelen) { - fprintf(stderr, "[ERR][%s] Fail to read file.[%d]\n", __func__, filelen); - ret = DPS_FILE_ERR; - goto err; - } - - if((ret = sha256_hash(in, hashout, filelen)) != DPS_OPERATION_SUCCESS) { - fprintf(stderr, "[ERR][%s] Fail to hash message\n", __func__); - goto err; - } - - for(i = 0; i < SHA256_DIGEST_LENGTH; i++) { - sprintf(out + (i * 2), "%02x", hashout[i]); - } - -err: - if(in != NULL) free(in); - if(hashout != NULL) free(hashout); - - return ret; -} - -int get_target_info(char* info) -{ - const char * TARGET_INFO = tzplatform_mkpath(TZ_SYS_SHARE, "cert-svc/targetinfo"); - FILE* fp_info = NULL; - char* token = NULL; - char seps[] = " \t\n\r"; - char buf[16]; - - memset(buf, 0x00, 16); - - if(!(fp_info = fopen(TARGET_INFO, "r"))) { // error - fprintf(stderr, "[ERR][%s] Fail to open file, [%s]\n", __func__, TARGET_INFO); - return DPS_FILE_ERR; - } - - fgets(buf, 16, fp_info); - if(buf[0] == '0') { // not used - // do nothing - strncpy(info, "NOT USED", sizeof("NOT USED")); - } - else if(buf[0] == '1') { - memset(buf, 0x00, 16); - fgets(buf, 16, fp_info); - memcpy(info, buf, 10); - } - else { - fprintf(stderr, "[ERR][%s] Check your targetinfo file.\n", __func__); - fclose(fp_info); - return DPS_INVALID_OPERATION; - } - - fclose(fp_info); - return DPS_OPERATION_SUCCESS; -} - -int generate_sdk_cert(int argc, const char** argv) -{ - int ret = DPS_OPERATION_SUCCESS; - const char* targetinfo = NULL; - char* defaultinfo = "SDK_simulator"; - int pid = -1; - const char * make_cert_path = NULL; - - /* this code is for testing */ - if((argc < 4) || (argc > 5)) { - fprintf(stderr, "[ERR][%s] Check your argument!!\n", __func__); - print_usage(); - ret = DPS_PARAMETER_ERR; - goto err; - } - - // delete older SDK cert and SDK key - if(unlink(argv[0]) != 0) { // error - if(errno == ENOENT) - fprintf(stderr, "[LOG][%s] %s is not exist.\n", __func__, argv[0]); - } - if(unlink(argv[1]) != 0) { // error - if(errno == ENOENT) - fprintf(stderr, "[LOG][%s] %s is not exist.\n", __func__, argv[1]); - } - - // get target information - if(argc == 4) // target info is not set - targetinfo = defaultinfo; - else if(argc == 5) // target info is set - targetinfo = argv[4]; - - /* execute script 'make_cert.sh' */ - pid = fork(); - if(pid == 0) { // child - make_cert_path = tzplatform_mkpath(TZ_SYS_BIN,"make_cert.sh"); - execl(make_cert_path, make_cert_path, argv[0], argv[1], argv[2], argv[3], targetinfo, NULL); - } - else if(pid > 0) { // parent - wait((int*)0); - ret = DPS_OPERATION_SUCCESS; - goto err; - } - else if(pid < 0) { // fail - fprintf(stderr, "[ERR][%s] Fail to fork.\n", __func__); - ret = DPS_INVALID_OPERATION; - goto err; - } - -err: - - return ret; -} - -int package_sign(int argc, const char** argv) -{ - int ret = DPS_OPERATION_SUCCESS; - int ch = 0, i = 0; - int certwrite = 0; - unsigned long int privlen = 0; - unsigned long int encodedlen = 0; - unsigned long int certlen = 0; - unsigned long int sigfilelen = 0; - FILE* fp_deb = NULL; - FILE* fp_control = NULL; - FILE* fp_data = NULL; - FILE* fp_sig = NULL; - FILE* fp_priv = NULL; - FILE* fp_cert = NULL; - char tempbuf[128]; - char* out = NULL; - char signingmsg[128]; - char* prikey = NULL; - unsigned char* r_signature = NULL; - unsigned char* siginput = NULL; - char* encoded = NULL; - char* certbuf = NULL; - char* startcert = NULL; - char* endcert = NULL; - char sigfileinfo[60]; - char* sigfilebuf = NULL; - unsigned int slen; - - RSA* private_key = NULL; - BIO* private_bio = NULL; - - char* messages = "MESSAGES:\n"; - char* signature = "SIGNATURE:\n"; - char* certificate = "CERTIFICATE:\n"; - - if(!(out = (char*)malloc(sizeof(char) * (SHA256_DIGEST_LENGTH * 2 + 1)))) { - fprintf(stderr, "[ERR][%s] Fail to allocate memory.\n", __func__); - ret = DPS_MEMORY_ERR; - goto err; - } - memset(tempbuf, 0x00, 128); - memset(signingmsg, 0x00, 128); - memset(sigfileinfo, 0x00, 60); - - if(argc != 3) { // debian package, private key, certificate - fprintf(stderr, "[ERR][%s] Check your argument!!\n", __func__); - print_usage(); - ret = DPS_PARAMETER_ERR; - goto err; - } - - /* make temp dir in current dir */ - if(mkdir("./temp", 0755) != 0) { // fail - fprintf(stderr, "[ERR][%s] Fail to make temporary directory, [%s]\n", __func__, "./temp"); - ret = DPS_INVALID_OPERATION; - goto err; - } - - /* make signature file in temp dir */ - if(!(fp_sig = fopen("./temp/_sigandcert", "w+b"))) { // fail - fprintf(stderr, "[ERR][%s] Fail to open file, [%s]\n", __func__, "./temp/_sigandcert"); - ret = DPS_FILE_ERR; - goto err; - } - - /* extract .tar.gz file from deb file and store in temp dir */ - if(!(fp_deb = fopen(argv[0], "r+b"))) { // fail - fprintf(stderr, "[ERR][%s] Fail to open file, [%s]\n", __func__, argv[0]); - ret = DPS_FILE_ERR; - goto err; - } - - if((ret = get_files_from_deb(fp_deb)) != DPS_OPERATION_SUCCESS) { - fprintf(stderr, "[ERR][%s] Fail to extract files from deb.\n", __func__); - goto err; - } - - if(!(fp_control = fopen("./temp/control.tar.gz", "rb"))) { // fail - fprintf(stderr, "[ERR][%s] Fail to open file, [%s]\n", __func__, "./temp/control.tar.gz"); - ret = DPS_FILE_ERR; - goto err; - } - if(!(fp_data = fopen("./temp/data.tar.gz", "rb"))) { // fail - fprintf(stderr, "[ERR][%s] Fail to open file, [%s]\n", __func__, "./temp/data.tar.gz"); - ret = DPS_FILE_ERR; - goto err; - } - - /* calculate hash value of .tar.gz file and write */ - if(fwrite(messages, sizeof(char), strlen(messages), fp_sig) != strlen(messages)) { // error - fprintf(stderr, "[ERR][%s] Fail to write to file, [%s]\n", __func__, "_sigandcert"); - ret = DPS_FILE_ERR; - goto err; - } - - memset(out, 0x00, (SHA256_DIGEST_LENGTH * 2 + 1)); - if((ret = sha256_hashing_file(fp_control, out)) != DPS_OPERATION_SUCCESS) { - fprintf(stderr, "[ERR][%s] Fail to calculate hash, [%s]\n", __func__, "control.tar.gz"); - goto err; - } - snprintf(tempbuf, 128, "%s control.tar.gz\n", out); - strncpy(signingmsg, tempbuf, strlen(tempbuf)); - - memset(out, 0x00, (SHA256_DIGEST_LENGTH * 2 + 1)); - if((ret = sha256_hashing_file(fp_data, out)) != DPS_OPERATION_SUCCESS) { - fprintf(stderr, "[ERR][%s] Fail to calculate hash, [%s]\n", __func__, "control.tar.gz"); - goto err; - } - snprintf(tempbuf, 128, "%s data.tar.gz\n", out); - strncat(signingmsg, tempbuf, strlen(tempbuf)); - - fprintf(fp_sig, "%d\n", strlen(signingmsg)); - if(fwrite(signingmsg, sizeof(char), strlen(signingmsg), fp_sig) != strlen(signingmsg)) { - fprintf(stderr, "[ERR][%s] Fail to write to file, [%s]\n", __func__, "_sigandcert"); - ret = DPS_FILE_ERR; - goto err; - } - - /* create signature and write */ - if(fwrite(signature, sizeof(char), strlen(signature), fp_sig) != strlen(signature)) { // error - fprintf(stderr, "[ERR][%s] Fail to write to file, [%s]\n", __func__, "_sigandcert"); - ret = DPS_FILE_ERR; - goto err; - } - - if(!(fp_priv = fopen(argv[1], "r"))) { // error - fprintf(stderr, "[ERR][%s] Fail to open file, [%s]\n", __func__, argv[1]); - ret = DPS_FILE_ERR; - goto err; - } - fseek(fp_priv, 0L, SEEK_END); - privlen = ftell(fp_priv); - fseek(fp_priv, 0L, SEEK_SET); - - if((int)privlen <= 0){ - fprintf(stderr, "[ERR][%s] Fail to get file lengh\n", __func__); - ret = DPS_FILE_ERR; - goto err; - } - - if(!(prikey = (char*)malloc(sizeof(char) * (int)privlen))) { - fprintf(stderr, "[ERR][%s] Fail to allocate memory\n", __func__); - ret = DPS_FILE_ERR; - goto err; - } - memset(prikey, 0x00, (int)privlen); - - i = 0; - while((ch = fgetc(fp_priv)) != EOF) { - prikey[i] = ch; - i++; - } - prikey[i] = '\0'; - - if(!(private_bio = BIO_new_mem_buf(prikey, -1))) { - fprintf(stderr, "[ERR][%s] Fail to allocate memory, [private_bio]\n", __func__); - ERR_print_errors_fp(stdout); - ret = DPS_MEMORY_ERR; - goto err; - } - - if(!(private_key = PEM_read_bio_RSAPrivateKey(private_bio, NULL, NULL, NULL))) { - fprintf(stderr, "[ERR][%s] Fail to allocate memory, [private_key]\n", __func__); - ERR_print_errors_fp(stdout); - ret = DPS_MEMORY_ERR; - goto err; - } - - if(!(r_signature = (unsigned char*)malloc(RSA_size(private_key)))) { - fprintf(stderr, "[ERR][%s] Fail to allocate memory, [r_signature]\n", __func__); - ret = DPS_MEMORY_ERR; - goto err; - } - - if(!(siginput = (unsigned char*)malloc(sizeof(unsigned char) * SHA256_DIGEST_LENGTH))) { - fprintf(stderr, "[ERR][%s] Fail to allocate memory.", __func__); - ret = DPS_MEMORY_ERR; - goto err; - } - memset(siginput, 0x00, SHA256_DIGEST_LENGTH); - - if((ret = sha256_hash(signingmsg, siginput, strlen(signingmsg))) != DPS_OPERATION_SUCCESS) { - fprintf(stderr, "[ERR][%s] Fail to hash\n", __func__); - goto err; - } - - if(RSA_sign(NID_sha256, siginput, SHA256_DIGEST_LENGTH, r_signature, &slen, private_key) != 1) { // error - fprintf(stderr, "[ERR][%s] Fail to make signature.\n", __func__); - ERR_print_errors_fp(stdout); - ret = DPS_INVALID_OPERATION; - goto err; - } - - encodedlen = (((slen + 2) / 3) * 4) + 1; - if(!(encoded = (char*)malloc(sizeof(char) * encodedlen))) { - fprintf(stderr, "[ERR][%s] Fail to allocate memory, [encoded]\n", __func__); - ret = DPS_MEMORY_ERR; - goto err; - } - if((ret = cert_svc_util_base64_encode(r_signature, slen, encoded, &encodedlen)) != 0) { // error - fprintf(stderr, "[ERR][%s] Fail to encode signature\n", __func__); - ret = DPS_INVALID_OPERATION; - goto err; - } - - fprintf(fp_sig, "%d\n", (int)encodedlen); - if(fwrite(encoded, sizeof(char), (int)encodedlen, fp_sig) != (int)encodedlen) { // error - fprintf(stderr, "[ERR][%s] Fail to write to file, [%s]\n", __func__, "_sigandcert"); - ret = DPS_FILE_ERR; - goto err; - } - fwrite("\n", sizeof(char), 1, fp_sig); - - /* certificate write */ - if(fwrite(certificate, sizeof(char), strlen(certificate), fp_sig) != strlen(certificate)) { // error - fprintf(stderr, "[ERR][%s] Fail to write to file, [%s]\n", __func__, "_sigandcert"); - ret = DPS_FILE_ERR; - goto err; - } - - if(!(fp_cert = fopen(argv[2], "r"))) { // error - fprintf(stderr, "[ERR][%s] Fail to open file, [%s]\n", __func__, argv[2]); - ret = DPS_FILE_ERR; - goto err; - } - - fseek(fp_cert, 0L, SEEK_END); - - if(ftell(fp_cert) < 0) { - fprintf(stderr, "[ERR][%s] Fail to find EOF\n", __func__); - ret = DPS_FILE_ERR; - goto err; - } - - certlen = ftell(fp_cert); - fseek(fp_cert, 0L, SEEK_SET); - - if(!(certbuf = (char*)malloc(sizeof(char) * (int)certlen))) { - fprintf(stderr, "[ERR][%s] Fail to allocate memory\n", __func__); - ret = DPS_FILE_ERR; - goto err; - } - memset(certbuf, 0x00, (int)certlen); - - i = 0; - while((ch = fgetc(fp_cert)) != EOF) { - if(ch != '\n') { - certbuf[i] = ch; - i++; - } - } - certbuf[i] = '\0'; - - startcert = strstr(certbuf, "-----BEGIN CERTIFICATE-----") + strlen("-----BEGIN CERTIFICATE-----"); - endcert = strstr(certbuf, "-----END CERTIFICATE-----"); - certwrite = (int)endcert - (int)startcert; - - fprintf(fp_sig, "%d\n", certwrite); - if(fwrite(startcert, sizeof(char), certwrite, fp_sig) != certwrite) { // error - fprintf(stderr, "[ERR][%s] Fail to write to file, [_sigandcert]\n", __func__); - ret = DPS_FILE_ERR; - goto err; - } - - /* insert file into deb archive */ - if (-1 == (sigfilelen = ftell(fp_sig))) { - fprintf(stderr, "[ERR] Failed to get filesize by ftell()\n"); - ret = DPS_FILE_ERR; - goto err; - } - - fseek(fp_sig, 0L, SEEK_SET); - fseek(fp_deb, 0L, SEEK_END); - - if(!(sigfilebuf = (char*)malloc(sizeof(char) * (sigfilelen + 1)))) { - fprintf(stderr, "[ERR][%s] Fail to allocate memory, [sigfilebuf]\n", __func__); - ret = DPS_MEMORY_ERR; - goto err; - } - memset(sigfilebuf, 0x00, (sigfilelen + 1)); - - snprintf(sigfileinfo, 60, "%-16s%-12ld%-6d%-6d%-8s%-10ld`", "_sigandcert", time(NULL), 0, 0, "100644", sigfilelen); - fprintf(fp_deb, "%s\n", sigfileinfo); - - if(fread(sigfilebuf, sizeof(char), sigfilelen, fp_sig) != sigfilelen) { - fprintf(stderr, "[ERR][%s] Fail to read file, [fp_sig]\n", __func__); - ret = DPS_FILE_ERR; - goto err; - } - if(fwrite(sigfilebuf, sizeof(char), sigfilelen, fp_deb) != sigfilelen) { - fprintf(stderr, "[ERR][%s] Fail to read file, [fp_sig]\n", __func__); - ret = DPS_FILE_ERR; - goto err; - } - - /* delete temp dir */ - if(delete_directory("./temp") != DPS_OPERATION_SUCCESS) { - fprintf(stderr, "[ERR][%s] Fail to delete directory\n", __func__); - ret = DPS_INVALID_OPERATION; - goto err; - } - -err: - if(private_bio != NULL) BIO_free(private_bio); - - if(out != NULL) free(out); - if(prikey != NULL) free(prikey); - if(r_signature != NULL) free(r_signature); - if(encoded != NULL) free(encoded); - if(certbuf != NULL) free(certbuf); - if(sigfilebuf != NULL) free(sigfilebuf); - if(siginput != NULL) free(siginput); - - if(fp_deb != NULL) fclose(fp_deb); - if(fp_control != NULL) fclose(fp_control); - if(fp_data != NULL) fclose(fp_data); - if(fp_sig != NULL) fclose(fp_sig); - if(fp_priv != NULL) fclose(fp_priv); - if(fp_cert != NULL) fclose(fp_cert); - - return ret; -} - -int package_verify(int argc, const char** argv) -{ - int ret = DPS_OPERATION_SUCCESS; - /* file pointers */ - FILE* fp_deb = NULL; // .deb - FILE* fp_sig = NULL; // _sigandcert - /* memory buffer for _sigandcert */ - char* msg = NULL; // message buffer - int msglen = 0; // message length - char* sig = NULL; // signature buffer - int siglen = 0; // signature length - char* cert = NULL; // certificate buffer - int certlen = 0; // certificate length - /* temporary buffer */ - char filebuf[64]; // temp buf for deb - /* used for cert verification */ - char* target_info = NULL; - CERT_CONTEXT* ctx = NULL; - int val_cert = 0; - int val_sig = 0; - - if(argc != 1) { - fprintf(stderr, "[ERR] Check your argument!!\n"); - print_usage(); - ret = DPS_PARAMETER_ERR; - goto err; - } - - ctx = cert_svc_cert_context_init(); - - /* make temp dir in current dir */ - if(mkdir("./temp", 0755) != 0) { // fail - fprintf(stderr, "[ERR][%s] Fail to make temporary directory, [%s]\n", __func__, "./temp"); - ret = DPS_INVALID_OPERATION; - goto err; - } - - /* extract files from .deb */ - if((fp_deb = fopen(argv[0], "rb")) == NULL) { - fprintf(stderr, "[ERR][%s] Fail to open file. [%s]\n", __func__, argv[0]); - ret = DPS_FILE_ERR; - goto err; - } - - if((ret = get_files_from_deb(fp_deb)) != DPS_OPERATION_SUCCESS) { - fprintf(stderr, "[ERR][%s] Fail to extract files.\n", __func__); - goto err; - } - - /* get msg, sig, cert from_sigandcert */ - if((fp_sig = fopen("./temp/_sigandcert", "r")) == NULL) { - fprintf(stderr, "[ERR][%s] Fail to open file. [_sigandcert]\n", __func__); - ret = DPS_FILE_ERR; - goto err; - } - - memset(filebuf, 0x00, 64); - while(fgets(filebuf, 64, fp_sig) != NULL) { - if(!strncmp(filebuf, "MESSAGES:", 9)) { - fgets(filebuf, 64, fp_sig); - msglen = (int)strtoul(filebuf, NULL, 10); - if ((msglen < 1) || (msglen >= INT_MAX)) { - fprintf(stderr, "[ERR][%s] Fail to get length of certificate\n", __func__); - ret = DPS_INVALID_OPERATION; - goto err; - } - - msg = (char*)malloc(sizeof(char) * (msglen + 1)); - if(!msg){ - ret = DPS_INVALID_OPERATION; - goto err; - } - - memset(msg, 0x00, (msglen + 1)); - if(fread(msg, sizeof(char), msglen, fp_sig) != msglen) { - fprintf(stderr, "[ERR][%s] Fail to get contents from file, [messages]\n", __func__); - ret = DPS_INVALID_OPERATION; - goto err; - } - - free(msg); - msg = NULL; - } - else if(!strncmp(filebuf, "SIGNATURE:", 10)) { - fgets(filebuf, 64, fp_sig); - siglen = (int)strtoul(filebuf, NULL, 10); - if ((siglen < 1) || (siglen >= INT_MAX)) { - fprintf(stderr, "[ERR][%s] Fail to get length of certificate\n", __func__); - ret = DPS_INVALID_OPERATION; - goto err; - } - sig = (char*)malloc(sizeof(char) * (siglen + 1)); - if(!sig){ - ret = DPS_INVALID_OPERATION; - goto err; - } - - memset(sig, 0x00, (siglen + 1)); - if(fread(sig, sizeof(char), siglen, fp_sig) != siglen) { - fprintf(stderr, "[ERR][%s] Fail to get contents from file, [signature]\n", __func__); - ret = DPS_INVALID_OPERATION; - goto err; - } - - free(sig); - sig = NULL; - } - else if(!strncmp(filebuf, "CERTIFICATE:", 12)) { - fgets(filebuf, 64, fp_sig); - certlen = (int)strtoul(filebuf, NULL, 10); - if ((certlen < 1) || (certlen >= INT_MAX)) { - fprintf(stderr, "[ERR][%s] Fail to get length of certificate\n", __func__); - ret = DPS_INVALID_OPERATION; - goto err; - } - cert = (char*)malloc(sizeof(char) * (certlen + 1)); - memset(cert, 0x00, (certlen + 1)); - if(fread(cert, sizeof(char), certlen, fp_sig) != certlen) { - fprintf(stderr, "[ERR][%s] Fail to get contents from file, [certificate]\n", __func__); - ret = DPS_INVALID_OPERATION; - goto err; - } - free(cert); - cert = NULL; - } - } - - /* get certificate data */ - if((ret = cert_svc_load_buf_to_context(ctx, cert)) != CERT_SVC_ERR_NO_ERROR) { - fprintf(stderr, "[ERR][%s] Fail to load certificate into context, [%d]\n", __func__, ret); - ret = DPS_INVALID_OPERATION; - goto err; - } - if((ret = cert_svc_extract_certificate_data(ctx)) != CERT_SVC_ERR_NO_ERROR) { - fprintf(stderr, "[ERR][%s] Fail to extract certificate data, [%d]\n", __func__, ret); - ret = DPS_INVALID_OPERATION; - goto err; - } - - /* get target info */ - if(!(target_info = (char*)malloc(sizeof(char) * 10))) { - fprintf(stderr, "[ERR][%s] Fail to allocate memory.\n", __func__); - ret = DPS_MEMORY_ERR; - goto err; - } - if((ret = get_target_info(target_info)) != DPS_OPERATION_SUCCESS) { - fprintf(stderr, "[ERR][%s] Fail to get target info.\n", __func__); - goto err; - } - - /* check this package is installed by SDK? or app store? - * check OU field of certificate - * - if SLP_SDK, be installed by SDK - * - if some other, be installed by app store - */ - if(!strncmp(ctx->certDesc->info.subject.organizationUnitName, "SLP SDK", 7)) { // this is SDK - if(strncmp(target_info, "NOT USED", 8)){ // and use target info(one-to-one matching with target and SDK) - if(strncmp(ctx->certDesc->info.subject.commonName, target_info, 8)) { // but target_info is not same, error - fprintf(stderr, "[ERR][%s] target MUST be uniquely matched to SDK.\n", __func__); - ret = DPS_INVALID_OPERATION; - goto err; - } - } - } - - /* verify certificate */ - if((ret = cert_svc_verify_certificate(ctx, &val_cert)) != CERT_SVC_ERR_NO_ERROR) { - fprintf(stderr, "[ERR][%s] Fail to verify certificate, [%d]\n", __func__, ret); - ret = DPS_INVALID_OPERATION; - goto err; - } - if(val_cert != 1) { // fail - fprintf(stdout, "[LOG][%s] certificate is not valid.\n", __func__); - ret = DPS_INVALID_OPERATION; - goto err; - } - else { // success - fprintf(stdout, "[LOG][%s] certificate is valid.\n", __func__); - ret = DPS_OPERATION_SUCCESS; - } - - /* verify signature */ - if((ret = cert_svc_verify_signature(ctx, msg, msglen, sig, "SHA256", &val_sig)) != CERT_SVC_ERR_NO_ERROR) { - fprintf(stderr, "[ERR][%s] Fail to verify signature, [%d]\n", __func__, ret); - ret = DPS_INVALID_OPERATION; - goto err; - } - if(val_sig != 1) { // fail - fprintf(stdout, "[LOG][%s] signature is not valid.\n", __func__); - ret = DPS_INVALID_OPERATION; - goto err; - } - else { // success - fprintf(stdout, "[LOG][%s] signature is valid.\n", __func__); - ret = DPS_OPERATION_SUCCESS; - } - -err: - if(fp_deb != NULL) fclose(fp_deb); - if(fp_sig != NULL) fclose(fp_sig); - - if(msg != NULL) free(msg); - if(sig != NULL) free(sig); - if(cert != NULL) free(cert); - if(target_info != NULL) free(target_info); - - cert_svc_cert_context_final(ctx); - - return ret; -} - -int main(int argc, char* argv[]) -{ - int ret = DPS_OPERATION_SUCCESS; - - if(argc < 2) { - fprintf(stderr, "[ERR] Check your argument!!\n"); - print_usage(); - return 0; - } - - if(!strncmp(argv[1], "gencert", 7)) - ret = generate_sdk_cert(argc - 2, (const char **)argv + 2); - else if(!strncmp(argv[1], "sign", 4)) - ret = package_sign(argc - 2, (const char **)argv + 2); - else if(!strncmp(argv[1], "verify", 6)) - ret = package_verify(argc - 2, (const char **)argv + 2); - else if(!strncmp(argv[1], "help", 4)) - print_usage(); - else { - fprintf(stderr, "[ERR] Check your argument!!\n"); - print_usage(); - } - - fprintf(stderr, "return: [%d]\n", ret); - - return 1; -} diff --git a/systemd/CMakeLists.txt b/systemd/CMakeLists.txt new file mode 100644 index 0000000..ede78be --- /dev/null +++ b/systemd/CMakeLists.txt @@ -0,0 +1,6 @@ +INSTALL( + FILES + ${PROJECT_SOURCE_DIR}/systemd/cert-server.socket + ${PROJECT_SOURCE_DIR}/systemd/cert-server.service + DESTINATION ${SYSTEMD_UNIT_DIR} + ) diff --git a/systemd/cert-server.service b/systemd/cert-server.service new file mode 100644 index 0000000..15a98d7 --- /dev/null +++ b/systemd/cert-server.service @@ -0,0 +1,11 @@ +[Unit] +Description=Start cert server for cert-svc managing root ssl certs + +[Service] +ExecStart=/usr/bin/cert-server +User=system +Group=system +Sockets=cert-server.socket + +[Install] +WantedBy=multi-user.target diff --git a/systemd/cert-server.socket b/systemd/cert-server.socket new file mode 100644 index 0000000..a9c7efe --- /dev/null +++ b/systemd/cert-server.socket @@ -0,0 +1,10 @@ +[Socket] +ListenStream=/tmp/CertSocket +SocketUser=system +SocketGroup=system +SocketMode=0777 + +Service=cert-server.service + +[Install] +WantedBy=sockets.target diff --git a/targetinfo b/targetinfo deleted file mode 100644 index 573541a..0000000 --- a/targetinfo +++ /dev/null @@ -1 +0,0 @@ -0 diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt new file mode 100644 index 0000000..ee84402 --- /dev/null +++ b/tests/CMakeLists.txt @@ -0,0 +1,32 @@ +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +PKG_CHECK_MODULES(VCORE_TEST_DEP + REQUIRED + dpl-test-efl + sqlite3 + ) + +INCLUDE_DIRECTORIES( + SYSTEM + ${VCORE_TEST_DEP_INCLUDE_DIRS} + ${PROJECT_SOURCE_DIR}/include + ${PROJECT_SOURCE_DIR}/vcore/src + ) + +ADD_SUBDIRECTORY(capi) +ADD_SUBDIRECTORY(pkcs12) +ADD_SUBDIRECTORY(vcore) +ADD_SUBDIRECTORY(cert-svc) diff --git a/tests/capi/CMakeLists.txt b/tests/capi/CMakeLists.txt new file mode 100644 index 0000000..9c96275 --- /dev/null +++ b/tests/capi/CMakeLists.txt @@ -0,0 +1,72 @@ +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) +# @version 1.0 +# @brief +# + +SET(VCOREC_TESTS_SOURCES + ${PROJECT_SOURCE_DIR}/tests/capi/api_tests.cpp + ${PROJECT_SOURCE_DIR}/tests/capi/test_suite_01.cpp + ) + +INCLUDE_DIRECTORIES( + ${PROJECT_SOURCE_DIR}/vcore/src + ${PROJECT_SOURCE_DIR}/tests/capi + ${PROJECT_SOURCE_DIR}/include + ) + +ADD_EXECUTABLE(${TARGET_VCOREC_TEST} ${VCOREC_TESTS_SOURCES}) + +TARGET_LINK_LIBRARIES(${TARGET_VCOREC_TEST} + ${TARGET_VCORE_LIB} + ${TARGET_CERT_SVC_LIB} + ${VCORE_TEST_DEP_LIBRARIES} + -ldl + ) + +INSTALL(TARGETS ${TARGET_VCOREC_TEST} + DESTINATION ${TZ_SYS_BIN} + PERMISSIONS OWNER_READ + OWNER_WRITE + OWNER_EXECUTE + GROUP_READ + GROUP_EXECUTE + WORLD_READ + WORLD_EXECUTE + ) + +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/tests/capi/data/cert_a.pem + ${PROJECT_SOURCE_DIR}/tests/capi/data/cert_b.pem + ${PROJECT_SOURCE_DIR}/tests/capi/data/pkey.pem + DESTINATION ${TZ_SYS_SHARE}/cert-svc/pkcs12/test1st + PERMISSIONS OWNER_READ + GROUP_READ + WORLD_READ + ) + +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/tests/capi/data/cert0.pem + ${PROJECT_SOURCE_DIR}/tests/capi/data/cert1.der + ${PROJECT_SOURCE_DIR}/tests/capi/data/cert2fake.pem + ${PROJECT_SOURCE_DIR}/tests/capi/data/cert3fake.der + DESTINATION ${TZ_SYS_SHARE}/cert-svc/cert-type/ + PERMISSIONS OWNER_READ + GROUP_READ + WORLD_READ + ) + diff --git a/tests/capi/api_tests.cpp b/tests/capi/api_tests.cpp new file mode 100644 index 0000000..7f9a6aa --- /dev/null +++ b/tests/capi/api_tests.cpp @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file main.cpp + * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of main + */ +#include <dpl/test/test_runner.h> + +#include <cert-svc/ccert.h> + +//#include <vcore/VCore.h> +//#include <libsoup/soup.h> // includes headers with g_type_init + +CertSvcInstance vinstance; + +int main (int argc, char *argv[]) +{ + certsvc_instance_new(&vinstance); + int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv); + certsvc_instance_free(vinstance); + return status; +} + diff --git a/tests/capi/api_tests.h b/tests/capi/api_tests.h new file mode 100644 index 0000000..29ff2f7 --- /dev/null +++ b/tests/capi/api_tests.h @@ -0,0 +1,32 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file api_tests.h + * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of main + */ + +#include <cert-svc/cinstance.h> +#include <cert-svc/ccert.h> +#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL +#include <cert-svc/ccrl.h> +#include <cert-svc/cocsp.h> +#endif +#include <cert-svc/cpkcs12.h> +#include <cert-svc/cprimitives.h> + +extern CertSvcInstance vinstance; diff --git a/tests/capi/crl_cache.h b/tests/capi/crl_cache.h new file mode 100644 index 0000000..c71dfd9 --- /dev/null +++ b/tests/capi/crl_cache.h @@ -0,0 +1,86 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file crl_cache.h + * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + * @brief Example implementation of memory cache for crl. + */ +#ifndef _CRL_MEMORY_CACHE_H_ +#define _CRL_MEMORY_CACHE_H_ + +#include <map> +#include <string> +#include <vector> + +#include <string.h> +#include <time.h> + +typedef std::vector<char> BinaryBuffer; + +typedef struct CrlRecord_t { + BinaryBuffer buffer; + time_t nextUpdate; +} CrlRecord; + +typedef std::map<std::string,CrlRecord> MemoryCache; + +void memoryCacheWrite( + const char *distributionPoint, + const char *body, + int bodySize, + time_t nextUpdateTime, + void *userParam) +{ + MemoryCache *cache = static_cast<MemoryCache*>(userParam); + + CrlRecord record; + record.buffer.resize(bodySize); + memcpy(&record.buffer[0], body, bodySize); + record.nextUpdate = nextUpdateTime; + + cache->insert(std::make_pair(std::string(distributionPoint),record)); +} + +int memoryCacheRead( + const char *distributorPoint, + char **body, + int *bodySize, + time_t *nextUpdateTime, + void *userParam) +{ + MemoryCache *cache = static_cast<MemoryCache*>(userParam); + auto iter = cache->find(distributorPoint); + if (iter == cache->end()) { + return 0; + } + CrlRecord record = iter->second; + *bodySize = record.buffer.size(); + *body = new char[*bodySize]; + memcpy(*body, &record.buffer[0], *bodySize); + *nextUpdateTime = record.nextUpdate; + return 1; +} + +void memoryCacheFree( + char *buffer, + void *) +{ + delete[] buffer; +} + +#endif // _CRL_MEMORY_CACHE_H_ + diff --git a/tests/capi/data/cert0.pem b/tests/capi/data/cert0.pem new file mode 100644 index 0000000..f062d94 --- /dev/null +++ b/tests/capi/data/cert0.pem @@ -0,0 +1,64 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 85:7d:e1:c5:d9:de:7a:20 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=PL, ST=Mazowieckie, O=Samsung, OU=SPRC, CN=Operator Test Root Certificate/emailAddress=operator@samsung.com + Validity + Not Before: Jan 4 17:34:31 2011 GMT + Not After : Jan 4 17:34:31 2012 GMT + Subject: C=PL, ST=Malopolskie, L=Krakow, O=Samsung, OU=N/A, CN=Operator Test Second Level Certificate/emailAddress=second.operator@samsung.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:ba:3c:58:ca:87:1e:59:68:54:8a:54:34:43:61: + f1:81:e6:35:c1:46:74:16:c7:ff:f9:15:9e:0c:5a: + 6a:89:c1:13:0c:61:2e:ba:00:e0:71:ea:7e:31:ae: + 4e:ef:93:58:51:98:97:f3:bf:8a:9b:b2:c1:b7:0c: + 5f:3f:56:b3:13:3b:d0:80:be:04:66:89:84:50:ca: + fe:f6:f7:6b:05:3b:30:4e:96:9c:5b:c5:80:bc:d6: + be:6e:69:f4:b9:9b:4c:06:7a:ed:37:67:b2:fe:45: + 69:57:62:54:cb:69:69:48:b9:7d:a0:42:f1:b6:dc: + f2:7f:eb:75:2a:d4:83:69:b9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + D9:F3:11:BF:98:5A:60:12:7A:85:B5:E7:A7:38:4F:CF:51:1D:C6:B2 + X509v3 Authority Key Identifier: + keyid:25:A5:90:9F:4D:3A:A4:19:0A:80:46:5E:F3:FB:20:CE:56:30:33:DA + + Signature Algorithm: sha1WithRSAEncryption + 69:6c:26:81:51:91:a6:e6:11:dc:81:35:03:73:85:4f:2f:29: + 1f:20:f2:23:54:82:ca:8f:b8:a6:e3:3f:cd:72:5e:d7:e7:f5: + 84:8a:33:e2:51:9f:36:4b:30:85:f4:4f:87:c7:9a:69:0b:15: + 6e:92:c7:1f:2f:58:a4:57:f8:c2:cd:59:6c:d2:11:63:ae:bb: + b0:32:3f:09:e7:2e:ad:db:1b:fe:e7:a4:21:43:47:76:e1:de: + 36:bb:26:3f:16:76:20:ed:a4:68:c1:48:ae:2b:95:fb:f6:d2: + f2:7f:74:f6:83:e2:89:06:b5:89:54:6e:7f:cf:88:94:66:e8: + da:32 +-----BEGIN CERTIFICATE----- +MIIDPjCCAqegAwIBAgIJAIV94cXZ3nogMA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD +VQQGEwJQTDEUMBIGA1UECBMLTWF6b3dpZWNraWUxEDAOBgNVBAoTB1NhbXN1bmcx +DTALBgNVBAsTBFNQUkMxJzAlBgNVBAMTHk9wZXJhdG9yIFRlc3QgUm9vdCBDZXJ0 +aWZpY2F0ZTEjMCEGCSqGSIb3DQEJARYUb3BlcmF0b3JAc2Ftc3VuZy5jb20wHhcN +MTEwMTA0MTczNDMxWhcNMTIwMTA0MTczNDMxWjCBsTELMAkGA1UEBhMCUEwxFDAS +BgNVBAgTC01hbG9wb2xza2llMQ8wDQYDVQQHEwZLcmFrb3cxEDAOBgNVBAoTB1Nh +bXN1bmcxDDAKBgNVBAsTA04vQTEvMC0GA1UEAxMmT3BlcmF0b3IgVGVzdCBTZWNv +bmQgTGV2ZWwgQ2VydGlmaWNhdGUxKjAoBgkqhkiG9w0BCQEWG3NlY29uZC5vcGVy +YXRvckBzYW1zdW5nLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAujxY +yoceWWhUilQ0Q2HxgeY1wUZ0Fsf/+RWeDFpqicETDGEuugDgcep+Ma5O75NYUZiX +87+Km7LBtwxfP1azEzvQgL4EZomEUMr+9vdrBTswTpacW8WAvNa+bmn0uZtMBnrt +N2ey/kVpV2JUy2lpSLl9oELxttzyf+t1KtSDabkCAwEAAaN7MHkwCQYDVR0TBAIw +ADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw +HQYDVR0OBBYEFNnzEb+YWmASeoW156c4T89RHcayMB8GA1UdIwQYMBaAFCWlkJ9N +OqQZCoBGXvP7IM5WMDPaMA0GCSqGSIb3DQEBBQUAA4GBAGlsJoFRkabmEdyBNQNz +hU8vKR8g8iNUgsqPuKbjP81yXtfn9YSKM+JRnzZLMIX0T4fHmmkLFW6Sxx8vWKRX ++MLNWWzSEWOuu7AyPwnnLq3bG/7npCFDR3bh3ja7Jj8WdiDtpGjBSK4rlfv20vJ/ +dPaD4okGtYlUbn/PiJRm6Noy +-----END CERTIFICATE----- diff --git a/tests/capi/data/cert1.der b/tests/capi/data/cert1.der Binary files differnew file mode 100644 index 0000000..1365859 --- /dev/null +++ b/tests/capi/data/cert1.der diff --git a/tests/capi/data/cert2fake.pem b/tests/capi/data/cert2fake.pem new file mode 100644 index 0000000..65ea138 --- /dev/null +++ b/tests/capi/data/cert2fake.pem @@ -0,0 +1,20 @@ +----BEGIN CERTIFICATE---- +MIIDPjCCAqegAwIBAgIJAIV94cXZ3nogMA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD +VQQGEwJQTDEUMBIGA1UECBMLTWF6b3dpZWNraWUxEDAOBgNVBAoTB1NhbXN1bmcx +DTALBgNVBAsTBFNQUkMxJzAlBgNVBAMTHk9wZXJhdG9yIFRlc3QgUm9vdCBDZXJ0 +aWZpY2F0ZTEjMCEGCSqGSIb3DQEJARYUb3BlcmF0b3JAc2Ftc3VuZy5jb20wHhcN +MTEwMTA0MTczNDMxWhcNMTIwMTA0MTczNDMxWjCBsTELMAkGA1UEBhMCUEwxFDAS +BgNVBAgTC01hbG9wb2xza2llMQ8wDQYDVQQHEwZLcmFrb3cxEDAOBgNVBAoTB1Nh +bXN1bmcxDDAKBgNVBAsTA04vQTEvMC0GA1UEAxMmT3BlcmF0b3IgVGVzdCBTZWNv +bmQgTGV2ZWwgQ2VydGlmaWNhdGUxKjAoBgkqhkiG9w0BCQEWG3NlY29uZC5vcGVy +YXRvckBzYW1zdW5nLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAujxY +yoceWWhUilQ0Q2HxgeY1wUZ0Fsf/+RWeDFpqicETDGEuugDgcep+Ma5O75NYUZiX +87+Km7LBtwxfP1azEzvQgL4EZomEUMr+9vdrBTswTpacW8WAvNa+bmn0uZtMBnrt +N2ey/kVpV2JUy2lpSLl9oELxttzyf+t1KtSDabkCAwEAAaN7MHkwCQYDVR0TBAIw +ADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw +HQYDVR0OBBYEFNnzEb+YWmASeoW156c4T89RHcayMB8GA1UdIwQYMBaAFCWlkJ9N +OqQZCoBGXvP7IM5WMDPaMA0GCSqGSIb3DQEBBQUAA4GBAGlsJoFRkabmEdyBNQNz +hU8vKR8g8iNUgsqPuKbjP81yXtfn9YSKM+JRnzZLMIX0T4fHmmkLFW6Sxx8vWKRX ++MLNWWzSEWOuu7AyPwnnLq3bG/7npCFDR3bh3ja7Jj8WdiDtpGjBSK4rlfv20vJ/ +dPaD4okGtYlUbn/PiJRm6Noy +-----END CERTIFICATE----- diff --git a/tests/capi/data/cert3fake.der b/tests/capi/data/cert3fake.der Binary files differnew file mode 100644 index 0000000..ba4bc6e --- /dev/null +++ b/tests/capi/data/cert3fake.der diff --git a/tests/capi/data/cert_a.pem b/tests/capi/data/cert_a.pem new file mode 100644 index 0000000..f062d94 --- /dev/null +++ b/tests/capi/data/cert_a.pem @@ -0,0 +1,64 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 85:7d:e1:c5:d9:de:7a:20 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=PL, ST=Mazowieckie, O=Samsung, OU=SPRC, CN=Operator Test Root Certificate/emailAddress=operator@samsung.com + Validity + Not Before: Jan 4 17:34:31 2011 GMT + Not After : Jan 4 17:34:31 2012 GMT + Subject: C=PL, ST=Malopolskie, L=Krakow, O=Samsung, OU=N/A, CN=Operator Test Second Level Certificate/emailAddress=second.operator@samsung.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:ba:3c:58:ca:87:1e:59:68:54:8a:54:34:43:61: + f1:81:e6:35:c1:46:74:16:c7:ff:f9:15:9e:0c:5a: + 6a:89:c1:13:0c:61:2e:ba:00:e0:71:ea:7e:31:ae: + 4e:ef:93:58:51:98:97:f3:bf:8a:9b:b2:c1:b7:0c: + 5f:3f:56:b3:13:3b:d0:80:be:04:66:89:84:50:ca: + fe:f6:f7:6b:05:3b:30:4e:96:9c:5b:c5:80:bc:d6: + be:6e:69:f4:b9:9b:4c:06:7a:ed:37:67:b2:fe:45: + 69:57:62:54:cb:69:69:48:b9:7d:a0:42:f1:b6:dc: + f2:7f:eb:75:2a:d4:83:69:b9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + D9:F3:11:BF:98:5A:60:12:7A:85:B5:E7:A7:38:4F:CF:51:1D:C6:B2 + X509v3 Authority Key Identifier: + keyid:25:A5:90:9F:4D:3A:A4:19:0A:80:46:5E:F3:FB:20:CE:56:30:33:DA + + Signature Algorithm: sha1WithRSAEncryption + 69:6c:26:81:51:91:a6:e6:11:dc:81:35:03:73:85:4f:2f:29: + 1f:20:f2:23:54:82:ca:8f:b8:a6:e3:3f:cd:72:5e:d7:e7:f5: + 84:8a:33:e2:51:9f:36:4b:30:85:f4:4f:87:c7:9a:69:0b:15: + 6e:92:c7:1f:2f:58:a4:57:f8:c2:cd:59:6c:d2:11:63:ae:bb: + b0:32:3f:09:e7:2e:ad:db:1b:fe:e7:a4:21:43:47:76:e1:de: + 36:bb:26:3f:16:76:20:ed:a4:68:c1:48:ae:2b:95:fb:f6:d2: + f2:7f:74:f6:83:e2:89:06:b5:89:54:6e:7f:cf:88:94:66:e8: + da:32 +-----BEGIN CERTIFICATE----- +MIIDPjCCAqegAwIBAgIJAIV94cXZ3nogMA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD +VQQGEwJQTDEUMBIGA1UECBMLTWF6b3dpZWNraWUxEDAOBgNVBAoTB1NhbXN1bmcx +DTALBgNVBAsTBFNQUkMxJzAlBgNVBAMTHk9wZXJhdG9yIFRlc3QgUm9vdCBDZXJ0 +aWZpY2F0ZTEjMCEGCSqGSIb3DQEJARYUb3BlcmF0b3JAc2Ftc3VuZy5jb20wHhcN +MTEwMTA0MTczNDMxWhcNMTIwMTA0MTczNDMxWjCBsTELMAkGA1UEBhMCUEwxFDAS +BgNVBAgTC01hbG9wb2xza2llMQ8wDQYDVQQHEwZLcmFrb3cxEDAOBgNVBAoTB1Nh +bXN1bmcxDDAKBgNVBAsTA04vQTEvMC0GA1UEAxMmT3BlcmF0b3IgVGVzdCBTZWNv +bmQgTGV2ZWwgQ2VydGlmaWNhdGUxKjAoBgkqhkiG9w0BCQEWG3NlY29uZC5vcGVy +YXRvckBzYW1zdW5nLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAujxY +yoceWWhUilQ0Q2HxgeY1wUZ0Fsf/+RWeDFpqicETDGEuugDgcep+Ma5O75NYUZiX +87+Km7LBtwxfP1azEzvQgL4EZomEUMr+9vdrBTswTpacW8WAvNa+bmn0uZtMBnrt +N2ey/kVpV2JUy2lpSLl9oELxttzyf+t1KtSDabkCAwEAAaN7MHkwCQYDVR0TBAIw +ADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw +HQYDVR0OBBYEFNnzEb+YWmASeoW156c4T89RHcayMB8GA1UdIwQYMBaAFCWlkJ9N +OqQZCoBGXvP7IM5WMDPaMA0GCSqGSIb3DQEBBQUAA4GBAGlsJoFRkabmEdyBNQNz +hU8vKR8g8iNUgsqPuKbjP81yXtfn9YSKM+JRnzZLMIX0T4fHmmkLFW6Sxx8vWKRX ++MLNWWzSEWOuu7AyPwnnLq3bG/7npCFDR3bh3ja7Jj8WdiDtpGjBSK4rlfv20vJ/ +dPaD4okGtYlUbn/PiJRm6Noy +-----END CERTIFICATE----- diff --git a/tests/capi/data/cert_b.pem b/tests/capi/data/cert_b.pem new file mode 100644 index 0000000..343241f --- /dev/null +++ b/tests/capi/data/cert_b.pem @@ -0,0 +1,66 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 85:7d:e1:c5:d9:de:7a:1f + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=PL, ST=Mazowieckie, O=Samsung, OU=SPRC, CN=Operator Test Root Certificate/emailAddress=operator@samsung.com + Validity + Not Before: Jan 4 17:27:08 2011 GMT + Not After : Jan 3 17:27:08 2014 GMT + Subject: C=PL, ST=Mazowieckie, O=Samsung, OU=SPRC, CN=Operator Test Root Certificate/emailAddress=operator@samsung.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c3:39:17:a8:f9:d0:69:37:9a:56:44:39:67:10: + 14:a9:4b:a2:0b:c7:fc:a1:e8:e8:f7:1c:06:f4:9c: + 83:f7:37:07:9d:9c:2c:1b:46:43:5f:f1:7b:91:a8: + cd:c0:76:00:d5:9c:c9:28:f7:91:28:b6:97:ec:85: + b1:10:0f:58:2e:f6:6f:98:b6:ab:7b:ca:08:10:7f: + 55:32:bf:32:db:a7:c2:86:83:03:ee:41:0a:24:de: + 17:e3:9d:8f:5b:fa:46:70:78:98:b4:c1:14:77:44: + ab:59:7c:4c:d3:4a:f7:54:f2:30:0d:38:73:95:9f: + 21:0e:a9:86:3e:fc:82:4e:0b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 25:A5:90:9F:4D:3A:A4:19:0A:80:46:5E:F3:FB:20:CE:56:30:33:DA + X509v3 Authority Key Identifier: + keyid:25:A5:90:9F:4D:3A:A4:19:0A:80:46:5E:F3:FB:20:CE:56:30:33:DA + DirName:/C=PL/ST=Mazowieckie/O=Samsung/OU=SPRC/CN=Operator Test Root Certificate/emailAddress=operator@samsung.com + serial:85:7D:E1:C5:D9:DE:7A:1F + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + b9:d7:72:49:09:d8:6f:61:94:51:40:9d:c3:d3:23:53:97:b8: + 12:ee:cb:dd:57:e6:1f:a2:76:38:5d:42:51:bd:a9:30:19:f7: + 67:5b:a8:67:4a:9e:a1:f0:a9:22:14:94:77:32:27:79:37:9c: + 0a:0f:52:80:14:62:00:94:45:85:3b:fd:ad:b4:c3:20:45:ba: + b7:91:1a:9e:38:51:0f:9b:d5:ce:74:c7:bd:4a:21:9a:2d:b5: + 71:0b:42:d2:95:72:66:fe:eb:11:ad:62:44:6c:32:4e:b4:00: + 37:d7:b8:d5:4b:f6:74:36:78:d6:ae:66:b3:ca:6e:42:ff:cb: + c2:e6 +-----BEGIN CERTIFICATE----- +MIIDnzCCAwigAwIBAgIJAIV94cXZ3nofMA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD +VQQGEwJQTDEUMBIGA1UECBMLTWF6b3dpZWNraWUxEDAOBgNVBAoTB1NhbXN1bmcx +DTALBgNVBAsTBFNQUkMxJzAlBgNVBAMTHk9wZXJhdG9yIFRlc3QgUm9vdCBDZXJ0 +aWZpY2F0ZTEjMCEGCSqGSIb3DQEJARYUb3BlcmF0b3JAc2Ftc3VuZy5jb20wHhcN +MTEwMTA0MTcyNzA4WhcNMTQwMTAzMTcyNzA4WjCBkjELMAkGA1UEBhMCUEwxFDAS +BgNVBAgTC01hem93aWVja2llMRAwDgYDVQQKEwdTYW1zdW5nMQ0wCwYDVQQLEwRT +UFJDMScwJQYDVQQDEx5PcGVyYXRvciBUZXN0IFJvb3QgQ2VydGlmaWNhdGUxIzAh +BgkqhkiG9w0BCQEWFG9wZXJhdG9yQHNhbXN1bmcuY29tMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQDDOReo+dBpN5pWRDlnEBSpS6ILx/yh6Oj3HAb0nIP3Nwed +nCwbRkNf8XuRqM3AdgDVnMko95EotpfshbEQD1gu9m+Ytqt7yggQf1UyvzLbp8KG +gwPuQQok3hfjnY9b+kZweJi0wRR3RKtZfEzTSvdU8jANOHOVnyEOqYY+/IJOCwID +AQABo4H6MIH3MB0GA1UdDgQWBBQlpZCfTTqkGQqARl7z+yDOVjAz2jCBxwYDVR0j +BIG/MIG8gBQlpZCfTTqkGQqARl7z+yDOVjAz2qGBmKSBlTCBkjELMAkGA1UEBhMC +UEwxFDASBgNVBAgTC01hem93aWVja2llMRAwDgYDVQQKEwdTYW1zdW5nMQ0wCwYD +VQQLEwRTUFJDMScwJQYDVQQDEx5PcGVyYXRvciBUZXN0IFJvb3QgQ2VydGlmaWNh +dGUxIzAhBgkqhkiG9w0BCQEWFG9wZXJhdG9yQHNhbXN1bmcuY29tggkAhX3hxdne +eh8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQC513JJCdhvYZRRQJ3D +0yNTl7gS7svdV+YfonY4XUJRvakwGfdnW6hnSp6h8KkiFJR3Mid5N5wKD1KAFGIA +lEWFO/2ttMMgRbq3kRqeOFEPm9XOdMe9SiGaLbVxC0LSlXJm/usRrWJEbDJOtAA3 +17jVS/Z0NnjWrmazym5C/8vC5g== +-----END CERTIFICATE----- diff --git a/tests/capi/data/pkey.pem b/tests/capi/data/pkey.pem new file mode 100644 index 0000000..ab1214a --- /dev/null +++ b/tests/capi/data/pkey.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,44C051D8935528BB + +iISuf9ELdyP5M0vlWOK4msH09HRAhN+43qRu/RDznpsTs2lX2sJITXXEmJC4EJzS +Zk4jf3ScTj1JsMGlg5k0mZWLmDb4kUxTRVUqJX2W4uUYEmWav7LQHRAsPwNUSMs3 +DzZabSf1vplnKKoL9mMtX4E0mj79AkJp7tARQu4Zn2FDMg/UnCErzhGeoFysztmM +v0Biyrf8yTbatMMr7Ea6rIsKS8KbkEeYDk4LpxBXkMeOutnnUUdhUEXZ/mwgJq2e ++8LLPiWdFsrGxPdub7iuLXidXSpOd9VaC9LN/ORKF+EiJtF+twWSBotxYOtwmtgj +xUHfXBcbaFoPnLKNS0nxwsOHF07LUfsCHzfVm1uGyWFkkLrPfcSjb6PahFlfO6w5 +fv8HnUOgeAjlhK6X+xhmw1tpwMUlmcYmq31eC8rwxP59jNQbhH6GVr5+rEMRHNgp +loC1WqthoRtBEC0bi99VpIHVIepe9G+p40sIropoUWftfDSLl3RtONg5GyyZWQ4a +ROxsiLHDZ7+q8eKkJuYPkiZ61/5MHuOsH5k57PG7ppG6/0p+ED4bTwxxDb6PU4pA +08xUTZQ0CUn1x80o/lKw+1E9TJOTbCvrEJAnMksfOkNkNyedgDJaxfV63wYvnL4+ +BLzCqa6djpe0Mg2olQieV/piRUt7JaGA7bnaMAn+bJ56PzUnMl0/WlxzGTMtHjkf +zUqgLLdxZpJP7zl4XleSfRWlPgL1iN1s84x48ej+MGgOGi7xTgX/sfCLkN4No/8k +c5Po+lQU261XAYNuAjtjUFQP/FgIMM9CnJrDWp8xHZXUJBo0c5lOKg== +-----END RSA PRIVATE KEY----- diff --git a/tests/capi/test_suite_01.cpp b/tests/capi/test_suite_01.cpp new file mode 100644 index 0000000..96b18c0 --- /dev/null +++ b/tests/capi/test_suite_01.cpp @@ -0,0 +1,1262 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include <string> + +#include <openssl/x509.h> + +#include <dpl/test/test_runner.h> +#include <dpl/log/log.h> + +#include <api_tests.h> + +#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL +#include "crl_cache.h" +#include <vcore/VCore.h> +#endif + +RUNNER_TEST_GROUP_INIT(CAPI) + +/* + * author: --- + * test: New certificate from file. + * description: Creating new certificate using *.pem file. + * expect: Certificate should be created and has correct string inside.. + */ +RUNNER_TEST(test01_certificate_new_from_file) +{ + CertSvcCertificate cert; + int result = certsvc_certificate_new_from_file( + vinstance, + "/usr/share/ca-certificates/wac/root_cacert0.pem", + &cert); + RUNNER_ASSERT_MSG(CERTSVC_TRUE == result, "Error reading certificate"); + + CertSvcString string; + + certsvc_certificate_get_string_field( + cert, + CERTSVC_SUBJECT_COMMON_NAME, + &string); + + const char *ptr = "Samsung"; + + const char *buffer; + int len; + + certsvc_string_to_cstring(string, &buffer, &len); + + result = strncmp( + buffer, + ptr, + strlen(ptr)); + + RUNNER_ASSERT_MSG(0 == result, "Error reading common name"); + + certsvc_certificate_free(cert); +} + +/* + * author: --- + * test: Searching certificate. + * description: Searching for certificate with specified value. + * expect: Found certificate should had correct string inside. + */ +RUNNER_TEST(test02_certificate_search) +{ + CertSvcCertificateList handler; + int result = certsvc_certificate_search(vinstance, + CERTSVC_SUBJECT_COMMON_NAME, + "WAC Application Services Ltd", + &handler); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in search method. errcode : " << result); + + CertSvcCertificate cert; + + result = certsvc_certificate_list_get_one(handler, 0, &cert); + + RUNNER_ASSERT_MSG(CERTSVC_TRUE == result, "Error reading certificate. errcode : " << result); + + CertSvcString string; + + certsvc_certificate_get_string_field( + cert, + CERTSVC_SUBJECT_COUNTRY_NAME, + &string); + + const char *ptr = "GB"; + const char *buffer; + + certsvc_string_to_cstring(string, &buffer, NULL); + + result = strncmp( + buffer, + ptr, + strlen(ptr)); + + RUNNER_ASSERT_MSG(0 == result, "Country does not match. result : " << result); +} + +/* + * author: --- + * test: Testing certificate sign. + * description: Testing if certificate is signed by proper CA. + * expect: Chain verification should return success. + */ +RUNNER_TEST(test03_is_signed_by) +{ + int result; + std::string googleCA = + "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG" + "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz" + "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2" + "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV" + "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt" + "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN" + "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE" + "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is" + "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G" + "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do" + "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc" + "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k"; + + std::string google2nd = + "MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV" + "UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi" + "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw" + "MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh" + "d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD" + "QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx" + "PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g" + "5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo" + "3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG" + "A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX" + "BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov" + "L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG" + "AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF" + "BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB" + "BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc" + "q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR" + "bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv"; + + CertSvcCertificate cert1, cert2; + + result = certsvc_certificate_new_from_memory( + vinstance, + (const unsigned char*)googleCA.c_str(), + googleCA.size(), + CERTSVC_FORM_DER_BASE64, + &cert1); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error reading certificate"); + + result = certsvc_certificate_new_from_memory( + vinstance, + (const unsigned char*)google2nd.c_str(), + google2nd.size(), + CERTSVC_FORM_DER_BASE64, + &cert2); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error reading certificate"); + + int status; + result = certsvc_certificate_is_signed_by(cert2, cert1, &status); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Chain verification failed"); + RUNNER_ASSERT_MSG(CERTSVC_TRUE == status, "Chain verification failed"); +} + +/* + * author: --- + * test: Certificate expiring test. + * description: Testing if certificate is valid before / after specified date. + * expect: Certificate should be valid before / after specified date. + */ +RUNNER_TEST(test04_not_before_not_after) +{ + std::string google2nd = + "MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV" + "UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi" + "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw" + "MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh" + "d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD" + "QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx" + "PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g" + "5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo" + "3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG" + "A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX" + "BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov" + "L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG" + "AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF" + "BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB" + "BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc" + "q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR" + "bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv"; + + CertSvcCertificate cert; + int result; + + result = certsvc_certificate_new_from_memory( + vinstance, + (const unsigned char *)google2nd.c_str(), + google2nd.size(), + CERTSVC_FORM_DER_BASE64, + &cert); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error reading certificate"); + + time_t before, after; + result = certsvc_certificate_get_not_before(cert, &before); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error extracting NOT_BEFORE"); + RUNNER_ASSERT_MSG(before == 1084406400, "TODO"); + + result = certsvc_certificate_get_not_after(cert, &after); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error extracting NOT_AFTER"); + //extracted: date --date="May 12 23:59:59 2014 GMT" +%s + RUNNER_ASSERT_MSG(after == 1399939199, "TODO"); +} + +#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL +/* + * author: --- + * test: Testing internal certificate extency. + * description: Getting Certificate Revocation List (CRL) + * expect: It should be possible to get CRL from certificate. + */ +RUNNER_TEST(test05_get_clr_dist_points) +{ + std::string google2nd = + "MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV" + "UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi" + "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw" + "MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh" + "d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD" + "QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx" + "PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g" + "5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo" + "3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG" + "A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX" + "BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov" + "L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG" + "AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF" + "BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB" + "BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc" + "q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR" + "bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv"; + + CertSvcCertificate cert; + + int result = certsvc_certificate_new_from_memory( + vinstance, + (const unsigned char*)google2nd.c_str(), + google2nd.size(), + CERTSVC_FORM_DER_BASE64, + &cert); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate"); + + CertSvcStringList stringList; + + result = certsvc_certificate_get_crl_distribution_points(cert, &stringList); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading distribution points"); + + int size; + + result = certsvc_string_list_get_length(stringList, &size); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in string list"); + +// RUNNER_ASSERT_MSG(1 == size, "Distribution point list is too small"); + + CertSvcString vstring; + + result = certsvc_string_list_get_one(stringList, 0, &vstring); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in extracting result from list"); + + int len; + const char *ptr; + + certsvc_string_to_cstring(vstring, &ptr, &len); + + RUNNER_ASSERT_MSG(0 == strncmp(ptr,"http://crl.verisign.com/pca3.crl", len), "Check distribution points failed!"); +} +#endif + +/* + * author: --- + * test: Import fields from certificate. + * description: Getting common name from certificate. + * expect: It should be possible to get common name from certificate. + */ +RUNNER_TEST(test06_cert_get_field) +{ + std::string google2nd = + "MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV" + "UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi" + "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw" + "MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh" + "d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD" + "QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx" + "PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g" + "5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo" + "3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG" + "A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX" + "BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov" + "L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG" + "AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF" + "BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB" + "BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc" + "q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR" + "bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv"; + + CertSvcCertificate cert; + + int result = certsvc_certificate_new_from_memory( + vinstance, + (const unsigned char*)google2nd.c_str(), + google2nd.size(), + CERTSVC_FORM_DER_BASE64, + &cert); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate."); + + CertSvcString subject, issuer; + + result = certsvc_certificate_get_string_field( + cert, + CERTSVC_SUBJECT, + &subject); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading SUBJECT field."); + + result = certsvc_certificate_get_string_field( + cert, + CERTSVC_ISSUER, + &issuer); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading ISSUER field."); + + int size; + const char *ptr; + + certsvc_string_to_cstring(subject, &ptr, &size); + RUNNER_ASSERT_MSG(0 == strncmp(ptr, "/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA", size), "Subject does not match."); + + certsvc_string_to_cstring(issuer, &ptr, &size); + RUNNER_ASSERT_MSG(0 == strncmp(ptr, "/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority", size), "Issuer does not match."); +} + +/* + * author: --- + * test: Sorting certificates chain. + * description: Certificate chain is being sorted. + * expect: It is possible to sor certificates chain. + */ +RUNNER_TEST(test07_chain_sort) +{ + std::string certEE = + "MIIDIjCCAougAwIBAgIQK59+5colpiUUIEeCdTqbuTANBgkqhkiG9w0BAQUFADBM" + "MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg" + "THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x" + "MzA5MzAyMzU5NTlaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh" + "MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRgw" + "FgYDVQQDFA9tYWlsLmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ" + "AoGBAK85FZho5JL+T0/xu/8NLrD+Jaq9aARnJ+psQ0ynbcvIj36B7ocmJRASVDOe" + "qj2bj46Ss0sB4/lKKcMP/ay300yXKT9pVc9wgwSvLgRudNYPFwn+niAkJOPHaJys" + "Eb2S5LIbCfICMrtVGy0WXzASI+JMSo3C2j/huL/3OrGGvvDFAgMBAAGjgecwgeQw" + "DAYDVR0TAQH/BAIwADA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnRoYXd0" + "ZS5jb20vVGhhd3RlU0dDQ0EuY3JsMCgGA1UdJQQhMB8GCCsGAQUFBwMBBggrBgEF" + "BQcDAgYJYIZIAYb4QgQBMHIGCCsGAQUFBwEBBGYwZDAiBggrBgEFBQcwAYYWaHR0" + "cDovL29jc3AudGhhd3RlLmNvbTA+BggrBgEFBQcwAoYyaHR0cDovL3d3dy50aGF3" + "dGUuY29tL3JlcG9zaXRvcnkvVGhhd3RlX1NHQ19DQS5jcnQwDQYJKoZIhvcNAQEF" + "BQADgYEANYARzVI+hCn7wSjhIOUCj19xZVgdYnJXPOZeJWHTy60i+NiBpOf0rnzZ" + "wW2qkw1iB5/yZ0eZNDNPPQJ09IHWOAgh6OKh+gVBnJzJ+fPIo+4NpddQVF4vfXm3" + "fgp8tuIsqK7+lNfNFjBxBKqeecPStiSnJavwSI4vw6e7UN0Pz7A="; + + std::string certCA = + "MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV" + "UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi" + "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw" + "MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh" + "d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD" + "QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx" + "PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g" + "5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo" + "3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG" + "A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX" + "BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov" + "L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG" + "AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF" + "BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB" + "BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc" + "q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR" + "bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv"; + + std::string certRCA = + "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG" + "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz" + "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2" + "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV" + "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt" + "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN" + "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE" + "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is" + "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G" + "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do" + "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc" + "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k"; + + CertSvcCertificate cert1, cert2, cert3; + + int result = certsvc_certificate_new_from_memory( + vinstance, + (const unsigned char*)certEE.c_str(), + certEE.size(), + CERTSVC_FORM_DER_BASE64, + &cert1); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate."); + + result = certsvc_certificate_new_from_memory( + vinstance, + (const unsigned char*)certCA.c_str(), + certCA.size(), + CERTSVC_FORM_DER_BASE64, + &cert2); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate."); + + result = certsvc_certificate_new_from_memory( + vinstance, + (const unsigned char*)certRCA.c_str(), + certRCA.size(), + CERTSVC_FORM_DER_BASE64, + &cert3); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate."); + + CertSvcCertificate collection[3]; + collection[0] = cert1; + collection[1] = cert3; + collection[2] = cert2; + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == certsvc_certificate_chain_sort(collection, 3), "FAIL TO SORT CERTIFICATE"); + + RUNNER_ASSERT_MSG(collection[2].privateHandler == cert3.privateHandler, "certsvc_certificate_chain_sort failed"); + + collection[0] = cert1; + collection[1] = cert3; + + RUNNER_ASSERT_MSG(CERTSVC_FAIL == certsvc_certificate_chain_sort(collection, 2), "certsvc_certificate_chain_sort failed"); +} + +/* + * author: --- + * test: Verification of DSA SHA1. + * description: Testing certificate DSA SH1. + * expect: Certificate DSA SH1 should be correct. + */ +RUNNER_TEST(test08_message_verify_dsa_sha1) +{ + std::string magda = + "MIIEDzCCA3igAwIBAgIJAMdKgvadG/Z/MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV" + "BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT" + "BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA" + "c2Ftc3VuZy5jb20wHhcNMTExMDA1MTIxMTMzWhcNMjExMDAyMTIxMTMzWjCBijEL" + "MAkGA1UEBhMCUEwxFDASBgNVBAgTC01hem93aWVja2llMRIwEAYDVQQHEwlsZWdp" + "b25vd28xEDAOBgNVBAoTB3NhbXN1bmcxDTALBgNVBAsTBHNwcmMxDjAMBgNVBAMT" + "BW1hZ2RhMSAwHgYJKoZIhvcNAQkBFhFtYWdkYUBzYW1zdW5nLmNvbTCCAbcwggEr" + "BgcqhkjOOAQBMIIBHgKBgQC1PCOasFhlfMc1yjdcp7zkzXGiW+MpVuFlsdYwkAa9" + "sIvNrQLi2ulxcnNBeCHKDbk7U+J3/QwO2XanapQMUqvfjfjL1QQ5Vf7ENUWPNP7c" + "Evx82Nb5jWdHyRfV//TciBZN8GLNEbfhtWlhI6CbDW1AaY0nPZ879rSIk7/aNKZ3" + "FQIVALcr8uQAmnV+3DLIA5nTo0Bg0bjLAoGAJG7meUtQbMulRMdjzeCoya2FXdm+" + "4acvInE9/+MybXTB3bFANMyw6WTvk4K9RK8tm52N95cykTjpAbxqTMaXwkdWbOFd" + "VKAKnyxi/UKtY9Q6NmwJB2hbA1GUzhPko8rEda66CGl0VbyM1lKMJjA+wp9pG110" + "L0ov19Q9fvqKp5UDgYUAAoGBAKxAQg7MqCgkC0MJftYjNaKM5n1iZv4j1li49zKf" + "Y5nTLP+vYAvg0owLNYvJ5ncKfY1DACPU4/+tC7TTua95wgj5rwvAXnzgSyOGuSr0" + "fK9DyrH6E0LfXT+WuIQHahm2iSbxqPrChlnp5/EXDTBaO6Qfdpq0BP48ClZebxcA" + "+TYFo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy" + "YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUmSpShswvWtEABd+l3WxccRcCydUw" + "HwYDVR0jBBgwFoAUggh/2wAChuhTKqX6WK5nfxQ4yGAwDQYJKoZIhvcNAQEFBQAD" + "gYEAgfnAu/gMJRC/BFwkgvrHL0TV4ffPVAf7RSnZS6ib4IHGgrvXJvL+Qh7vHykv" + "ZIqD2L96nY2EaSNr0yXrT81YROndOQUJNx4Y/W8m6asu4hzANNZqWCbApPDIMK6V" + "cPA1wrKgZqbWp218WBqI2v9pXV0O+jpzxq1+GeQV2UsbRwc="; + + std::string message = "c2lnbmVkIGRhdGEK"; + std::string signature = "MC0CFQCL2pDA4S/zsHkDUCWOq7K6ebG14gIUHHoLsbeUd+BEqBXB6XjmcTncBRA="; + + CertSvcString msgb64, sigb64, msg, sig; + + int result = certsvc_string_new(vinstance, message.c_str(), message.size(), &msgb64); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading messsage."); + + result = certsvc_string_new(vinstance, signature.c_str(), signature.size(), &sigb64); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading signature."); + + CertSvcCertificate cert; + + result = certsvc_certificate_new_from_memory( + vinstance, + (const unsigned char*)magda.c_str(), + magda.size(), + CERTSVC_FORM_DER_BASE64, + &cert); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate."); + + result = certsvc_base64_decode(msgb64, &msg); + RUNNER_ASSERT_MSG(result == CERTSVC_TRUE, "Error in decoding base64."); + result = certsvc_base64_decode(sigb64, &sig); + RUNNER_ASSERT_MSG(result == CERTSVC_TRUE, "Error in decoding base64."); + + int status; + result = certsvc_message_verify(cert, msg, sig, "sha1", &status); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in verify message."); + RUNNER_ASSERT_MSG(status == CERTSVC_TRUE, "Error in verify message."); +} + +/* + * author: --- + * test: Verification of RSA SHA1. + * description: Testing certificate RSA SH1. + * expect: Certificate RSA SH1 should be correct. + */ +RUNNER_TEST(test09_message_verify_rsa_sha1) +{ + std::string filip = + "MIIC4zCCAkygAwIBAgIJAMdKgvadG/Z+MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV" + "BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT" + "BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA" + "c2Ftc3VuZy5jb20wHhcNMTExMDA1MTIwMDUxWhcNMjExMDAyMTIwMDUxWjB4MQsw" + "CQYDVQQGEwJQTDEMMAoGA1UECBMDTUFaMQwwCgYDVQQHEwNMZWcxDDAKBgNVBAoT" + "A1NhbTENMAsGA1UECxMEU1BSQzEOMAwGA1UEAxMFRmlsaXAxIDAeBgkqhkiG9w0B" + "CQEWEWZpbGlwQHNhbXN1bmcuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB" + "gQDS/sS0wXSCb34ojN8bWFd4Pl9eTLHh18UNGsPpLpp4itdfuc/OgyqaSoDwBzVh" + "EWAVLCTxexUa4Ncva+41NbkW4RCsFzeGs0ktpu1+8Q+v0QEOGqVF2rQkgilzDF/o" + "O56Fxw9vG1OA+qdQd3yOAV2EqLNBPrEYB9K5GFyffrakSQIDAQABo3sweTAJBgNV" + "HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp" + "Y2F0ZTAdBgNVHQ4EFgQUeyy3iV75KtOkpPFd6mnR9dFGZMwwHwYDVR0jBBgwFoAU" + "ggh/2wAChuhTKqX6WK5nfxQ4yGAwDQYJKoZIhvcNAQEFBQADgYEADtv0CBrQ1QCM" + "H9jKFjpSpq7zFKMXQeVtb/Zie823//woicg8kxnP5sS4dJWNXNb1iMLdhgV80g1y" + "t3gTWPxTtFzprQyNiJHTmrbNWXLX1roRVGUE/I8Q4xexqpbNlJIW2Jjm/kqoKfnK" + "xORG6HNPXZV29NY2fDRPPOIYoFQzrXI="; + + std::string message = "Q3plZ28gdHUgc3p1a2Fzej8K"; + std::string signature = + "xEIpVjEIUoDkYGtX2ih6Gbya0/gr7OMdvbBKmjqzfNh9GHqwrgjglByeC5sspUzPBUF4Vmg/hZqL" + "gSsxXw9bKEa8c6mTQoNX51IC0ELPsoUMIJF1gGdFu0SzKptvU0+ksiiOM+70+s5t8s3z0G5PeA7O" + "99oq8UlrX7GDlxaoTU4="; + + CertSvcString msgb64, sigb64, msg, sig; + + int result = certsvc_string_new(vinstance, message.c_str(), message.size(), &msgb64); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading messsage."); + + result = certsvc_string_new(vinstance, signature.c_str(), signature.size(), &sigb64); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading signature."); + + CertSvcCertificate cert; + + result = certsvc_certificate_new_from_memory( + vinstance, + (const unsigned char*)filip.c_str(), + filip.size(), + CERTSVC_FORM_DER_BASE64, + &cert); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate."); + + result = certsvc_base64_decode(msgb64, &msg); + RUNNER_ASSERT_MSG(result == CERTSVC_TRUE, "Error in decoding base64."); + + result = certsvc_base64_decode(sigb64, &sig); + RUNNER_ASSERT_MSG(result == CERTSVC_TRUE, "Error in decoding base64."); + + int status; + result = certsvc_message_verify(cert, msg, sig, "sha1", &status); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in verify message."); + RUNNER_ASSERT_MSG(status == CERTSVC_SUCCESS, "Error in verify message."); + + message[0] = 'q'; + + result = certsvc_string_new(vinstance, message.c_str(), message.size(), &msgb64); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading messsage."); + + result = certsvc_base64_decode(msgb64, &msg); + RUNNER_ASSERT_MSG(result == CERTSVC_TRUE, "Error in decoding base64."); + + result = certsvc_message_verify(cert, msg, sig, "sha1", &status); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in verify message."); + RUNNER_ASSERT_MSG(status == CERTSVC_INVALID_SIGNATURE, "Error in verify message."); +} + +/* + * author: --- + * test: Verification of RSA SHA1. + * description: Testing certificate RSA SHA256. + * expect: Certificate RSA SH256 should be correct. + */ +RUNNER_TEST(test10_message_verify_rsa_sha256) +{ + std::string filip = + "MIIC4zCCAkygAwIBAgIJAMdKgvadG/Z+MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV" + "BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT" + "BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA" + "c2Ftc3VuZy5jb20wHhcNMTExMDA1MTIwMDUxWhcNMjExMDAyMTIwMDUxWjB4MQsw" + "CQYDVQQGEwJQTDEMMAoGA1UECBMDTUFaMQwwCgYDVQQHEwNMZWcxDDAKBgNVBAoT" + "A1NhbTENMAsGA1UECxMEU1BSQzEOMAwGA1UEAxMFRmlsaXAxIDAeBgkqhkiG9w0B" + "CQEWEWZpbGlwQHNhbXN1bmcuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB" + "gQDS/sS0wXSCb34ojN8bWFd4Pl9eTLHh18UNGsPpLpp4itdfuc/OgyqaSoDwBzVh" + "EWAVLCTxexUa4Ncva+41NbkW4RCsFzeGs0ktpu1+8Q+v0QEOGqVF2rQkgilzDF/o" + "O56Fxw9vG1OA+qdQd3yOAV2EqLNBPrEYB9K5GFyffrakSQIDAQABo3sweTAJBgNV" + "HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp" + "Y2F0ZTAdBgNVHQ4EFgQUeyy3iV75KtOkpPFd6mnR9dFGZMwwHwYDVR0jBBgwFoAU" + "ggh/2wAChuhTKqX6WK5nfxQ4yGAwDQYJKoZIhvcNAQEFBQADgYEADtv0CBrQ1QCM" + "H9jKFjpSpq7zFKMXQeVtb/Zie823//woicg8kxnP5sS4dJWNXNb1iMLdhgV80g1y" + "t3gTWPxTtFzprQyNiJHTmrbNWXLX1roRVGUE/I8Q4xexqpbNlJIW2Jjm/kqoKfnK" + "xORG6HNPXZV29NY2fDRPPOIYoFQzrXI="; + + std::string message = "Q3plZ28gdHUgc3p1a2Fzej8K"; + std::string signature = + "a5nGT6wnbQ8MLwLkG965E4e1Rv983E+v3nolLvvjuAKnfgWYb+70Da+T9ggYDTjngq+EBgC30w1p" + "EScrwye8ELefvRxDWy1+tWR4QRW/Nd4oN2U/pvozoabDSpe9Cvt0ECEOWKDqIYYnoWFjOiXg9VwD" + "HVVkQXvsSYu6thX/Xsk="; + + CertSvcString msgb64, sigb64, msg, sig; + + int result = certsvc_string_new(vinstance, message.c_str(), message.size(), &msgb64); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading messsage."); + + result = certsvc_string_new(vinstance, signature.c_str(), signature.size(), &sigb64); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading signature."); + + CertSvcCertificate cert; + + result = certsvc_certificate_new_from_memory( + vinstance, + (const unsigned char*)filip.c_str(), + filip.size(), + CERTSVC_FORM_DER_BASE64, + &cert); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate."); + + result = certsvc_base64_decode(msgb64, &msg); + RUNNER_ASSERT_MSG(result == CERTSVC_TRUE, "Error in decoding base64."); + + result = certsvc_base64_decode(sigb64, &sig); + RUNNER_ASSERT_MSG(result == CERTSVC_TRUE, "Error in decoding base64."); + + int status; + result = certsvc_message_verify(cert, msg, sig, "sha256", &status); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in verify message."); + RUNNER_ASSERT_MSG(status == CERTSVC_SUCCESS, "Error in verify message."); + + message[0] = 'q'; + + result = certsvc_string_new(vinstance, message.c_str(), message.size(), &msgb64); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading messsage."); + + result = certsvc_base64_decode(msgb64, &msg); + RUNNER_ASSERT_MSG(result == CERTSVC_TRUE, "Error in decoding base64."); + + result = certsvc_message_verify(cert, msg, sig, "sha256", &status); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in verify message."); + RUNNER_ASSERT_MSG(status == CERTSVC_INVALID_SIGNATURE, "Error in verify message."); +} + +#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL +/* + * author: --- + * test: OCSP test. + * description: Testing OCSP for certificate list. + * expect: OCSP should return success. + */ +RUNNER_TEST(test11_ocsp) +{ + ValidationCore::VCoreInit(); + + std::string certEE = + "MIIE+zCCBGSgAwIBAgICAQ0wDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1Zh" + "bGlDZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIElu" + "Yy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24g" + "QXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAe" + "BgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTA0MDYyOTE3MDYyMFoX" + "DTI0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBE" + "YWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0" + "aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgC" + "ggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv" + "2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+q" + "N1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiO" + "r18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lN" + "f4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEH" + "U1jPEX44dMX4/7VpkI+EdOqXG68CAQOjggHhMIIB3TAdBgNVHQ4EFgQU0sSw0pHU" + "TBFxs2HLPaH+3ahq1OMwgdIGA1UdIwSByjCBx6GBwaSBvjCBuzEkMCIGA1UEBxMb" + "VmFsaUNlcnQgVmFsaWRhdGlvbiBOZXR3b3JrMRcwFQYDVQQKEw5WYWxpQ2VydCwg" + "SW5jLjE1MDMGA1UECxMsVmFsaUNlcnQgQ2xhc3MgMiBQb2xpY3kgVmFsaWRhdGlv" + "biBBdXRob3JpdHkxITAfBgNVBAMTGGh0dHA6Ly93d3cudmFsaWNlcnQuY29tLzEg" + "MB4GCSqGSIb3DQEJARYRaW5mb0B2YWxpY2VydC5jb22CAQEwDwYDVR0TAQH/BAUw" + "AwEB/zAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmdv" + "ZGFkZHkuY29tMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jZXJ0aWZpY2F0ZXMu" + "Z29kYWRkeS5jb20vcmVwb3NpdG9yeS9yb290LmNybDBLBgNVHSAERDBCMEAGBFUd" + "IAAwODA2BggrBgEFBQcCARYqaHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNv" + "bS9yZXBvc2l0b3J5MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOBgQC1" + "QPmnHfbq/qQaQlpE9xXUhUaJwL6e4+PrxeNYiY+Sn1eocSxI0YGyeR+sBjUZsE4O" + "WBsUs5iB0QQeyAfJg594RAoYC5jcdnplDQ1tgMQLARzLrUc+cb53S8wGd9D0Vmsf" + "SxOaFIqII6hR8INMqzW/Rn453HWkrugp++85j09VZw=="; + + + std::string certCA = + "MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx" + "ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g" + "RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMTYw" + "MTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH" + "QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5j" + "b20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j" + "b20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmlj" + "YXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJKoZIhvcN" + "AQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161+4WQFapmGBWTtwY6vj3D3H" + "KrjJM9N55DrtPDAjhI6zMBS2sofDPZVUBJ7fmd0LJR4h3mUpfjWoqVTr9vcyOdQm" + "VZWt7/v+WIbXnvQAjYwqDL1CBM6nPwT27oDyqu9SoWlm2r4arV3aLGbqGmu75RpR" + "SgAvSMeYddi5Kcju+GZtCpyz8/x4fKL4o/K1w/O5epHBp+YlLpyo7RJlbmr2EkRT" + "cDCVw5wrWCs9CHRK8r5RsL+H0EwnWGu1NcWdrxcx+AuP7q2BNgWJCJjPOq8lh8BJ" + "6qf9Z/dFjpfMFDniNoW1fho3/Rb2cRGadDAW/hOUoz+EDU8CAwEAAaOCATIwggEu" + "MB0GA1UdDgQWBBT9rGEyk2xF1uLuhV+auud2mWjM5zAfBgNVHSMEGDAWgBTSxLDS" + "kdRMEXGzYcs9of7dqGrU4zASBgNVHRMBAf8ECDAGAQH/AgEAMDMGCCsGAQUFBwEB" + "BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wRgYDVR0f" + "BD8wPTA7oDmgN4Y1aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv" + "c2l0b3J5L2dkcm9vdC5jcmwwSwYDVR0gBEQwQjBABgRVHSAAMDgwNgYIKwYBBQUH" + "AgEWKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTAO" + "BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBANKGwOy9+aG2Z+5mC6IG" + "OgRQjhVyrEp0lVPLN8tESe8HkGsz2ZbwlFalEzAFPIUyIXvJxwqoJKSQ3kbTJSMU" + "A2fCENZvD117esyfxVgqwcSeIaha86ykRvOe5GPLL5CkKSkB2XIsKd83ASe8T+5o" + "0yGPwLPk9Qnt0hCqU7S+8MxZC9Y7lhyVJEnfzuz9p0iRFEUOOjZv2kWzRaJBydTX" + "RE4+uXR21aITVSzGh6O1mawGhId/dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuH" + "qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV" + "U+4="; + + std::string certRCA = + "MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0" + "IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz" + "BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y" + "aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG" + "9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy" + "NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y" + "azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs" + "YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw" + "Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl" + "cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY" + "dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9" + "WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS" + "v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v" + "UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu" + "IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC" + "W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd"; + + CertSvcCertificate cert1, cert2, cert3; + + int result = certsvc_certificate_new_from_memory( + vinstance, + (const unsigned char*)certEE.c_str(), + certEE.size(), + CERTSVC_FORM_DER_BASE64, + &cert1); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate."); + + result = certsvc_certificate_new_from_memory( + vinstance, + (const unsigned char*)certCA.c_str(), + certCA.size(), + CERTSVC_FORM_DER_BASE64, + &cert2); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate."); + + result = certsvc_certificate_new_from_memory( + vinstance, + (const unsigned char*)certRCA.c_str(), + certRCA.size(), + CERTSVC_FORM_DER_BASE64, + &cert3); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate."); + + CertSvcCertificate collection[3]; + collection[0] = cert1; + collection[1] = cert2; + collection[2] = cert3; + + int status; + result = certsvc_ocsp_check(collection, 3, collection, 3, NULL, &status); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in ocsp check."); + + RUNNER_ASSERT_MSG(status & CERTSVC_OCSP_GOOD, "Error in ocsp."); + ValidationCore::VCoreDeinit(); +} + +/* + * author: --- + * test: OCSP test. + * description: Testing OCSP for certificate list. + * expect: OCSP should return success. + */ +RUNNER_TEST(test12_ocsp) +{ + ValidationCore::VCoreInit(); + + std::string googleCA = + "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG" + "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz" + "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2" + "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV" + "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt" + "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN" + "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE" + "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is" + "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G" + "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do" + "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc" + "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k"; + + std::string google2nd = + "MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV" + "UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi" + "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw" + "MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh" + "d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD" + "QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx" + "PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g" + "5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo" + "3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG" + "A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX" + "BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov" + "L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG" + "AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF" + "BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB" + "BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc" + "q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR" + "bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv"; + + std::string google3rd = + "MIIDIjCCAougAwIBAgIQK59+5colpiUUIEeCdTqbuTANBgkqhkiG9w0BAQUFADBM" + "MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg" + "THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x" + "MzA5MzAyMzU5NTlaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh" + "MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRgw" + "FgYDVQQDFA9tYWlsLmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ" + "AoGBAK85FZho5JL+T0/xu/8NLrD+Jaq9aARnJ+psQ0ynbcvIj36B7ocmJRASVDOe" + "qj2bj46Ss0sB4/lKKcMP/ay300yXKT9pVc9wgwSvLgRudNYPFwn+niAkJOPHaJys" + "Eb2S5LIbCfICMrtVGy0WXzASI+JMSo3C2j/huL/3OrGGvvDFAgMBAAGjgecwgeQw" + "DAYDVR0TAQH/BAIwADA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnRoYXd0" + "ZS5jb20vVGhhd3RlU0dDQ0EuY3JsMCgGA1UdJQQhMB8GCCsGAQUFBwMBBggrBgEF" + "BQcDAgYJYIZIAYb4QgQBMHIGCCsGAQUFBwEBBGYwZDAiBggrBgEFBQcwAYYWaHR0" + "cDovL29jc3AudGhhd3RlLmNvbTA+BggrBgEFBQcwAoYyaHR0cDovL3d3dy50aGF3" + "dGUuY29tL3JlcG9zaXRvcnkvVGhhd3RlX1NHQ19DQS5jcnQwDQYJKoZIhvcNAQEF" + "BQADgYEANYARzVI+hCn7wSjhIOUCj19xZVgdYnJXPOZeJWHTy60i+NiBpOf0rnzZ" + "wW2qkw1iB5/yZ0eZNDNPPQJ09IHWOAgh6OKh+gVBnJzJ+fPIo+4NpddQVF4vfXm3" + "fgp8tuIsqK7+lNfNFjBxBKqeecPStiSnJavwSI4vw6e7UN0Pz7A="; + + CertSvcCertificate cert1, cert2, cert3; + + int result = certsvc_certificate_new_from_memory( + vinstance, + (const unsigned char*)google3rd.c_str(), + google3rd.size(), + CERTSVC_FORM_DER_BASE64, + &cert1); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate."); + + result = certsvc_certificate_new_from_memory( + vinstance, + (const unsigned char*)google2nd.c_str(), + google2nd.size(), + CERTSVC_FORM_DER_BASE64, + &cert2); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate."); + + result = certsvc_certificate_new_from_memory( + vinstance, + (const unsigned char*)googleCA.c_str(), + googleCA.size(), + CERTSVC_FORM_DER_BASE64, + &cert3); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in reading certificate."); + + CertSvcCertificate collection[3]; + collection[0] = cert1; + collection[1] = cert2; + collection[2] = cert3; + + int status; + result = certsvc_ocsp_check(collection, 3, collection, 3, NULL, &status); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in ocsp check."); + + RUNNER_ASSERT_MSG(status & CERTSVC_OCSP_GOOD, "Error in ocsp."); + + // Invalid URL Test + result = certsvc_ocsp_check(collection, 3, collection, 3, "http://127.0.0.1:9999", &status); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in ocsp check."); + + RUNNER_ASSERT_MSG(status & CERTSVC_OCSP_CONNECTION_FAILED, "Error in ocsp."); + ValidationCore::VCoreDeinit(); +} + +/* + * author: --- + * test: Testing CRL. + * description: Testing CRL of certificates. + * expect: CRL test should return sucess. + */ +RUNNER_TEST(test13_crl) +{ + const int MAXC = 3; + std::string cert[MAXC]; + cert[0] = + "MIIDIjCCAougAwIBAgIQK59+5colpiUUIEeCdTqbuTANBgkqhkiG9w0BAQUFADBM" + "MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg" + "THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x" + "MzA5MzAyMzU5NTlaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh" + "MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRgw" + "FgYDVQQDFA9tYWlsLmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ" + "AoGBAK85FZho5JL+T0/xu/8NLrD+Jaq9aARnJ+psQ0ynbcvIj36B7ocmJRASVDOe" + "qj2bj46Ss0sB4/lKKcMP/ay300yXKT9pVc9wgwSvLgRudNYPFwn+niAkJOPHaJys" + "Eb2S5LIbCfICMrtVGy0WXzASI+JMSo3C2j/huL/3OrGGvvDFAgMBAAGjgecwgeQw" + "DAYDVR0TAQH/BAIwADA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnRoYXd0" + "ZS5jb20vVGhhd3RlU0dDQ0EuY3JsMCgGA1UdJQQhMB8GCCsGAQUFBwMBBggrBgEF" + "BQcDAgYJYIZIAYb4QgQBMHIGCCsGAQUFBwEBBGYwZDAiBggrBgEFBQcwAYYWaHR0" + "cDovL29jc3AudGhhd3RlLmNvbTA+BggrBgEFBQcwAoYyaHR0cDovL3d3dy50aGF3" + "dGUuY29tL3JlcG9zaXRvcnkvVGhhd3RlX1NHQ19DQS5jcnQwDQYJKoZIhvcNAQEF" + "BQADgYEANYARzVI+hCn7wSjhIOUCj19xZVgdYnJXPOZeJWHTy60i+NiBpOf0rnzZ" + "wW2qkw1iB5/yZ0eZNDNPPQJ09IHWOAgh6OKh+gVBnJzJ+fPIo+4NpddQVF4vfXm3" + "fgp8tuIsqK7+lNfNFjBxBKqeecPStiSnJavwSI4vw6e7UN0Pz7A="; + + cert[1] = + "MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV" + "UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi" + "bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw" + "MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh" + "d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD" + "QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx" + "PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g" + "5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo" + "3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG" + "A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX" + "BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov" + "L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG" + "AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF" + "BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB" + "BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc" + "q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR" + "bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv"; + + cert[2] = + "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG" + "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz" + "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2" + "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV" + "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt" + "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN" + "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE" + "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is" + "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G" + "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do" + "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc" + "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k"; + + + CertSvcCertificate certificate[MAXC]; + + int result, status; + + for (int i=0; i<MAXC; ++i) { + LogDebug("Reading certificate: " << i); + int result = certsvc_certificate_new_from_memory( + vinstance, + (const unsigned char*)cert[i].c_str(), + cert[i].size(), + CERTSVC_FORM_DER_BASE64, + &certificate[i]); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error reading certificate"); + } + + certsvc_crl_cache_functions( + vinstance, + memoryCacheWrite, + memoryCacheRead, + memoryCacheFree); + + MemoryCache mcache; + + for (int i=0; i<MAXC; ++i) { + LogDebug("Check " << i << " certificate."); + result = certsvc_crl_check(certificate[i], certificate, MAXC, 0, &status, &mcache); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in crl."); + if (i<2) { + RUNNER_ASSERT_MSG(CERTSVC_CRL_GOOD & status, "Check of crl status failed."); + } else { + RUNNER_ASSERT_MSG(CERTSVC_CRL_NO_SUPPORT & status, "Check of crl status failed."); + } + LogDebug("Status: " << status); + } +} +#endif + +/* + * author: --- + * test: Certificate verification. + * description: Verification of certificates. + * expect: Verification should return expected results. + */ +RUNNER_TEST(test14_certificate_verify) +{ + const int MAXC = 3; + std::string cert[MAXC]; + cert[0] = // aia_signer + "MIIDXTCCAsagAwIBAgIBAjANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJLUjEO" + "MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu" + "IFRlc3QxFzAVBgNVBAMMDlRlc3QgU2Vjb25kIENBMRswGQYJKoZIhvcNAQkBFgx0" + "dEBnbWFpbC5jb20wHhcNMTQwNjE4MDgxMTA0WhcNMTUwNjE4MDgxMTA0WjB7MQsw" + "CQYDVQQGEwJLUjEOMAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxFzAV" + "BgNVBAsMDlRpemVuIFRlc3QgQUlBMRQwEgYDVQQDDAtUZXN0IFNpZ25lcjEbMBkG" + "CSqGSIb3DQEJARYMdHRAZ21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB" + "iQKBgQCwgKw+/71jWXnx4bLLZrTPmE+NrDfHSfZx8yTGYeewMzP6ZlXM8WduxNiq" + "pqm7G2XN182GEXsdoxwa09HtMVGqSGA/BCamD1Z6liHOEb4UTB3ROJ1lZDDkyJ9a" + "gZOfoZst/Aj8+bwV3x3ie+p4a2w/8eSsalrfef2gX6khaSsJOwIDAQABo4HxMIHu" + "MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl" + "cnRpZmljYXRlMB0GA1UdDgQWBBRL0nKiNUjzh1/LPvZoqLvnVfOZqjAfBgNVHSME" + "GDAWgBSpSfNbE0V2NHn/V5f660v2cWwYgDBzBggrBgEFBQcBAQRnMGUwIQYIKwYB" + "BQUHMAGGFWh0dHA6Ly8xMjcuMC4wLjE6ODg4ODBABggrBgEFBQcwAoY0aHR0cDov" + "L1NWUlNlY3VyZS1HMy1haWEudmVyaXNpZ24uY29tL1NWUlNlY3VyZUczLmNlcjAN" + "BgkqhkiG9w0BAQUFAAOBgQABP+yru9/2auZ4ekjV03WRg5Vq/rqmOHDruMNVbZ4H" + "4PBLRLSpC//OGahgEgUKe89BcB10lUi55D5YME3Do89I+hFugv0BPGaA201iLOhL" + "/0u0aVm1yJxNt1YjW2fMKqnCHgjoHzh0wQC1pIb5vxJrYCn3Pbhml7W6JPDDJHfm" + "XQ=="; + + cert[1] = // second_ca + "MIIDLzCCApigAwIBAgIBATANBgkqhkiG9w0BAQUFADB4MQswCQYDVQQGEwJLUjEO" + "MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu" + "IFRlc3QxFTATBgNVBAMMDFRlc3QgUm9vdCBDQTEbMBkGCSqGSIb3DQEJARYMdHRA" + "Z21haWwuY29tMB4XDTE0MDYxODA4MTA1OVoXDTE1MDYxODA4MTA1OVowejELMAkG" + "A1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMRAwDgYDVQQKDAdTYW1zdW5nMRMwEQYD" + "VQQLDApUaXplbiBUZXN0MRcwFQYDVQQDDA5UZXN0IFNlY29uZCBDQTEbMBkGCSqG" + "SIb3DQEJARYMdHRAZ21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB" + "gQDLJrMAF/JzxIIrQzQ/3FGt7cGAUEYaEFSo+hcDKYRXaZC33/kkVANYFh+log9e" + "MJUUlt0TBOg79tOnS/5MBwWaVLEOLalv0Uj2FfjEMpGd/xEF6Vv34mSTcWadMHyD" + "wYwDZVwdFkrvOkA6WwgwS8XSrpbH/nkKUkKpk+YYljKEzQIDAQABo4HGMIHDMB0G" + "A1UdDgQWBBSpSfNbE0V2NHn/V5f660v2cWwYgDAfBgNVHSMEGDAWgBRkHk9Lnhgv" + "vOIwxHOma54FGt8SCDAMBgNVHRMEBTADAQH/MHMGCCsGAQUFBwEBBGcwZTAhBggr" + "BgEFBQcwAYYVaHR0cDovLzEyNy4wLjAuMTo4ODg4MEAGCCsGAQUFBzAChjRodHRw" + "Oi8vU1ZSU2VjdXJlLUczLWFpYS52ZXJpc2lnbi5jb20vU1ZSU2VjdXJlRzMuY2Vy" + "MA0GCSqGSIb3DQEBBQUAA4GBAFonDQzs/Ts1sEDW3f5EmuKVZlpH9sLstSLJxZK8" + "+v88Jbz451/Lf8hxvnMv3MwExXr9qPKPlvKRfj+bbLB5KTEcZ5zhDpJ7SDYesdUd" + "RKOMSN0JIRL3JOCdYHOnJk6o+45vZ/TNv0lsiK90vxH2jo2EXnNG+jeyBGwp+3H6" + "RWHw"; + + cert[2] = // root_ca + "MIIDLTCCApagAwIBAgIBADANBgkqhkiG9w0BAQUFADB4MQswCQYDVQQGEwJLUjEO" + "MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu" + "IFRlc3QxFTATBgNVBAMMDFRlc3QgUm9vdCBDQTEbMBkGCSqGSIb3DQEJARYMdHRA" + "Z21haWwuY29tMB4XDTE0MDYxODA4MTA1MVoXDTE1MDYxODA4MTA1MVoweDELMAkG" + "A1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMRAwDgYDVQQKDAdTYW1zdW5nMRMwEQYD" + "VQQLDApUaXplbiBUZXN0MRUwEwYDVQQDDAxUZXN0IFJvb3QgQ0ExGzAZBgkqhkiG" + "9w0BCQEWDHR0QGdtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA" + "o6ZegsQ9hScM1yD7ejv44xUTJDjTlcGweHh76Im22x6yAljM2+dKdj3EIVGt0BA3" + "6qdZFl8WOxzQGcAzQY7GFOXQVog4UjqHMxmWwAx5jQyBzIieAj4HZ2lquPBiyiIe" + "HAo6sCSWsxnh7PqvWaAypPZVEqOJ3ga5rXyDCcjzQ8ECAwEAAaOBxjCBwzAdBgNV" + "HQ4EFgQUZB5PS54YL7ziMMRzpmueBRrfEggwHwYDVR0jBBgwFoAUZB5PS54YL7zi" + "MMRzpmueBRrfEggwDAYDVR0TBAUwAwEB/zBzBggrBgEFBQcBAQRnMGUwIQYIKwYB" + "BQUHMAGGFWh0dHA6Ly8xMjcuMC4wLjE6ODg4ODBABggrBgEFBQcwAoY0aHR0cDov" + "L1NWUlNlY3VyZS1HMy1haWEudmVyaXNpZ24uY29tL1NWUlNlY3VyZUczLmNlcjAN" + "BgkqhkiG9w0BAQUFAAOBgQAyRJXTZcwRCkRNGZQCO8txHvrmgv8vQwnZZF6SwyY/" + "Bry0fmlehtN52NLjjPEG6u9YFYfzSkjQlVR0qfQ2mNs3d6AKFlOdZOT6cuEIZuKe" + "pDb2Tx5JJbIN6N3fE/lVSW88K9aSCF2n15gYTSVmD0juHuLAoWnIicaa+Sbe2Tsj" + "AQ=="; + + CertSvcCertificate certificate[MAXC]; + + int result, status; + + for (int i=0; i<MAXC; ++i) { + LogDebug("Reading certificate: " << i); + int result = certsvc_certificate_new_from_memory( + vinstance, + (const unsigned char*)cert[i].c_str(), + cert[i].size(), + CERTSVC_FORM_DER_BASE64, + &certificate[i]); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error reading certificate"); + } + + result = certsvc_certificate_verify(certificate[0], &certificate[1], MAXC-1, NULL, 0, &status); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certificate verification function."); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == status, "Error in certificate verification process."); + + result = certsvc_certificate_verify(certificate[0], certificate, MAXC-1, NULL, 0, &status); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certificate verification function."); + RUNNER_ASSERT_MSG(CERTSVC_FAIL == status, "Error in certificate verification process."); + + result = certsvc_certificate_verify(certificate[0], certificate, 1, certificate, MAXC, &status); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certificate verification function."); + RUNNER_ASSERT_MSG(CERTSVC_FAIL == status, "Error in certificate verification process."); + + result = certsvc_certificate_verify(certificate[0], &certificate[2], 1, certificate, MAXC, &status); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certificate verification function."); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == status, "Error in certificate verification process."); + + + // certsvc_certificate_verify_with_caflag + result = certsvc_certificate_verify_with_caflag(certificate[0], certificate, MAXC, NULL, 0, &status); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certificate verification function."); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == status, "Error in certificate verification process."); + + result = certsvc_certificate_verify_with_caflag(certificate[0], certificate, MAXC-1, NULL, 0, &status); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certificate verification function."); + RUNNER_ASSERT_MSG(CERTSVC_FAIL == status, "Error in certificate verification process."); + + result = certsvc_certificate_verify_with_caflag(certificate[0], certificate, 1, certificate, MAXC, &status); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certificate verification function."); + RUNNER_ASSERT_MSG(CERTSVC_FAIL == status, "Error in certificate verification process."); + + result = certsvc_certificate_verify_with_caflag(certificate[0], &certificate[2], 1, certificate, MAXC, &status); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certificate verification function."); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == status, "Error in certificate verification process."); +} + +/* + * author: --- + * test: Testing certificate primitives. + * description: Certificate structure is tested. + * expect: Certificate should contain cexpected informations. + */ +RUNNER_TEST(test15_cprimitives) +{ + const int MAXB = 1024; + const std::string cert = + "MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG" + "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz" + "cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2" + "MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV" + "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt" + "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN" + "ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE" + "BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is" + "I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G" + "CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do" + "lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc" + "AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k"; + + CertSvcCertificate certificate; + + int result; + + result = certsvc_certificate_new_from_memory( + vinstance, + (const unsigned char*)cert.c_str(), + cert.size(), + CERTSVC_FORM_DER_BASE64, + &certificate); + + X509 *x509 = NULL; + result = certsvc_certificate_dup_x509(certificate, &x509); + + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certsvc_certificate_dup_x509."); + RUNNER_ASSERT_MSG(x509 != NULL, "Error in certsvc_certificate_dup_x509."); + + X509_NAME *name = X509_get_subject_name(x509); + char buffer[MAXB]; + X509_NAME_oneline(name, buffer, MAXB); + std::string expected = "/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority"; + + LogDebug("NAME: " << buffer); + + RUNNER_ASSERT_MSG(expected == buffer, "Content does not match"); + + certsvc_certificate_free_x509(x509); +} + + +/* + * author: --- + * test: Certificate verification. + * description: Verification of certificates. + * expect: Verification should return expected results. + */ +RUNNER_TEST(test16_certificate_verify_with_caflag_selfsign_root) +{ + const int MAXC = 2; + std::string cert[MAXC]; + cert[0] = // v1_signer + "MIICdzCCAeACAQcwDQYJKoZIhvcNAQEFBQAwgYIxCzAJBgNVBAYTAktSMQ4wDAYD" + "VQQIDAVTZW91bDEQMA4GA1UECgwHU2Ftc3VuZzETMBEGA1UECwwKVGl6ZW4gVGVz" + "dDEfMB0GA1UEAwwWVGVzdCBSb290IENBIFZlcnNpb24gMTEbMBkGCSqGSIb3DQEJ" + "ARYMdHRAZ21haWwuY29tMB4XDTE0MDYxNDA4MTI1MFoXDTE1MDYxNDA4MTI1MFow" + "gYQxCzAJBgNVBAYTAktSMQ4wDAYDVQQIDAVTZW91bDEQMA4GA1UECgwHU2Ftc3Vu" + "ZzETMBEGA1UECwwKVGl6ZW4gVGVzdDEhMB8GA1UEAwwYVGVzdCBTZWNvbmQgQ0Eg" + "VmVyc2lvbiAxMRswGQYJKoZIhvcNAQkBFgx0dEBnbWFpbC5jb20wgZ8wDQYJKoZI" + "hvcNAQEBBQADgY0AMIGJAoGBAKOqFNxvO2jYcq5kqVehHH5k1D1dYwhBnH/SReWE" + "OTSbH+3lbaKhJQHPHjsndENUxPInF6r0prO3TqoMB6774Pmc+znoVfLsHvWorhyr" + "8iQNyaSgVWt0+8L0FU8iReqr5BR6YcZpnVRCV9dAIcf6FIVGUGZhTs/NvZDzIc4T" + "9RrLAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAGDDvWhdMFg4GtDdytrK/GJ9TxX5F" + "9iA/8qCl0+JU1U7jUVIcX77AxeZGBtq02X+DtjEWqnepS1iYO2TUHZBKRRCB2+wF" + "ZsQ5XWngLSco+UvqUzMpWIQqslDXixWSR+Bef2S7iND3u8HJLjTncMcuJNpoXsFK" + "bUiLqMVGQCkGZMo="; + + cert[1] = // v1_root + "MIICdTCCAd4CAQYwDQYJKoZIhvcNAQEFBQAwgYIxCzAJBgNVBAYTAktSMQ4wDAYD" + "VQQIDAVTZW91bDEQMA4GA1UECgwHU2Ftc3VuZzETMBEGA1UECwwKVGl6ZW4gVGVz" + "dDEfMB0GA1UEAwwWVGVzdCBSb290IENBIFZlcnNpb24gMTEbMBkGCSqGSIb3DQEJ" + "ARYMdHRAZ21haWwuY29tMB4XDTE0MDYxNDA4MTIzNVoXDTE1MDYxNDA4MTIzNVow" + "gYIxCzAJBgNVBAYTAktSMQ4wDAYDVQQIDAVTZW91bDEQMA4GA1UECgwHU2Ftc3Vu" + "ZzETMBEGA1UECwwKVGl6ZW4gVGVzdDEfMB0GA1UEAwwWVGVzdCBSb290IENBIFZl" + "cnNpb24gMTEbMBkGCSqGSIb3DQEJARYMdHRAZ21haWwuY29tMIGfMA0GCSqGSIb3" + "DQEBAQUAA4GNADCBiQKBgQDtxGjhpaUK6xa4+sjMQfkKRAtjFkjZasVIt7uKUy/g" + "GcC5i5aoorfyX/NBQLAVoIHMogHLgitehKL5l13tLR7DSETrG9V3Yx9bkWRcjyqH" + "1TkD+NDOmhTtVuqIh4hrGKITlZK35hOh0IUEfYNNL8uq/11fVPpR3Yx97PT/j4w1" + "uwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAOHjfa7nbPKhqR0mGfsscPQZZAZzKq9y" + "ttdjTaNbnybzcJzcN3uwOdYKMf26Dn968nAPkukWe8j6GyMJ1C9LMAWqMn5hl0rI" + "x6mUBfKZrl33BKH4KTYOrt0vnHdrCM2TwMkwMZ5ja5bBnbNrfF4e0HIAMor4rnVP" + "WDSlESMMmtTm"; + + CertSvcCertificate certificate[MAXC]; + + int result, status; + + for (int i=0; i<MAXC; ++i) { + LogDebug("Reading certificate: " << i); + int result = certsvc_certificate_new_from_memory( + vinstance, + (const unsigned char*)cert[i].c_str(), + cert[i].size(), + CERTSVC_FORM_DER_BASE64, + &certificate[i]); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error reading certificate"); + } + + result = certsvc_certificate_verify(certificate[0], certificate, MAXC, NULL, 0, &status); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certificate verification function."); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == status, "Error in certificate verification process."); + + result = certsvc_certificate_verify_with_caflag(certificate[0], certificate, MAXC, NULL, 0, &status); + RUNNER_ASSERT_MSG(CERTSVC_SUCCESS == result, "Error in certificate verification function."); + RUNNER_ASSERT_MSG(CERTSVC_FAIL == status, "Error in certificate verification process."); +} diff --git a/tests/capi/test_suite_02.cpp b/tests/capi/test_suite_02.cpp new file mode 100644 index 0000000..e01fbb7 --- /dev/null +++ b/tests/capi/test_suite_02.cpp @@ -0,0 +1,83 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include <string> + +#include <openssl/x509.h> + +#include <dpl/test/test_runner.h> +#include <dpl/log/log.h> +#include <memory> + +#include <api_tests.h> + +#include <cert-service.h> + +RUNNER_TEST_GROUP_INIT(DEPRECATED_API) + +typedef std::unique_ptr<CERT_CONTEXT, std::function<int(CERT_CONTEXT*)>> ScopedCertCtx; + +/* + * author: --- + * test: PEM positive. + * description: Loading *.pem file. + * expect: *.pem should load with no error. + */ +RUNNER_TEST(deprecated_api_test01_pem_positive) +{ + ScopedCertCtx ctx(cert_svc_cert_context_init(), cert_svc_cert_context_final); + RUNNER_ASSERT(CERT_SVC_ERR_NO_ERROR == + cert_svc_load_file_to_context(ctx.get(), "/usr/share/cert-svc/cert-type/cert0.pem")); +} + +/* + * author: --- + * test: DER positive. + * description: Loading *.der file. + * expect: *.der file should load with no error. + */ +RUNNER_TEST(deprecated_api_test02_der_positive) +{ + ScopedCertCtx ctx(cert_svc_cert_context_init(), cert_svc_cert_context_final); + RUNNER_ASSERT(CERT_SVC_ERR_NO_ERROR == + cert_svc_load_file_to_context(ctx.get(), "/usr/share/cert-svc/cert-type/cert1.der")); +} + +/* + * author: --- + * test: PEM negative. + * description: Loading *.pem file. + * expect: *.pom file should not load and return error. + */ +RUNNER_TEST(deprecated_api_test03_pem_negative) +{ + ScopedCertCtx ctx(cert_svc_cert_context_init(), cert_svc_cert_context_final); + RUNNER_ASSERT(CERT_SVC_ERR_NO_ERROR != + cert_svc_load_file_to_context(ctx.get(), "/usr/share/cert-svc/cert-type/cert2fake.pem")); +} + +/* + * author: --- + * test: DER negative. + * description: Loading *.der file. + * expect: *.der file should not load and return error. + */ +RUNNER_TEST(deprecated_api_test03_der_negative) +{ + ScopedCertCtx ctx(cert_svc_cert_context_init(), cert_svc_cert_context_final); + RUNNER_ASSERT(CERT_SVC_ERR_NO_ERROR != + cert_svc_load_file_to_context(ctx.get(), "/usr/share/cert-svc/cert-type/cert3fake.der")); +} + diff --git a/tests/cert-svc/CMakeLists.txt b/tests/cert-svc/CMakeLists.txt new file mode 100644 index 0000000..c6c466e --- /dev/null +++ b/tests/cert-svc/CMakeLists.txt @@ -0,0 +1,101 @@ +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) +# @version 1.0 +# @brief +# + +SET(CERT_SVC_OGIG_TESTS_SOURCES + ${PROJECT_SOURCE_DIR}/tests/cert-svc/test_caflag.c + ${PROJECT_SOURCE_DIR}/tests/cert-svc/test_ocsp.c + ${PROJECT_SOURCE_DIR}/tests/cert-svc/test_suite_main.c + ${VCORE_DPL_SOURCES} + ) + +INCLUDE_DIRECTORIES( + ${PROJECT_SOURCE_DIR}/tests/cert-svc + ${PROJECT_SOURCE_DIR}/include + ) + +ADD_EXECUTABLE(${TARGET_TEST_CERT_SVC_OGIG} ${CERT_SVC_OGIG_TESTS_SOURCES}) + +TARGET_LINK_LIBRARIES( + ${TARGET_TEST_CERT_SVC_OGIG} + ${TARGET_CERT_SVC_LIB} + ${VCORE_TEST_DEP_LIBRARIES} + ) + +INSTALL(TARGETS ${TARGET_TEST_CERT_SVC_OGIG} + DESTINATION ${TZ_SYS_BIN} + PERMISSIONS OWNER_READ + OWNER_WRITE + OWNER_EXECUTE + GROUP_READ + GROUP_EXECUTE + WORLD_READ + WORLD_EXECUTE + ) + +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/caflag/second_ca.der + ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/caflag/aia_signer.der + ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/caflag/rev_signer.der + ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/caflag/noaia_signer.der + ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/caflag/v1_signer.der + DESTINATION ${TZ_SYS_SHARE}/cert-svc/tests/orig_c/data/caflag + PERMISSIONS OWNER_READ + GROUP_READ + WORLD_READ + ) + +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/caflag/root_ca.der + ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/caflag/root_ca_v1.der + ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/ocsp/second_ca.der + DESTINATION ${TZ_SYS_SHARE}/cert-svc/certs + PERMISSIONS OWNER_READ + GROUP_READ + WORLD_READ + ) + +IF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) +INSTALL(DIRECTORY + ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/ocsp/ + DESTINATION ${TZ_SYS_SHARE}/cert-svc/tests/orig_c/data/ocsp + FILES_MATCHING + PATTERN "*" + PERMISSIONS OWNER_READ + OWNER_WRITE + OWNER_EXECUTE + GROUP_READ + GROUP_EXECUTE + WORLD_READ + WORLD_EXECUTE + ) + +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/ocsp/cert-svc-tests-start-ocsp-server.sh + ${PROJECT_SOURCE_DIR}/tests/cert-svc/data/ocsp/cert-svc-tests-kill-ocsp-server.sh + DESTINATION ${TZ_SYS_BIN} + PERMISSIONS OWNER_READ + OWNER_WRITE + OWNER_EXECUTE + GROUP_READ + GROUP_EXECUTE + WORLD_READ + WORLD_EXECUTE + ) +ENDIF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) diff --git a/tests/cert-svc/Makefile b/tests/cert-svc/Makefile new file mode 100644 index 0000000..fd805e6 --- /dev/null +++ b/tests/cert-svc/Makefile @@ -0,0 +1,24 @@ +.SUFFIX : .c .o + +CC = sbs -e gcc +INC = -I../include/ +LIBS = -lcert-svc +CFLAGS = -g $(INC) + +TARGET = \ + store_test \ + delete_test \ + extract_test \ + extract_test_pfx \ + search_test \ + verify_test \ + verify_sig \ + mem_test + +all: $(TARGET) + +$(TARGET): %: %.c + $(CC) -o $@ $< $(CFLAGS) $(LIBS) + +clean: + rm -rf *.o $(TARGET) *~ *core diff --git a/tests/cert-svc/data/Broot.der b/tests/cert-svc/data/Broot.der Binary files differnew file mode 100644 index 0000000..12be4d0 --- /dev/null +++ b/tests/cert-svc/data/Broot.der diff --git a/tests/cert-svc/data/Broot.pem b/tests/cert-svc/data/Broot.pem new file mode 100644 index 0000000..fd08360 --- /dev/null +++ b/tests/cert-svc/data/Broot.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICpzCCAhCgAwIBAgIBADANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJDUjEM +MAoGA1UECBMDU1RSMQswCQYDVQQKEwJPUjEMMAoGA1UECxMDT1VSMQwwCgYDVQQD +EwNDTlIxFTATBgkqhkiG9w0BCQEWBkVtYWlsUjAeFw0wNzEyMTkwNTE5MjBaFw0x +MDEyMTgwNTE5MjBaMFsxCzAJBgNVBAYTAkNSMQwwCgYDVQQIEwNTVFIxCzAJBgNV +BAoTAk9SMQwwCgYDVQQLEwNPVVIxDDAKBgNVBAMTA0NOUjEVMBMGCSqGSIb3DQEJ +ARYGRW1haWxSMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG2dhVCOuBD2i4 +mjWLU8vkQpRVylojbSzxvO3uynaOZAnhqLxu2F2ugR1NLJOlrgbjq13xCO4FjKZj +eb4kln5HJl7GLCNz8ns2+kAtwiVfpZnQ8U6Y/1BLiB7sLH+ONB4g6Rm9cgST1e6H +e/EJMkzU75+wkj94ORZ4TINDU4kU4QIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCG +SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E +FgQUX0cbXBYMGt9k4/HRapEA9XUlKk4wHwYDVR0jBBgwFoAUX0cbXBYMGt9k4/HR +apEA9XUlKk4wDQYJKoZIhvcNAQEFBQADgYEAXyKHjF6k0yNY/og30g1+SsNxYNqC +yzGEbCywXELFakhQ1qmx12VY6qkeo+khyuiRfp9cDx8sSQ2asypIYeO9ctRNmp4D +lC8YNI7BdY/g4Xq7uy4BKeng8Mv8VNAtdBaKreJqSk5RvQmepXRiTJgo2DzGlCU5 +3aU1rQ6vF96wFt4= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/B1.der b/tests/cert-svc/data/TestData/B1.der Binary files differnew file mode 100644 index 0000000..f0c031b --- /dev/null +++ b/tests/cert-svc/data/TestData/B1.der diff --git a/tests/cert-svc/data/TestData/B2.der b/tests/cert-svc/data/TestData/B2.der Binary files differnew file mode 100644 index 0000000..791b301 --- /dev/null +++ b/tests/cert-svc/data/TestData/B2.der diff --git a/tests/cert-svc/data/TestData/B3.der b/tests/cert-svc/data/TestData/B3.der Binary files differnew file mode 100644 index 0000000..e21164a --- /dev/null +++ b/tests/cert-svc/data/TestData/B3.der diff --git a/tests/cert-svc/data/TestData/B4.der b/tests/cert-svc/data/TestData/B4.der Binary files differnew file mode 100644 index 0000000..7f1c401 --- /dev/null +++ b/tests/cert-svc/data/TestData/B4.der diff --git a/tests/cert-svc/data/TestData/B5.der b/tests/cert-svc/data/TestData/B5.der Binary files differnew file mode 100644 index 0000000..f0a4e14 --- /dev/null +++ b/tests/cert-svc/data/TestData/B5.der diff --git a/tests/cert-svc/data/TestData/B6.der b/tests/cert-svc/data/TestData/B6.der Binary files differnew file mode 100644 index 0000000..80e84b4 --- /dev/null +++ b/tests/cert-svc/data/TestData/B6.der diff --git a/tests/cert-svc/data/TestData/B7.der b/tests/cert-svc/data/TestData/B7.der Binary files differnew file mode 100644 index 0000000..87d34db --- /dev/null +++ b/tests/cert-svc/data/TestData/B7.der diff --git a/tests/cert-svc/data/TestData/B8.der b/tests/cert-svc/data/TestData/B8.der Binary files differnew file mode 100644 index 0000000..cd047d0 --- /dev/null +++ b/tests/cert-svc/data/TestData/B8.der diff --git a/tests/cert-svc/data/TestData/B9.der b/tests/cert-svc/data/TestData/B9.der Binary files differnew file mode 100644 index 0000000..276f45e --- /dev/null +++ b/tests/cert-svc/data/TestData/B9.der diff --git a/tests/cert-svc/data/TestData/Broot.der b/tests/cert-svc/data/TestData/Broot.der Binary files differnew file mode 100644 index 0000000..12be4d0 --- /dev/null +++ b/tests/cert-svc/data/TestData/Broot.der diff --git a/tests/cert-svc/data/TestData/Broot.pem b/tests/cert-svc/data/TestData/Broot.pem new file mode 100644 index 0000000..fd08360 --- /dev/null +++ b/tests/cert-svc/data/TestData/Broot.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICpzCCAhCgAwIBAgIBADANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJDUjEM +MAoGA1UECBMDU1RSMQswCQYDVQQKEwJPUjEMMAoGA1UECxMDT1VSMQwwCgYDVQQD +EwNDTlIxFTATBgkqhkiG9w0BCQEWBkVtYWlsUjAeFw0wNzEyMTkwNTE5MjBaFw0x +MDEyMTgwNTE5MjBaMFsxCzAJBgNVBAYTAkNSMQwwCgYDVQQIEwNTVFIxCzAJBgNV +BAoTAk9SMQwwCgYDVQQLEwNPVVIxDDAKBgNVBAMTA0NOUjEVMBMGCSqGSIb3DQEJ +ARYGRW1haWxSMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG2dhVCOuBD2i4 +mjWLU8vkQpRVylojbSzxvO3uynaOZAnhqLxu2F2ugR1NLJOlrgbjq13xCO4FjKZj +eb4kln5HJl7GLCNz8ns2+kAtwiVfpZnQ8U6Y/1BLiB7sLH+ONB4g6Rm9cgST1e6H +e/EJMkzU75+wkj94ORZ4TINDU4kU4QIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCG +SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E +FgQUX0cbXBYMGt9k4/HRapEA9XUlKk4wHwYDVR0jBBgwFoAUX0cbXBYMGt9k4/HR +apEA9XUlKk4wDQYJKoZIhvcNAQEFBQADgYEAXyKHjF6k0yNY/og30g1+SsNxYNqC +yzGEbCywXELFakhQ1qmx12VY6qkeo+khyuiRfp9cDx8sSQ2asypIYeO9ctRNmp4D +lC8YNI7BdY/g4Xq7uy4BKeng8Mv8VNAtdBaKreJqSk5RvQmepXRiTJgo2DzGlCU5 +3aU1rQ6vF96wFt4= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/cert.der b/tests/cert-svc/data/TestData/cert.der Binary files differnew file mode 100644 index 0000000..80bd6ab --- /dev/null +++ b/tests/cert-svc/data/TestData/cert.der diff --git a/tests/cert-svc/data/TestData/cert_sign.der b/tests/cert-svc/data/TestData/cert_sign.der Binary files differnew file mode 100644 index 0000000..86d566a --- /dev/null +++ b/tests/cert-svc/data/TestData/cert_sign.der diff --git a/tests/cert-svc/data/TestData/decodedCert.data b/tests/cert-svc/data/TestData/decodedCert.data Binary files differnew file mode 100644 index 0000000..20816dc --- /dev/null +++ b/tests/cert-svc/data/TestData/decodedCert.data diff --git a/tests/cert-svc/data/TestData/invalid_message b/tests/cert-svc/data/TestData/invalid_message Binary files differnew file mode 100644 index 0000000..c6f271a --- /dev/null +++ b/tests/cert-svc/data/TestData/invalid_message diff --git a/tests/cert-svc/data/TestData/invalid_priv.pem b/tests/cert-svc/data/TestData/invalid_priv.pem new file mode 100644 index 0000000..d920b03 --- /dev/null +++ b/tests/cert-svc/data/TestData/invalid_priv.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXwIBAAKBgQDx+bjbdNEi67ys43mIioVWuJpTrKRi4QlVMj7roX1n76DQN4WI +w/9m6wD0tHsmto INVALID PRIVATE KEY rSUlS7N5+Vc7Rd2yEGDJokMz4pDI +FHkuTjTctqhnlKkHbkxeERD+nhnXbH/CKfZZmgW9Mhzls13WZaJLDnrLcwIDAQAB +AoGBAMKFCYIB6o20DDy/sNd+46nPROC3DH8ggKwodERf0bxX+mLn/0TuqsZFbMNK +wyVf4R4veczDwICzZLkE8AEaNgzoA/gV0REbj38hgqEAG6D/rZaPwNnqN4CISXur +3kBypPUE05DG8FhdRC1R6hrMlakvXJw3zHunclIMmWlvk/pBAkEA/i8OTj6nBNz+ +oUrWGyYfuLrUsHVhL5DnwyaR9zKuxzmYRv9xHEAPKU/GBF9YKWxQygwY0o4ql00y +qZKAXWW7iwJBAPO0Vcz00c4gRWJsFyETPadMq8n84NgccxfOYm9BQsdiOAq+xxTh +k5c/c+bHUCNoAv7x3pWCn+EVqpnbFtH7TLkCQQCW4G2Yaj4Pd/I44UgHo3CO4W9g +Mrx2VIgNYXahCdeO8BQAiJ2mTCvztKNwcvvM0rt9wwJ08Og9GRiqaQiC5+ETAkEA +1+8g2zLNt7tGX1fxAoB+737y9E1ZmINUw3I+K+ACYJI5n+O8mFbrpGc3tfNCoaym +guki1QzhxtmgySSkSrhFGQJBAOj1P+ku8LHK1l2TWe1DjyqE32T5SGDuq/FLoxnj +1UNwHaU7GPeRjSftGwxFvPL9alo7dFoTQCgCrTSOvnb0H8w= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/invalid_pubkey b/tests/cert-svc/data/TestData/invalid_pubkey Binary files differnew file mode 100644 index 0000000..f0ac3f8 --- /dev/null +++ b/tests/cert-svc/data/TestData/invalid_pubkey diff --git a/tests/cert-svc/data/TestData/invalid_signature b/tests/cert-svc/data/TestData/invalid_signature new file mode 100644 index 0000000..06dc91c --- /dev/null +++ b/tests/cert-svc/data/TestData/invalid_signature @@ -0,0 +1,2 @@ +0Š_biÕT^zYž|æýäINVALID SIGNATURE FILEHäñH˜Ïú]˜Î<¬ëéû]Sµâ%½‰(h +¾8y*H6,+âJ+Aõ‰Um˜Ã|Xe+Ëd䈿jT÷X”%hS@dÖÃè”oV’ìÝžÊ3Jš diff --git a/tests/cert-svc/data/TestData/message b/tests/cert-svc/data/TestData/message Binary files differnew file mode 100644 index 0000000..25c0f37 --- /dev/null +++ b/tests/cert-svc/data/TestData/message diff --git a/tests/cert-svc/data/TestData/metadata b/tests/cert-svc/data/TestData/metadata new file mode 100644 index 0000000..af5626b --- /dev/null +++ b/tests/cert-svc/data/TestData/metadata @@ -0,0 +1 @@ +Hello, world! diff --git a/tests/cert-svc/data/TestData/plaintext b/tests/cert-svc/data/TestData/plaintext new file mode 100644 index 0000000..7a775a7 --- /dev/null +++ b/tests/cert-svc/data/TestData/plaintext @@ -0,0 +1 @@ +abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz diff --git a/tests/cert-svc/data/TestData/prikey b/tests/cert-svc/data/TestData/prikey new file mode 100644 index 0000000..c2a20f4 --- /dev/null +++ b/tests/cert-svc/data/TestData/prikey @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,3AFF87E45B7C4AA5 + +at84LbXLjHmHBbTcdDQ3Idaq9OhStzPN/v/DmYGL4zB6r5BNQQqpqWMHufCGb77k +BQSaCRKf6J/2BcUmcbhy4hG1hFbca7qkGjbuCPQWS5ivIXmxHTXtLCH1gP6OGVv6 +hKtB8R5JluiSAuzvf9apjOnch+dJMmj/RLSXg5ucjtHlCG7YSI9pRlXl5cm3rPmC +7fEdoIBXfsdPDcxQ09IVIdOR5WCXQNKOs9JHrrO+z8RhOmczk44dgY2nlXjigfeC +2ZLZKebhiq1rwqm163HvEcb7wa1tPndubTwR3dwlbUPjZ270amCE8+qoiMspSg3Y +5uP/J5skC/2xoTzfR6T7Sg2OQPB4MgYbZkcIuHXKuQwnids0+Tp0w76eaa1BkJb+ +GFpe6nz5BqvR5nJSm+3UuRBynQbSq/bHGWgs+bwbGP71uDgmfNzieqfkbQXMD0O/ +KgSqULuuaRl3Ax9C7EwBTbKJVuWeFX8jd7/SnHEi5UszxM3EyzbkHxuJcNY51Y81 +y3xd7z48Nqy97N8N8YzNyW9Uyau8lCqudRuGT19yjswq1fCyrBRoP+vpbi3ZLRPf +AMgYu7eWK8jb7sQSJiqum+1c5czNgNMI/OlXA+847CPJG9TKSmWWnqrhL0vExvLV +Ad+ery8fndCIJF9Dt9L5BSwCipjvmyAveNXmj6/JnX19npcBSf6yPHuUNPcPxIWn +xMkZRkh/kTBnY27BA8ObNFRkZdAK6eNVlaNWoNghw28UZI6ANhn13qe9b/8nc6CQ +aU3AaNIKhaOHKcHoAICCx3mrxEeqD/bQ2GN2/VAl6iaArHEVzbZrEA== +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/priv.pem b/tests/cert-svc/data/TestData/priv.pem new file mode 100644 index 0000000..a97cc72 --- /dev/null +++ b/tests/cert-svc/data/TestData/priv.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXwIBAAKBgQDx+bjbdNEi67ys43mIioVWuJpTrKRi4QlVMj7roX1n76DQN4WI +w/9m6wD0tHsmtoqmzuIvc89GSEqyb7oOtHIYrSUlS7N5+Vc7Rd2yEGDJokMz4pDI +FHkuTjTctqhnlKkHbkxeERD+nhnXbH/CKfZZmgW9Mhzls13WZaJLDnrLcwIDAQAB +AoGBAMKFCYIB6o20DDy/sNd+46nPROC3DH8ggKwodERf0bxX+mLn/0TuqsZFbMNK +wyVf4R4veczDwICzZLkE8AEaNgzoA/gV0REbj38hgqEAG6D/rZaPwNnqN4CISXur +3kBypPUE05DG8FhdRC1R6hrMlakvXJw3zHunclIMmWlvk/pBAkEA/i8OTj6nBNz+ +oUrWGyYfuLrUsHVhL5DnwyaR9zKuxzmYRv9xHEAPKU/GBF9YKWxQygwY0o4ql00y +qZKAXWW7iwJBAPO0Vcz00c4gRWJsFyETPadMq8n84NgccxfOYm9BQsdiOAq+xxTh +k5c/c+bHUCNoAv7x3pWCn+EVqpnbFtH7TLkCQQCW4G2Yaj4Pd/I44UgHo3CO4W9g +Mrx2VIgNYXahCdeO8BQAiJ2mTCvztKNwcvvM0rt9wwJ08Og9GRiqaQiC5+ETAkEA +1+8g2zLNt7tGX1fxAoB+737y9E1ZmINUw3I+K+ACYJI5n+O8mFbrpGc3tfNCoaym +guki1QzhxtmgySSkSrhFGQJBAOj1P+ku8LHK1l2TWe1DjyqE32T5SGDuq/FLoxnj +1UNwHaU7GPeRjSftGwxFvPL9alo7dFoTQCgCrTSOvnb0H8w= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/pub.pem b/tests/cert-svc/data/TestData/pub.pem new file mode 100644 index 0000000..7121226 --- /dev/null +++ b/tests/cert-svc/data/TestData/pub.pem @@ -0,0 +1,6 @@ +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDx+bjbdNEi67ys43mIioVWuJpT +rKRi4QlVMj7roX1n76DQN4WIw/9m6wD0tHsmtoqmzuIvc89GSEqyb7oOtHIYrSUl +S7N5+Vc7Rd2yEGDJokMz4pDIFHkuTjTctqhnlKkHbkxeERD+nhnXbH/CKfZZmgW9 +Mhzls13WZaJLDnrLcwIDAQAB +-----END PUBLIC KEY----- diff --git a/tests/cert-svc/data/TestData/pub_cert.der b/tests/cert-svc/data/TestData/pub_cert.der Binary files differnew file mode 100644 index 0000000..583f503 --- /dev/null +++ b/tests/cert-svc/data/TestData/pub_cert.der diff --git a/tests/cert-svc/data/TestData/pub_cert.pem b/tests/cert-svc/data/TestData/pub_cert.pem new file mode 100644 index 0000000..4f30dba --- /dev/null +++ b/tests/cert-svc/data/TestData/pub_cert.pem @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID6TCCA1KgAwIBAgIJAMctWiF5xt5tMA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD +VQQGEwJLUjEVMBMGA1UECBMMUHJvdmluY2VOYW1lMRUwEwYDVQQHEwxMb2NhbGl0 +eU5hbWUxGTAXBgNVBAoTEE9yZ2FuaXphdGlvbk5hbWUxHzAdBgNVBAsTFk9yZ2Fu +aXphdGlvbmFsVW5pdE5hbWUxEzARBgNVBAMTCkNvbW1vbk5hbWUxHDAaBgkqhkiG +9w0BCQEWDUVtYWlsQEFkZHJlc3MwHhcNMDgxMjAyMDEyOTU1WhcNMDkxMjAyMDEy +OTU1WjCBqjELMAkGA1UEBhMCS1IxFTATBgNVBAgTDFByb3ZpbmNlTmFtZTEVMBMG +A1UEBxMMTG9jYWxpdHlOYW1lMRkwFwYDVQQKExBPcmdhbml6YXRpb25OYW1lMR8w +HQYDVQQLExZPcmdhbml6YXRpb25hbFVuaXROYW1lMRMwEQYDVQQDEwpDb21tb25O +YW1lMRwwGgYJKoZIhvcNAQkBFg1FbWFpbEBBZGRyZXNzMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQDx+bjbdNEi67ys43mIioVWuJpTrKRi4QlVMj7roX1n76DQ +N4WIw/9m6wD0tHsmtoqmzuIvc89GSEqyb7oOtHIYrSUlS7N5+Vc7Rd2yEGDJokMz +4pDIFHkuTjTctqhnlKkHbkxeERD+nhnXbH/CKfZZmgW9Mhzls13WZaJLDnrLcwID +AQABo4IBEzCCAQ8wHQYDVR0OBBYEFH/W4In2zyXx5vE+SKt4nIXEmpSqMIHfBgNV +HSMEgdcwgdSAFH/W4In2zyXx5vE+SKt4nIXEmpSqoYGwpIGtMIGqMQswCQYDVQQG +EwJLUjEVMBMGA1UECBMMUHJvdmluY2VOYW1lMRUwEwYDVQQHEwxMb2NhbGl0eU5h +bWUxGTAXBgNVBAoTEE9yZ2FuaXphdGlvbk5hbWUxHzAdBgNVBAsTFk9yZ2FuaXph +dGlvbmFsVW5pdE5hbWUxEzARBgNVBAMTCkNvbW1vbk5hbWUxHDAaBgkqhkiG9w0B +CQEWDUVtYWlsQEFkZHJlc3OCCQDHLVohecbebTAMBgNVHRMEBTADAQH/MA0GCSqG +SIb3DQEBBQUAA4GBACeNJG+xzXv+NQwiSfobosEUo3SqH+e0syRFEKIUjW3BcEe+ +YFdUDThTixp3Y5PFX2oFo23DEBHP09/Wwox7GAYGegZOQ1W7j5oykI2a/zFHC6tb +5As3hdnKn3wHePsj09qHKv/dPd6BdoGWaXgM1uIqSTCm5GZAynNRQGG0AKBX +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/pubkey b/tests/cert-svc/data/TestData/pubkey Binary files differnew file mode 100644 index 0000000..8918178 --- /dev/null +++ b/tests/cert-svc/data/TestData/pubkey diff --git a/tests/cert-svc/data/TestData/root1.der b/tests/cert-svc/data/TestData/root1.der Binary files differnew file mode 100644 index 0000000..80bd6ab --- /dev/null +++ b/tests/cert-svc/data/TestData/root1.der diff --git a/tests/cert-svc/data/TestData/root2.der b/tests/cert-svc/data/TestData/root2.der Binary files differnew file mode 100644 index 0000000..37646f0 --- /dev/null +++ b/tests/cert-svc/data/TestData/root2.der diff --git a/tests/cert-svc/data/TestData/root3.der b/tests/cert-svc/data/TestData/root3.der Binary files differnew file mode 100644 index 0000000..76f69ce --- /dev/null +++ b/tests/cert-svc/data/TestData/root3.der diff --git a/tests/cert-svc/data/TestData/signature b/tests/cert-svc/data/TestData/signature new file mode 100644 index 0000000..1bf0294 --- /dev/null +++ b/tests/cert-svc/data/TestData/signature @@ -0,0 +1,2 @@ +0Š_biÕT^zYž|æýä`¤ýúf#3òÝÙ¯nJ£0Ã/™?HäñH˜Ïú]˜Î<¬ëéû]Sµâ%½‰(h +¾8y*H6,+âJ+Aõ‰Um˜Ã|Xe+Ëd䈿jT÷X”%hS@dÖÃè”oV’ìÝžÊ3Jš
\ No newline at end of file diff --git a/tests/cert-svc/data/TestData/ssl/.rnd b/tests/cert-svc/data/TestData/ssl/.rnd Binary files differnew file mode 100644 index 0000000..3e7f8ea --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/.rnd diff --git a/tests/cert-svc/data/TestData/ssl/CERT1.key b/tests/cert-svc/data/TestData/ssl/CERT1.key new file mode 100644 index 0000000..8e16b68 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/CERT1.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDPD8+lCBi/i2wsPFX+AkO3qK9Fo0ooY9HaJnrCDfhYpXPF27j7 +YkfqF3sla9GM4nSW9GvlSTuz5WpjNhn4PNhLnBSdK2pxzDqfudXbYI5EQNcSU1Ll +cUHIv+wNnFt8jqyZR2VQ5fiVPoo8mdl1R3NR9P02Ru0adxDOHQEMhmsj/wIDAQAB +AoGARPYsHvfCXlEOFvGFZlLUwN9SeKv4r9kG9FPqgKTseIGqPFSAmGDUOLfXUNBG ++1gUoo4HPVcVpkWbGC3VmmKRWovD4JOM08Wk+ovdkzKVc3BnJLzDVGoOx7/Whef+ +bkV3IiD1kFIX+YE3IvI+t95QFS5nTdZeyhCiWtz1nAKbIIECQQDwAgMnpE2iPn1e +NbW9vdit7amCwkGeBSpsBgLbNqFpkpZGWsNvALd68iKbbAGDcgB8tQI/dRUiGnND +w+Rb371BAkEA3NvQOCMuL7kdYwZfaL//+jvcG52QEdR7iJGKXgKL+mef5XiNQfOX +DNTpkuFaU3JIQdgNNhspE18A1vU/zvpRPwJBAOgvei/agoRH4e7HFQf3Zmx0s/1c +wjAGHVEdy5uY0TSZ7Ckp21FCpz4YiyRCq4AnRJNgZUlQkl5IqmPPWdcLr0ECQAMI +cb+TnBrDrAekGsNRf65sDAXFECluhZPGi+PmnQ1/Rs7b7PSu57AhbGO7/IWQ2DUv +Rl8r2FCPyW8qRwoMnfkCQQCgIuBlYF3k/NUfBxmdQy3iWbZThRhnFkHlidSbW7uC +pduzqcc8qHINCDatsMYCaE5WgfQnz3UmF49sNr02Bt61 +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/CERT_NO_AIA.crt b/tests/cert-svc/data/TestData/ssl/CERT_NO_AIA.crt new file mode 100644 index 0000000..c7bd523 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/CERT_NO_AIA.crt @@ -0,0 +1,92 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 15 (0xf) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 13 03:18:18 2009 GMT + Not After : Mar 11 03:18:18 2019 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First Test Certificate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:cf:0f:cf:a5:08:18:bf:8b:6c:2c:3c:55:fe:02: + 43:b7:a8:af:45:a3:4a:28:63:d1:da:26:7a:c2:0d: + f8:58:a5:73:c5:db:b8:fb:62:47:ea:17:7b:25:6b: + d1:8c:e2:74:96:f4:6b:e5:49:3b:b3:e5:6a:63:36: + 19:f8:3c:d8:4b:9c:14:9d:2b:6a:71:cc:3a:9f:b9: + d5:db:60:8e:44:40:d7:12:53:52:e5:71:41:c8:bf: + ec:0d:9c:5b:7c:8e:ac:99:47:65:50:e5:f8:95:3e: + 8a:3c:99:d9:75:47:73:51:f4:fd:36:46:ed:1a:77: + 10:ce:1d:01:0c:86:6b:23:ff + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 25:0C:EC:1F:D6:1A:A2:95:AF:C1:A3:DA:EF:B1:F3:BE:62:F3:10:6C + X509v3 Authority Key Identifier: + DirName:/C=KR/ST=KyungGi-Do/L=Suwon-Si/O=Samsung Elec./CN=CA + serial:F2:5B:40:5B:C2:B7:D0:64 + + Signature Algorithm: sha1WithRSAEncryption + 18:fe:74:f1:af:0a:d9:91:ad:b5:7c:f3:01:f8:98:1a:dc:b3: + 66:6b:f4:bc:16:9a:e6:2b:f2:1f:77:23:89:a8:68:e0:8d:e3: + 50:f3:f1:e6:38:f1:59:54:9b:44:0f:72:00:1a:61:71:9c:f0: + 4f:a3:08:9d:17:36:0c:54:82:be:24:04:cb:b5:04:e9:20:c9: + 6e:bc:8f:af:18:d8:2d:ee:cc:a8:8b:e4:1a:35:98:f6:53:72: + 89:4f:05:f8:c3:7b:50:13:ee:cf:9f:d3:eb:a7:7c:4a:e6:89: + 0f:6b:0e:d6:c7:bc:db:04:03:08:25:59:b4:06:5b:ce:a6:db: + 7b:3a:5d:80:e8:ff:66:e1:22:03:54:28:16:0e:89:c8:5b:aa: + b2:6e:1a:0f:07:53:60:bc:f4:2a:2d:a7:89:f2:b4:58:55:47: + 2e:b1:b2:3c:50:30:6b:0c:12:34:11:5f:54:2a:0a:ab:19:d9: + 36:ae:e2:16:5e:b8:8e:0d:17:d0:42:82:96:4d:fb:36:56:69: + 7b:ce:32:fb:91:a4:02:73:8c:75:7e:de:87:06:52:20:ed:26: + ff:47:72:f2:f6:01:2e:ec:38:da:0b:5b:be:ec:8e:c6:02:28: + 92:57:28:04:f5:00:87:90:34:e1:81:c5:cc:21:00:6b:4d:d5: + d5:c3:f6:f1:97:e1:5e:8c:ea:56:2e:5e:ce:9e:de:b9:a6:86: + 60:33:1d:94:76:39:e1:70:9a:d2:b3:9a:f4:47:f8:bd:83:26: + 38:a0:ab:a3:bc:81:df:6b:79:7d:f5:67:8f:5a:e1:a4:67:29: + 58:07:66:70:6a:43:dc:f7:4c:82:54:15:a0:2f:ab:c0:9f:24: + 91:e0:a7:d1:b1:58:bf:43:bf:25:1f:32:fc:98:26:b1:2f:19: + 8f:d8:69:c1:1a:bd:b0:3e:0a:dc:54:c1:27:34:b9:1b:55:93: + ff:e6:23:ac:af:33:ed:8d:6e:ee:36:18:70:9e:a2:87:b6:e2: + 1d:3a:ee:e8:e2:79:97:15:7c:83:d1:89:71:ab:87:8d:36:a7: + 7d:d8:4c:e2:b6:b7:1f:32:34:a8:75:ca:4f:00:3e:49:b0:5c: + 40:1a:9c:6e:bd:b5:5f:f4:2e:c5:0a:54:b4:89:4a:63:35:ff: + 80:8d:fe:31:e8:2e:92:77:8c:19:1a:2c:b8:95:1e:ef:d5:7d: + c6:f9:4d:05:b6:f8:dd:55:0c:10:43:6e:7d:47:c8:b0:83:db: + a3:7b:b4:5a:e3:a9:33:b2:ed:23:83:6a:e1:ce:c6:1c:89:27: + 39:2c:3d:2f:55:49:c8:c5:9d:23:46:fe:88:71:da:ef:2b:25: + e4:79:92:2b:1d:61:a6:dc +-----BEGIN CERTIFICATE----- +MIIEfjCCAmagAwIBAgIBDzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMTgxOFoXDTE5 +MDMxMTAzMTgxOFowWzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xHzAdBgNVBAMTFkZpcnN0IFRlc3QgQ2Vy +dGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM8Pz6UIGL+LbCw8 +Vf4CQ7eor0WjSihj0domesIN+Filc8XbuPtiR+oXeyVr0YzidJb0a+VJO7PlamM2 +Gfg82EucFJ0ranHMOp+51dtgjkRA1xJTUuVxQci/7A2cW3yOrJlHZVDl+JU+ijyZ +2XVHc1H0/TZG7Rp3EM4dAQyGayP/AgMBAAGjgdEwgc4wCQYDVR0TBAIwADAsBglg +hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O +BBYEFCUM7B/WGqKVr8Gj2u+x875i8xBsMHQGA1UdIwRtMGuhXqRcMFoxCzAJBgNV +BAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMREwDwYDVQQHEwhTdXdvbi1TaTEW +MBQGA1UEChMNU2Ftc3VuZyBFbGVjLjELMAkGA1UEAxMCQ0GCCQDyW0BbwrfQZDAN +BgkqhkiG9w0BAQUFAAOCAgEAGP508a8K2ZGttXzzAfiYGtyzZmv0vBaa5ivyH3cj +iaho4I3jUPPx5jjxWVSbRA9yABphcZzwT6MInRc2DFSCviQEy7UE6SDJbryPrxjY +Le7MqIvkGjWY9lNyiU8F+MN7UBPuz5/T66d8SuaJD2sO1se82wQDCCVZtAZbzqbb +ezpdgOj/ZuEiA1QoFg6JyFuqsm4aDwdTYLz0Ki2nifK0WFVHLrGyPFAwawwSNBFf +VCoKqxnZNq7iFl64jg0X0EKClk37NlZpe84y+5GkAnOMdX7ehwZSIO0m/0dy8vYB +Luw42gtbvuyOxgIoklcoBPUAh5A04YHFzCEAa03V1cP28ZfhXozqVi5ezp7euaaG +YDMdlHY54XCa0rOa9Ef4vYMmOKCro7yB32t5ffVnj1rhpGcpWAdmcGpD3PdMglQV +oC+rwJ8kkeCn0bFYv0O/JR8y/JgmsS8Zj9hpwRq9sD4K3FTBJzS5G1WT/+YjrK8z +7Y1u7jYYcJ6ih7biHTru6OJ5lxV8g9GJcauHjTanfdhM4ra3HzI0qHXKTwA+SbBc +QBqcbr21X/QuxQpUtIlKYzX/gI3+MegukneMGRosuJUe79V9xvlNBbb43VUMEENu +fUfIsIPbo3u0WuOpM7LtI4Nq4c7GHIknOSw9L1VJyMWdI0b+iHHa7ysl5HmSKx1h +ptw= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT1.crt b/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT1.crt new file mode 100644 index 0000000..0c1799a --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT1.crt @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 16 (0x10) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 13 03:23:56 2009 GMT + Not After : Mar 11 03:23:56 2019 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab: + 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68: + fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41: + b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07: + 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14: + 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3: + 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd: + bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57: + 2a:e8:e8:44:0f:59:ea:e7:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:80/0002 + + Signature Algorithm: sha1WithRSAEncryption + 75:b9:17:be:1c:06:6f:12:a9:04:1b:63:0b:0d:5c:70:55:e2: + 31:c0:88:71:d0:56:8e:e5:16:e8:3b:47:1a:08:03:93:56:b2: + 9b:a2:04:3c:a8:81:10:5a:18:7b:d2:70:ae:7c:0b:94:b6:6c: + f2:58:e7:69:82:e5:f2:aa:4e:f3:ac:85:6d:5a:ac:11:53:d2: + 8d:3d:53:ae:ab:f7:f3:c6:f0:ba:f2:e6:7b:2d:74:74:75:fd: + e0:8d:67:c9:12:d5:f2:93:44:48:66:5b:85:26:7d:95:77:48: + 4f:a4:72:65:67:38:99:47:4e:cd:47:1c:43:7a:0a:58:a6:99: + 1b:1b:01:09:f7:0b:34:8a:3a:8d:10:e2:ca:9c:48:a3:f6:39: + 42:3b:43:e6:f6:81:8b:36:5a:ed:33:98:70:24:ca:4f:18:8b: + d9:c1:0a:d9:cd:96:33:d0:e8:ac:bd:3f:34:af:86:52:d1:69: + 6e:90:8e:d0:86:bf:b1:04:3d:85:99:0f:e3:c3:e6:60:47:34: + 37:97:f2:a2:69:c4:4e:dc:62:d0:eb:c2:24:77:2e:a3:ba:c1: + 88:a9:b2:b4:fb:79:a6:d4:cf:5e:3f:03:41:25:c4:f3:29:0a: + fd:b7:78:55:b1:9a:0c:79:32:2f:2e:fe:69:ba:a0:2c:62:bc: + 11:38:c4:47:a8:b0:72:70:d1:50:9f:b9:87:64:f5:12:56:c5: + f7:ed:8e:23:08:df:d0:0e:1a:6b:25:8c:b3:6b:7c:cc:55:6d: + 90:83:a9:ef:7d:45:04:a6:dc:7c:0d:80:c1:54:22:d1:b8:e2: + 43:cc:ad:75:a2:07:eb:d3:26:da:8a:c4:fb:6f:0b:ac:11:f4: + 01:7f:b9:37:68:ec:1e:60:a2:ae:d6:b2:0b:37:cb:7e:5d:dc: + ec:14:21:69:84:ff:fc:61:85:b6:bf:7f:d2:af:3c:70:12:c6: + ba:40:e8:b5:25:56:34:ca:44:f1:ea:15:ad:79:50:ec:44:b7: + 6c:d7:4b:cc:2c:4f:45:01:85:15:76:2a:03:c2:14:9c:3e:bf: + 87:7b:59:d7:aa:2d:48:20:b6:1a:6e:6e:b0:c2:77:22:3c:ea: + 24:d0:f8:62:b0:4b:01:3a:48:be:5f:66:73:0a:46:b3:1f:83: + 41:91:f5:fd:e8:08:08:52:18:3a:8c:6a:19:2c:e3:30:d8:53: + 13:97:62:83:eb:e3:ed:3a:8e:64:25:b1:8a:01:f4:24:14:6d: + d4:61:c1:c3:8d:c3:89:2c:5f:6e:d8:1e:1d:de:b9:77:06:0b: + 31:63:e4:ce:d9:76:1b:68:48:ea:ec:64:d5:a6:a5:15:29:1d: + 79:af:21:2d:a8:e6:e6:f8 +-----BEGIN CERTIFICATE----- +MIID7DCCAdSgAwIBAgIBEDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjM1NloXDTE5 +MDMxMTAzMjM1NlowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj +YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR +YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU +Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm +bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH +AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgwLzAwMDIwDQYJ +KoZIhvcNAQEFBQADggIBAHW5F74cBm8SqQQbYwsNXHBV4jHAiHHQVo7lFug7RxoI +A5NWspuiBDyogRBaGHvScK58C5S2bPJY52mC5fKqTvOshW1arBFT0o09U66r9/PG +8Lry5nstdHR1/eCNZ8kS1fKTREhmW4UmfZV3SE+kcmVnOJlHTs1HHEN6ClimmRsb +AQn3CzSKOo0Q4sqcSKP2OUI7Q+b2gYs2Wu0zmHAkyk8Yi9nBCtnNljPQ6Ky9PzSv +hlLRaW6QjtCGv7EEPYWZD+PD5mBHNDeX8qJpxE7cYtDrwiR3LqO6wYipsrT7eabU +z14/A0ElxPMpCv23eFWxmgx5Mi8u/mm6oCxivBE4xEeosHJw0VCfuYdk9RJWxfft +jiMI39AOGmsljLNrfMxVbZCDqe99RQSm3HwNgMFUItG44kPMrXWiB+vTJtqKxPtv +C6wR9AF/uTdo7B5goq7Wsgs3y35d3OwUIWmE//xhhba/f9KvPHASxrpA6LUlVjTK +RPHqFa15UOxEt2zXS8wsT0UBhRV2KgPCFJw+v4d7WdeqLUggthpubrDCdyI86iTQ ++GKwSwE6SL5fZnMKRrMfg0GR9f3oCAhSGDqMahks4zDYUxOXYoPr4+06jmQlsYoB +9CQUbdRhwcONw4ksX27YHh3euXcGCzFj5M7ZdhtoSOrsZNWmpRUpHXmvIS2o5ub4 +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT1.key b/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT1.key new file mode 100644 index 0000000..c82ef70 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT1.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDAqVFjGeLM850Z2HWQqxNAoz+d3O9IQg0ANtvqaP25FTSprw9S +K1cuA3QTQbRZaX724VRCjcP0hSv/B5ekL1vkE75y72XnWb7tFHGCzAkDUJlmCDQa +QUXm4zeYMmoV1DJj9yZsWu1FvbuqvjNLnMuyAxPjLW9hVyro6EQPWernvwIDAQAB +AoGADQgm8i4hEj30RXhH04ZO4hNozTPRl7CoEnijfYKmjutpSYUG40b9OaaQJnFO +UrH5HZf2TB4swBB1/mU0E64EaBX7EciQbBTN0uInTnAJKHVJrFaFqMXYS6rsAKoA +KjW/2hx0/CFhsulji9s1cqlHKvwKfp3YRbkuQ0ulLsdkmlECQQDqelfLcaVS71pf +jnxlAP49pQT3t/ee81bnl8o/75vhObxhKu28KSQy3RI13JjecR0RPIpYdPQdPB6h +fjNbH9D3AkEA0lhjsahWvs2+QBukcN84gJyfa/WBizgVfD/oZVm4fvNZjK3neH0V +S29bkGfqMroy0U0PAm7Qs36dWnAFMdI1eQJBAMuJgdZ3AzS30vIp5G9k6k0mhuZl +ykwvHVwR1h2j5+MdVBngwtdXuzVv05Pvtr843yuMKudYNmN+QXSb8QaD2scCQGmi +7EZfhVkDmKU3fKkW4Zhtj/626B0TyG6C5eJoYaiX7AQjnhi7sMMWpMRr+4kIS9cj +PQN6xaMvVjUCBwnTSPkCQAP/Iv+ctNcZNuRcDm1g/voruqlMs5bAbhQ50Nut1z3+ +ekOGBxIWXr9mDcBji8OMjww8WBUGuvcJssLPKrTbBGM= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT2.crt b/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT2.crt new file mode 100644 index 0000000..177876b --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT2.crt @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 17 (0x11) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 13 03:24:10 2009 GMT + Not After : Mar 11 03:24:10 2019 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab: + 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68: + fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41: + b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07: + 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14: + 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3: + 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd: + bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57: + 2a:e8:e8:44:0f:59:ea:e7:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:81/0003 + + Signature Algorithm: sha1WithRSAEncryption + 5a:7d:5f:25:e5:5a:49:3e:e9:06:4c:f1:7f:83:7d:d4:0d:13: + 36:35:bf:32:92:69:60:1d:ae:2e:ed:89:b3:d4:1e:78:d2:85: + 35:7a:1f:65:30:78:5e:d3:30:60:3d:7d:2c:be:02:6a:f0:22: + 5e:82:86:53:01:a4:b6:1c:9f:d4:79:e9:ec:eb:d8:33:85:fb: + 21:d2:82:77:b9:6d:20:8e:af:82:ff:25:82:27:3b:d7:d9:38: + 31:a3:2b:bc:55:00:28:f6:f9:bf:01:e6:66:0b:b8:a8:ed:30: + 09:52:8d:bf:94:7b:96:d1:93:5b:a3:a4:f1:9f:aa:f4:04:54: + 0b:69:73:af:36:d7:3e:33:2c:29:38:04:9b:65:32:31:fa:17: + 2f:0a:9f:19:05:d8:01:0c:db:13:1e:55:ec:94:38:3f:83:ee: + 50:35:d1:6e:4f:32:c3:3d:d3:39:c8:c5:cc:56:b4:33:2e:8b: + 75:a0:9c:cd:28:e5:42:a1:89:e1:06:90:bd:f3:8e:b5:48:9e: + 1c:dd:56:4d:d9:ec:6e:0b:7b:72:e5:0a:be:7e:33:5a:13:25: + 13:87:4c:9a:27:49:02:6d:28:5b:e7:4d:1b:7c:11:22:10:45: + b1:57:b7:fc:12:62:69:24:69:ee:67:ce:5b:20:70:6a:22:29: + f4:a0:90:59:d3:a2:be:7b:43:3a:59:0b:23:d1:2e:ed:51:98: + 87:c5:4d:1c:64:08:f8:ca:af:36:ab:5d:00:ce:15:00:f4:ad: + 34:44:27:8b:72:c6:6d:24:4c:1a:e3:f7:4c:bc:25:a2:a8:e2: + a8:79:58:57:a7:5d:f0:20:28:d2:ef:84:ff:ee:42:0f:1e:59: + 93:4c:05:45:ff:c1:0d:cb:30:1d:bb:26:5a:4d:24:c0:44:52: + 77:33:17:dd:d1:00:63:1e:9b:4d:ca:28:8b:bb:fd:0d:0b:e3: + 72:26:94:e2:8c:5a:d7:1a:a6:e7:b7:bc:4b:bf:cc:02:2c:d8: + 9b:cb:31:7d:09:4c:15:73:5d:1a:a8:46:10:66:68:80:a9:f3: + 3d:f8:7c:9d:46:3d:ce:ae:75:6f:92:db:34:d3:d7:be:6c:4e: + 76:b6:b6:b7:a2:a8:b9:9e:a9:f1:6f:a6:e5:01:bb:82:13:bd: + 7f:24:81:c3:22:54:58:f0:7e:8d:9a:86:82:00:46:66:33:e4: + 96:98:8a:33:7b:ed:93:9b:cf:68:b5:eb:42:da:6d:50:49:f0: + 14:27:01:f6:57:09:26:7c:61:81:d0:e5:e9:ec:6d:18:eb:97: + 1a:55:cf:1f:d9:20:67:8f:71:bb:0c:98:6d:c0:4b:85:32:c9: + d3:b7:f3:d0:60:fd:64:01 +-----BEGIN CERTIFICATE----- +MIID7DCCAdSgAwIBAgIBETANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjQxMFoXDTE5 +MDMxMTAzMjQxMFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj +YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR +YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU +Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm +bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH +AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgxLzAwMDMwDQYJ +KoZIhvcNAQEFBQADggIBAFp9XyXlWkk+6QZM8X+DfdQNEzY1vzKSaWAdri7tibPU +HnjShTV6H2UweF7TMGA9fSy+AmrwIl6ChlMBpLYcn9R56ezr2DOF+yHSgne5bSCO +r4L/JYInO9fZODGjK7xVACj2+b8B5mYLuKjtMAlSjb+Ue5bRk1ujpPGfqvQEVAtp +c6821z4zLCk4BJtlMjH6Fy8KnxkF2AEM2xMeVeyUOD+D7lA10W5PMsM90znIxcxW +tDMui3WgnM0o5UKhieEGkL3zjrVInhzdVk3Z7G4Le3LlCr5+M1oTJROHTJonSQJt +KFvnTRt8ESIQRbFXt/wSYmkkae5nzlsgcGoiKfSgkFnTor57QzpZCyPRLu1RmIfF +TRxkCPjKrzarXQDOFQD0rTREJ4tyxm0kTBrj90y8JaKo4qh5WFenXfAgKNLvhP/u +Qg8eWZNMBUX/wQ3LMB27JlpNJMBEUnczF93RAGMem03KKIu7/Q0L43ImlOKMWtca +pue3vEu/zAIs2JvLMX0JTBVzXRqoRhBmaICp8z34fJ1GPc6udW+S2zTT175sTna2 +treiqLmeqfFvpuUBu4ITvX8kgcMiVFjwfo2ahoIARmYz5JaYijN77ZObz2i160La +bVBJ8BQnAfZXCSZ8YYHQ5ensbRjrlxpVzx/ZIGePcbsMmG3AS4UyydO389Bg/WQB +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT3.crt b/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT3.crt new file mode 100644 index 0000000..830592a --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT3.crt @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 18 (0x12) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 13 03:24:20 2009 GMT + Not After : Mar 11 03:24:20 2019 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab: + 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68: + fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41: + b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07: + 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14: + 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3: + 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd: + bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57: + 2a:e8:e8:44:0f:59:ea:e7:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:82/0004 + + Signature Algorithm: sha1WithRSAEncryption + 1d:80:7c:33:dd:ab:99:c7:06:f5:aa:fd:16:7d:89:d8:a9:a2: + 89:38:af:26:b7:b1:0f:69:3d:d6:09:3e:6d:dd:d2:e0:51:b8: + 97:fc:8d:96:08:0d:33:2d:75:e7:d2:9e:47:2b:fd:46:5b:c9: + f2:68:4f:26:8f:83:3d:fc:aa:d7:6a:20:77:15:3f:78:d9:75: + b3:79:10:fd:ab:ab:95:34:69:64:3c:8a:65:6d:66:bb:a9:da: + 26:79:51:59:a7:c2:97:ea:6c:7f:31:91:d3:a5:c2:65:ca:d5: + 4f:6f:c8:d9:b9:c7:03:7b:c6:2d:16:5f:fe:de:02:28:f3:e9: + 64:ad:e9:62:3c:e5:91:31:0f:c9:c9:33:1a:a5:66:d8:5b:80: + 18:6f:5f:55:34:51:43:fa:79:50:ba:17:19:2c:b9:25:b8:a3: + a0:b2:08:38:49:6d:3c:86:8c:42:2c:d8:07:bd:39:f1:3c:97: + 8f:c6:83:cd:85:8f:e9:52:63:77:4f:d6:9e:58:3e:22:f8:29: + 8e:44:92:c6:b7:ab:28:35:22:7b:b7:d0:8f:34:70:15:f2:4b: + 91:65:42:8d:d5:ce:75:4b:2f:7b:7e:7f:7e:61:09:5b:b2:1a: + 64:94:18:c9:8e:c3:ee:a4:89:d6:97:55:76:28:b0:e6:bc:7c: + f0:c9:9b:20:e3:a5:10:da:c1:9c:c4:4e:ff:e8:ca:3c:19:82: + 06:d6:aa:05:cb:05:e5:bd:36:cf:4c:3a:a7:e6:21:af:e8:5e: + 2d:ee:3b:94:24:91:37:92:95:3f:d3:f8:b8:5a:13:56:16:a7: + 20:34:f6:fd:cb:59:6d:4c:ff:04:df:ef:61:08:d9:2f:85:a8: + b1:7c:07:80:93:31:7b:bb:7f:8d:17:ba:8b:64:41:82:4a:ca: + f6:a9:f7:69:b8:cf:ed:17:c1:ca:09:5a:52:c4:ce:a0:9c:e3: + 4c:52:ab:ea:b3:4f:3c:93:1d:50:bf:60:e8:6e:d1:bf:90:0c: + 3f:1d:6b:2c:a5:c5:bf:eb:e2:da:cb:76:56:08:51:cc:87:49: + 21:16:f0:a6:85:ce:0f:c3:32:c2:50:cc:04:f5:d1:bb:de:b8: + db:9b:79:e1:d2:73:14:b2:7c:5a:cf:26:7b:24:4a:58:48:58: + 2e:b1:a1:2f:01:c2:71:40:85:c8:9b:21:10:15:1a:3e:5e:3d: + 79:53:9c:82:b2:4e:ad:91:96:9f:03:c5:f6:44:ea:d6:d6:cf: + 3b:1e:74:e6:b1:f2:f4:b3:e0:7d:91:77:ac:50:d9:66:1b:73: + 59:3e:e6:18:07:bb:e0:60:4f:1e:8d:40:2b:da:25:ac:c8:85: + d6:31:62:f3:5b:05:4a:11 +-----BEGIN CERTIFICATE----- +MIID7DCCAdSgAwIBAgIBEjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjQyMFoXDTE5 +MDMxMTAzMjQyMFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj +YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR +YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU +Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm +bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH +AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgyLzAwMDQwDQYJ +KoZIhvcNAQEFBQADggIBAB2AfDPdq5nHBvWq/RZ9idipook4rya3sQ9pPdYJPm3d +0uBRuJf8jZYIDTMtdefSnkcr/UZbyfJoTyaPgz38qtdqIHcVP3jZdbN5EP2rq5U0 +aWQ8imVtZrup2iZ5UVmnwpfqbH8xkdOlwmXK1U9vyNm5xwN7xi0WX/7eAijz6WSt +6WI85ZExD8nJMxqlZthbgBhvX1U0UUP6eVC6FxksuSW4o6CyCDhJbTyGjEIs2Ae9 +OfE8l4/Gg82Fj+lSY3dP1p5YPiL4KY5Eksa3qyg1Inu30I80cBXyS5FlQo3VznVL +L3t+f35hCVuyGmSUGMmOw+6kidaXVXYosOa8fPDJmyDjpRDawZzETv/oyjwZggbW +qgXLBeW9Ns9MOqfmIa/oXi3uO5QkkTeSlT/T+LhaE1YWpyA09v3LWW1M/wTf72EI +2S+FqLF8B4CTMXu7f40XuotkQYJKyvap92m4z+0XwcoJWlLEzqCc40xSq+qzTzyT +HVC/YOhu0b+QDD8dayylxb/r4trLdlYIUcyHSSEW8KaFzg/DMsJQzAT10bveuNub +eeHScxSyfFrPJnskSlhIWC6xoS8BwnFAhcibIRAVGj5ePXlTnIKyTq2Rlp8DxfZE +6tbWzzsedOax8vSz4H2Rd6xQ2WYbc1k+5hgHu+BgTx6NQCvaJazIhdYxYvNbBUoR +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT4.crt b/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT4.crt new file mode 100644 index 0000000..0ff43d6 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT4.crt @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 19 (0x13) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 13 03:24:30 2009 GMT + Not After : Mar 11 03:24:30 2019 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab: + 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68: + fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41: + b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07: + 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14: + 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3: + 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd: + bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57: + 2a:e8:e8:44:0f:59:ea:e7:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:83/0005 + + Signature Algorithm: sha1WithRSAEncryption + 9b:ea:5d:a3:f4:b2:04:44:31:6b:64:e4:7d:25:5d:69:1b:25: + 3d:63:d4:3f:2c:0f:c6:60:44:70:18:57:31:be:84:38:e8:53: + 29:dd:5e:f2:5c:8e:41:6d:e8:ea:a7:23:91:b9:f4:c1:20:2c: + cd:d6:b4:b4:e6:9d:c3:b4:5b:4c:48:dd:3a:cc:cd:9e:0c:93: + bb:e0:03:43:1c:ab:01:86:4e:67:44:ad:68:3d:e6:00:4d:9e: + 95:5f:86:0f:e4:18:af:3d:76:a4:1b:91:5e:e8:07:2b:aa:62: + 4e:d9:af:f8:15:e7:3c:bb:8c:f4:a9:4f:df:72:f6:b0:6a:36: + ad:eb:d2:10:02:cb:65:28:a7:4c:4f:98:e1:7b:1e:aa:af:3e: + 61:65:91:58:94:99:26:69:29:06:50:02:44:61:a6:3c:ee:8a: + 7e:db:56:5a:f5:cc:d6:58:6f:a2:40:51:e1:81:fa:3b:b8:4b: + 8d:00:64:b2:99:d3:e7:8a:52:78:b3:67:a1:64:5d:dd:a0:c5: + 54:1d:de:07:29:ef:85:01:d4:e9:24:44:8b:df:9b:f5:ae:80: + 4d:fa:4d:08:76:7c:97:6b:86:74:22:56:d1:87:6b:41:54:66: + fc:3b:d2:3e:2d:95:c1:46:06:b9:db:0e:8b:e1:be:c8:56:82: + c3:1d:df:84:b6:50:ee:b8:30:3c:54:07:49:8b:e2:d4:a7:b8: + 35:0d:b6:09:7e:04:01:bb:71:86:8c:50:87:a7:3a:2d:b8:7c: + 24:cd:b1:a6:87:b8:eb:d5:dc:8f:02:21:f9:71:06:34:c4:e5: + 6f:ff:53:4b:dd:33:96:60:8b:6d:bb:03:b1:36:31:2d:02:6c: + 7f:ba:70:0a:78:b8:fb:45:92:84:5b:1e:a7:15:39:13:33:fd: + 6f:a7:95:76:10:1f:b3:cd:11:e8:ed:ce:2c:63:cd:64:23:62: + c4:21:d6:48:bf:f7:10:b8:da:d5:72:14:ad:5a:a0:5d:4a:2b: + a0:76:5f:b8:3b:d2:6b:8a:7f:6b:6a:cc:84:eb:6a:be:d9:26: + 2c:bb:38:06:b8:f4:d4:fb:78:85:83:c8:ad:6e:56:f9:67:5f: + bc:3c:41:b6:f0:6f:d4:45:78:ed:3e:2f:c7:3a:3e:9a:98:68: + c4:64:79:29:51:19:cd:a6:70:c4:04:30:50:86:9c:f2:54:57: + b1:e1:7d:4a:d5:34:fc:93:31:6d:64:15:79:31:c0:70:d5:db: + bc:a0:be:21:22:1e:61:ac:4a:9f:a2:a6:ff:de:52:2e:31:d7: + 5e:39:66:c6:47:55:f6:64:f5:bd:ed:c0:60:b8:59:88:a1:8e: + 8c:5f:20:1b:be:41:51:f4 +-----BEGIN CERTIFICATE----- +MIID7DCCAdSgAwIBAgIBEzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjQzMFoXDTE5 +MDMxMTAzMjQzMFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj +YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR +YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU +Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm +bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH +AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgzLzAwMDUwDQYJ +KoZIhvcNAQEFBQADggIBAJvqXaP0sgREMWtk5H0lXWkbJT1j1D8sD8ZgRHAYVzG+ +hDjoUyndXvJcjkFt6OqnI5G59MEgLM3WtLTmncO0W0xI3TrMzZ4Mk7vgA0McqwGG +TmdErWg95gBNnpVfhg/kGK89dqQbkV7oByuqYk7Zr/gV5zy7jPSpT99y9rBqNq3r +0hACy2Uop0xPmOF7HqqvPmFlkViUmSZpKQZQAkRhpjzuin7bVlr1zNZYb6JAUeGB ++ju4S40AZLKZ0+eKUnizZ6FkXd2gxVQd3gcp74UB1OkkRIvfm/WugE36TQh2fJdr +hnQiVtGHa0FUZvw70j4tlcFGBrnbDovhvshWgsMd34S2UO64MDxUB0mL4tSnuDUN +tgl+BAG7cYaMUIenOi24fCTNsaaHuOvV3I8CIflxBjTE5W//U0vdM5Zgi227A7E2 +MS0CbH+6cAp4uPtFkoRbHqcVORMz/W+nlXYQH7PNEejtzixjzWQjYsQh1ki/9xC4 +2tVyFK1aoF1KK6B2X7g70muKf2tqzITrar7ZJiy7OAa49NT7eIWDyK1uVvlnX7w8 +Qbbwb9RFeO0+L8c6PpqYaMRkeSlRGc2mcMQEMFCGnPJUV7HhfUrVNPyTMW1kFXkx +wHDV27ygviEiHmGsSp+ipv/eUi4x1145ZsZHVfZk9b3twGC4WYihjoxfIBu+QVH0 +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT5.crt b/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT5.crt new file mode 100644 index 0000000..099dd23 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT5.crt @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 20 (0x14) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 13 03:24:40 2009 GMT + Not After : Mar 11 03:24:40 2019 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab: + 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68: + fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41: + b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07: + 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14: + 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3: + 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd: + bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57: + 2a:e8:e8:44:0f:59:ea:e7:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:84/0006 + + Signature Algorithm: sha1WithRSAEncryption + 49:da:46:14:f1:5a:4a:09:cb:36:a5:fe:ab:50:f5:ea:e1:b2: + 18:79:dc:d7:79:bb:a8:b0:8d:0b:b5:e1:a9:60:db:8a:e9:3a: + b8:15:b0:eb:e4:45:bf:90:64:6b:4e:c1:dc:7e:9d:5f:47:0e: + be:7b:22:ba:c2:71:3d:5d:8b:8f:14:67:1d:19:51:54:05:5a: + 06:11:e1:1f:ca:bb:98:1a:a3:d6:16:b9:5d:8d:03:70:28:40: + ca:3a:7d:fe:a7:c3:40:ab:7a:0a:42:3a:95:f6:da:fd:bc:d9: + 09:50:70:9a:7a:b4:e9:ae:75:b7:cd:a8:56:f4:2e:7c:ef:40: + 63:6d:02:da:50:29:c8:df:2f:40:04:84:9d:60:a2:3c:21:fc: + d6:64:02:72:cb:4c:5b:e1:68:d9:0a:16:84:58:47:a5:d1:28: + 18:86:eb:07:b9:1f:db:9f:46:de:6b:2d:2e:4e:20:9a:40:3a: + 56:86:28:9f:c5:15:97:1a:3f:70:18:5f:44:1d:64:d0:76:ef: + 09:c5:23:21:03:32:9c:c4:23:af:c4:1f:85:fd:da:b8:40:33: + b6:c2:7d:2b:67:ff:88:a0:9c:a8:2e:9e:4b:40:44:6b:bc:c0: + 3b:f2:b3:a3:d5:f0:b4:04:85:cd:b4:cd:49:3d:34:64:1e:1d: + 16:a1:8f:05:74:8e:91:ee:98:6c:cc:c8:d8:c3:5e:fd:65:4a: + 15:ed:28:cb:0b:c3:b6:29:bc:d6:3d:0d:0e:a8:21:36:27:74: + 9d:f2:7c:58:1f:88:25:35:2b:7f:4c:16:38:df:0f:32:8f:db: + 22:96:ad:e8:8b:bd:d8:d5:e9:e1:b0:fe:53:03:e6:c7:67:78: + bf:a6:50:dc:2a:0a:c9:a2:df:6a:d5:c3:db:eb:20:1c:78:ed: + 69:14:d4:f5:26:62:78:f6:33:a0:ac:95:19:5d:a6:d9:30:8d: + 21:80:2d:42:dc:a5:a5:a0:42:41:e8:60:f1:4d:81:6d:e6:58: + 32:b9:e4:23:09:34:3e:7a:fb:69:4b:f3:c0:8a:00:c3:59:2b: + 02:13:fc:4e:9c:3e:8f:34:fe:b0:ca:07:df:6b:1d:97:9c:ca: + a9:b1:b6:8f:2d:92:6c:12:4b:64:23:d6:47:c1:f2:6f:79:16: + 78:7b:f8:36:b9:83:a3:a4:e7:0f:c0:99:d9:a3:09:45:ac:92: + 52:62:26:64:51:04:e9:92:6f:3e:f9:62:93:c5:2a:00:5b:d3: + 0b:66:75:ad:bb:5d:12:37:09:3c:b6:95:6d:c2:05:17:8f:d7: + 79:aa:0d:6a:6c:00:6e:94:0c:e8:e3:31:9d:8e:63:e9:f9:d2: + dc:8e:07:36:9a:e3:08:55 +-----BEGIN CERTIFICATE----- +MIID7DCCAdSgAwIBAgIBFDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjQ0MFoXDTE5 +MDMxMTAzMjQ0MFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj +YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR +YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU +Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm +bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH +AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjg0LzAwMDYwDQYJ +KoZIhvcNAQEFBQADggIBAEnaRhTxWkoJyzal/qtQ9erhshh53Nd5u6iwjQu14alg +24rpOrgVsOvkRb+QZGtOwdx+nV9HDr57IrrCcT1di48UZx0ZUVQFWgYR4R/Ku5ga +o9YWuV2NA3AoQMo6ff6nw0CregpCOpX22v282QlQcJp6tOmudbfNqFb0LnzvQGNt +AtpQKcjfL0AEhJ1gojwh/NZkAnLLTFvhaNkKFoRYR6XRKBiG6we5H9ufRt5rLS5O +IJpAOlaGKJ/FFZcaP3AYX0QdZNB27wnFIyEDMpzEI6/EH4X92rhAM7bCfStn/4ig +nKgunktARGu8wDvys6PV8LQEhc20zUk9NGQeHRahjwV0jpHumGzMyNjDXv1lShXt +KMsLw7YpvNY9DQ6oITYndJ3yfFgfiCU1K39MFjjfDzKP2yKWreiLvdjV6eGw/lMD +5sdneL+mUNwqCsmi32rVw9vrIBx47WkU1PUmYnj2M6CslRldptkwjSGALULcpaWg +QkHoYPFNgW3mWDK55CMJND56+2lL88CKAMNZKwIT/E6cPo80/rDKB99rHZecyqmx +to8tkmwSS2Qj1kfB8m95Fnh7+Da5g6Ok5w/AmdmjCUWsklJiJmRRBOmSbz75YpPF +KgBb0wtmda27XRI3CTy2lW3CBReP13mqDWpsAG6UDOjjMZ2OY+n50tyOBzaa4whV +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT6.crt b/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT6.crt new file mode 100644 index 0000000..30ab2f1 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT6.crt @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 22 (0x16) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 14 13:48:12 2009 GMT + Not After : Mar 14 13:48:12 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab: + 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68: + fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41: + b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07: + 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14: + 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3: + 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd: + bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57: + 2a:e8:e8:44:0f:59:ea:e7:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:85/0007 + + Signature Algorithm: sha1WithRSAEncryption + b1:9e:ce:8d:09:9e:f9:21:6f:be:f2:a7:54:6e:24:82:e3:2b: + 88:b7:0d:e0:e2:49:33:b4:8b:ad:60:71:cc:20:23:57:cf:17: + a8:46:c0:a7:1a:5f:8e:8d:1a:cc:0b:1b:da:a4:34:b1:d7:74: + 1b:a7:e4:71:a1:2d:fd:2e:18:51:02:2c:93:ff:a9:f7:98:bd: + ed:6b:4c:55:8e:24:f6:97:8e:8a:80:56:52:7a:17:da:94:96: + fa:27:78:8c:65:40:a6:b1:d2:2a:13:fe:76:c0:0c:f2:04:3f: + d1:88:25:c3:5a:05:ca:33:d7:bb:27:e2:8b:e8:d4:00:fd:fc: + b6:a8:9d:27:c2:f9:ea:98:32:79:85:9d:a3:e7:bf:78:65:e8: + 15:ef:49:48:87:a9:b2:b4:c4:cb:ec:a7:da:90:36:d6:c5:6f: + ff:c3:85:19:13:0b:27:6a:d3:c4:e7:97:62:08:49:a3:e9:22: + 9a:3c:d1:91:8f:6e:8e:87:47:0e:38:43:8e:5a:84:f6:9c:24: + c1:9f:90:29:dc:38:73:72:7d:3f:d6:7f:dd:b3:d1:1d:cf:7b: + bc:31:a6:6b:b4:be:10:06:94:69:a0:16:ef:bd:e9:e7:a2:8b: + 18:e1:10:27:7f:9d:8a:f9:60:18:d5:93:54:d6:4e:c2:31:bf: + 37:00:db:d5:cf:85:da:e9:7b:e4:bb:48:f3:a5:6e:ba:48:1b: + 50:6a:10:99:f8:77:81:95:78:1b:d0:fe:d0:74:47:28:05:34: + 32:32:5f:1f:52:42:85:f8:7a:f1:a8:87:ff:2f:6c:ec:83:09: + 91:85:0a:43:ce:35:a2:7f:94:b6:ae:70:94:b6:0f:c9:c7:8a: + ee:7c:a7:32:8a:ee:c3:e1:ee:01:34:c1:b8:db:98:80:4c:ac: + 5f:ac:18:02:fa:f5:c1:36:df:39:57:57:81:b9:26:d0:81:0e: + 75:79:18:21:29:a6:cb:eb:97:58:f2:dd:8a:88:c1:a2:c7:54: + 9f:97:89:b1:ef:ff:11:5f:18:0a:cd:25:3e:d8:35:07:45:55: + 1e:bb:a2:54:fc:66:ac:0f:ac:2a:77:d6:1a:a4:44:cc:5a:49: + 37:45:70:5b:c9:3d:2c:6d:c1:7e:af:4d:9c:4f:2a:a2:d9:01: + 3d:e2:7f:a4:f2:4b:d7:60:b1:06:a3:b4:46:35:43:1c:be:79: + 46:a7:8a:50:ee:22:4f:b8:57:45:c9:83:8a:65:bb:7a:86:b3: + 30:3a:7c:62:d3:b7:08:34:a7:05:0a:44:a7:57:5c:2b:b6:34: + 03:ea:3a:61:06:c9:f2:65:16:f2:20:c5:32:0a:61:20:c9:f7: + 07:2e:e8:d2:f2:67:c4:64 +-----BEGIN CERTIFICATE----- +MIID7DCCAdSgAwIBAgIBFjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNDEzNDgxMloXDTEw +MDMxNDEzNDgxMlowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj +YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR +YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU +Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm +bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH +AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjg1LzAwMDcwDQYJ +KoZIhvcNAQEFBQADggIBALGezo0Jnvkhb77yp1RuJILjK4i3DeDiSTO0i61gccwg +I1fPF6hGwKcaX46NGswLG9qkNLHXdBun5HGhLf0uGFECLJP/qfeYve1rTFWOJPaX +joqAVlJ6F9qUlvoneIxlQKax0ioT/nbADPIEP9GIJcNaBcoz17sn4ovo1AD9/Lao +nSfC+eqYMnmFnaPnv3hl6BXvSUiHqbK0xMvsp9qQNtbFb//DhRkTCydq08Tnl2II +SaPpIpo80ZGPbo6HRw44Q45ahPacJMGfkCncOHNyfT/Wf92z0R3Pe7wxpmu0vhAG +lGmgFu+96eeiixjhECd/nYr5YBjVk1TWTsIxvzcA29XPhdrpe+S7SPOlbrpIG1Bq +EJn4d4GVeBvQ/tB0RygFNDIyXx9SQoX4evGoh/8vbOyDCZGFCkPONaJ/lLaucJS2 +D8nHiu58pzKK7sPh7gE0wbjbmIBMrF+sGAL69cE23zlXV4G5JtCBDnV5GCEppsvr +l1jy3YqIwaLHVJ+XibHv/xFfGArNJT7YNQdFVR67olT8ZqwPrCp31hqkRMxaSTdF +cFvJPSxtwX6vTZxPKqLZAT3if6TyS9dgsQajtEY1Qxy+eUanilDuIk+4V0XJg4pl +u3qGszA6fGLTtwg0pwUKRKdXXCu2NAPqOmEGyfJlFvIgxTIKYSDJ9wcu6NLyZ8Rk +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT7.crt b/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT7.crt new file mode 100644 index 0000000..d3d25a0 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT7.crt @@ -0,0 +1,82 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 41 (0x29) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 16 23:32:11 2009 GMT + Not After : Mar 14 23:32:11 2019 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Seventh OCSP Client certificate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:ab:f9:60:ff:9d:55:0f:31:12:2c:f2:df:64:22: + fb:c0:97:1d:e4:13:fb:d7:15:37:5d:b9:2d:97:37: + c4:e8:34:cb:00:85:22:4d:8a:85:80:a1:ae:90:5e: + 71:bf:6d:0d:a3:c3:8d:ce:47:58:60:25:bb:9c:95: + 0a:0b:cd:23:01:ae:18:be:d5:65:bd:8b:55:bf:ee: + 59:8a:db:20:bd:f9:f3:ac:53:2e:09:99:fb:27:7d: + 23:8b:f6:96:d9:41:37:0a:43:16:1f:f9:5d:84:b3: + 3b:79:45:ff:dd:b2:35:99:c0:db:85:24:22:a8:7e: + ff:e0:8b:f2:d8:ca:3e:ae:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:86/0008 + + Signature Algorithm: sha1WithRSAEncryption + 08:02:c2:09:8a:f6:f1:d7:9e:d3:30:dc:ce:97:fc:84:bd:5b: + ae:60:39:82:0a:06:38:43:1e:55:de:83:11:d3:12:e0:81:76: + fd:5c:6e:9e:30:73:6d:8f:b2:32:a6:60:24:24:ee:e3:fd:73: + 10:12:e6:c7:23:6b:1f:4e:b5:52:e3:12:09:ee:dd:19:d2:b4: + a6:34:e6:14:3c:79:58:95:4b:25:e3:f6:97:d2:cc:20:93:48: + 1f:d5:2f:37:db:15:bf:f4:71:ad:04:bd:95:80:57:a5:49:bb: + aa:ca:f3:ff:af:62:dd:f9:94:75:38:59:6c:74:ef:ac:1e:19: + 60:6d:4b:be:f7:62:2f:c6:68:b9:c4:fc:8a:fd:9f:b2:4d:44: + 87:12:51:6e:7d:5f:41:2c:ea:e6:9c:3c:bd:cf:dc:aa:14:b2: + 34:16:e0:38:b3:8c:f4:d7:68:1f:6c:cc:3c:da:30:32:8e:58: + 5b:9a:bf:75:7a:38:a3:cf:60:6f:74:cc:a6:c1:55:f6:96:84: + 98:04:db:b1:07:d6:f6:06:11:af:c2:fb:81:a4:77:04:4d:55: + 9d:c4:28:d4:3c:d0:97:a0:f8:d4:18:59:cc:23:3a:b3:c0:82: + ad:1d:e2:4c:e4:da:24:73:cd:77:ab:db:22:07:94:d1:16:26: + 27:82:e2:d5:82:f9:e1:29:fb:8f:9e:88:a2:1b:5c:8b:31:3c: + c6:1c:ae:16:31:28:f8:e2:5c:9d:e9:e8:d7:d9:fe:0a:39:3f: + fa:65:20:53:5e:20:32:4b:b8:a8:4b:a8:b8:e8:f1:3f:0a:80: + 7d:b4:8c:1b:e6:54:d3:02:d6:56:a3:a6:4e:87:9a:51:ed:0d: + 52:9b:e1:66:c8:64:c8:95:55:08:aa:f9:c0:9d:5a:89:03:21: + 6b:29:96:f8:42:64:6a:3f:d5:92:d5:13:00:6c:89:38:ea:01: + 0d:28:3b:a0:12:e1:cf:cf:fd:10:5e:a3:9b:67:0b:3e:a7:17: + 7a:de:76:25:26:54:db:0f:a8:f9:e9:50:f0:1e:9a:0d:ad:d6: + ad:63:32:be:c0:bb:7a:66:be:c9:d3:f2:1e:48:c3:f5:2b:15: + 4d:39:cc:88:32:65:97:99:01:41:12:07:4e:d7:1d:af:fa:46: + 29:93:02:70:ed:df:89:a3:d5:50:1c:07:ed:df:f8:5c:d6:11: + c6:1a:32:e6:2b:e7:49:d8:82:16:dd:41:5d:13:9c:a0:00:68: + 82:54:f8:5e:2a:81:3e:fe:0b:bf:6e:de:e2:b4:4f:09:31:74: + 4d:6a:2d:b7:a9:0a:54:f4:a7:1f:63:8a:6e:73:bc:e3:38:9e: + b8:26:e5:f6:8a:dd:ad:14 +-----BEGIN CERTIFICATE----- +MIID7TCCAdWgAwIBAgIBKTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjIzMzIxMVoXDTE5 +MDMxNDIzMzIxMVowZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xKDAmBgNVBAMTH1NldmVudGggT0NTUCBD +bGllbnQgY2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKv5 +YP+dVQ8xEizy32Qi+8CXHeQT+9cVN125LZc3xOg0ywCFIk2KhYChrpBecb9tDaPD +jc5HWGAlu5yVCgvNIwGuGL7VZb2LVb/uWYrbIL3586xTLgmZ+yd9I4v2ltlBNwpD +Fh/5XYSzO3lF/92yNZnA24UkIqh+/+CL8tjKPq7lAgMBAAGjODA2MDQGCCsGAQUF +BwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovLzEyNy4wLjAuMTo4Ni8wMDA4MA0G +CSqGSIb3DQEBBQUAA4ICAQAIAsIJivbx157TMNzOl/yEvVuuYDmCCgY4Qx5V3oMR +0xLggXb9XG6eMHNtj7IypmAkJO7j/XMQEubHI2sfTrVS4xIJ7t0Z0rSmNOYUPHlY +lUsl4/aX0swgk0gf1S832xW/9HGtBL2VgFelSbuqyvP/r2Ld+ZR1OFlsdO+sHhlg +bUu+92Ivxmi5xPyK/Z+yTUSHElFufV9BLOrmnDy9z9yqFLI0FuA4s4z012gfbMw8 +2jAyjlhbmr91ejijz2BvdMymwVX2loSYBNuxB9b2BhGvwvuBpHcETVWdxCjUPNCX +oPjUGFnMIzqzwIKtHeJM5Nokc813q9siB5TRFiYnguLVgvnhKfuPnoiiG1yLMTzG +HK4WMSj44lyd6ejX2f4KOT/6ZSBTXiAyS7ioS6i46PE/CoB9tIwb5lTTAtZWo6ZO +h5pR7Q1Sm+FmyGTIlVUIqvnAnVqJAyFrKZb4QmRqP9WS1RMAbIk46gENKDugEuHP +z/0QXqObZws+pxd63nYlJlTbD6j56VDwHpoNrdatYzK+wLt6Zr7J0/IeSMP1KxVN +OcyIMmWXmQFBEgdO1x2v+kYpkwJw7d+Jo9VQHAft3/hc1hHGGjLmK+dJ2IIW3UFd +E5ygAGiCVPheKoE+/gu/bt7itE8JMXRNai23qQpU9KcfY4puc7zjOJ64JuX2it2t +FA== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT7.key b/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT7.key new file mode 100644 index 0000000..9bb405a --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/OCSP_CLIENT7.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQCr+WD/nVUPMRIs8t9kIvvAlx3kE/vXFTdduS2XN8ToNMsAhSJN +ioWAoa6QXnG/bQ2jw43OR1hgJbuclQoLzSMBrhi+1WW9i1W/7lmK2yC9+fOsUy4J +mfsnfSOL9pbZQTcKQxYf+V2Eszt5Rf/dsjWZwNuFJCKofv/gi/LYyj6u5QIDAQAB +AoGATwAeWQ5TdskaCl//0yZm9A/3gUDU3fc3GezpTqAl6m3mG3UNTwWlUnPzlwpr +wn48V9CLogkQRgrPZpzoooc33trobB4AOArUwvmOpvfUTV6QfqgqKetBoWkRbnW2 +bRPSg+6Au8WhS97WYjMJishKsqgJSxzM/O8ZGD0rypiHG8ECQQDVGGBveE6MUIgg +UisnkmB/bgdLwfM9h5hTWMvorS66QLJeMbYUBzPRsQbzjaplvqwc/MhNNFa+bW4h +tBpMGkbpAkEAzpl8u/pXWR1IsIrl8nyVRRJQCqElrAds/biF7uKeYeQzDJjRLHdy +8a2KEXL79fCEagf4BYuMIpSp1lJWcZxinQJBAJxefe1uT91g/vMQuMAaBpubxtjN +ostk499NSpwb8S0Vao36Vo0N1/WovNwd+Ysdxriiue0FWh30uRscSSvNIHkCQAtT +nOQNaIaJNXgAVXUC4Ygk5eB/TzpsOcx7NlSPdhF12lqhci5W6iVX1073l9q28fuC +LlXXfbpTnjAS2Yxm/30CQAPX7Gx0QbM+juuMhZXNUSZdGXgRe59Y0sDRqJ8WPAUR +6ADfsota0RF80sIFT0NJLe1AIjaC/U5hlFrCtEceov8= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/authorities/ca.crt b/tests/cert-svc/data/TestData/ssl/authorities/ca.crt new file mode 100644 index 0000000..646524d --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/authorities/ca.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFMDCCAxgCCQDyW0BbwrfQZDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJL +UjETMBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNV +BAoTDVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMwNjA3MjIxNFoX +DTE5MDMwNDA3MjIxNFowWjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2kt +RG8xETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMQsw +CQYDVQQDEwJDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMXhh68a +WUeOMDqFnGm1yuqgKJ5gL7aLXkLvaoptZnZchTi+LbzDEIhAyHLVZhzW5TTalY9I +svqIB+vax6kYSJl1vzIqha7dBsHcftCqJqlDwl35pPOOfDJBcMjd211arVe/7XHI +sdTmOaGpBVF/7WGMGgla9HIFLnr/EocSdxq/tyU82TPHBpTfjOnkXxuZLkvcTBdm +2e3Za6iLoXZBUwqAEbbfTQnsBClcBgUyaVR1bxwLjEbjmg8N9RvpHSNDhVBQkjRg +80znryxojICHB3JplfNBFGJ+PtymRXQEouvzZRiy0tLRHydvULO1hsVO/mGtaKyh +FILUkn240w1u8aiyM/7a1VEy+hYS4lLOiQnbCsZI6gWdzmroa1tBOOV3mjTb0tjn +xIGbGu2fnEQMrKhRBN1l04hELBlTUqGgvXqWBgYB03uaHt61Ul4HjAPqLWkmWu/C +ZlEO6ewoCoJHCPR0Z89gGdrcMzJBaF2dsceurIcYL+rSlALTkpo3SiQiRlqcNSQQ +UUhFcE+fsQq050gXxk6AMjZi3EZC/Lj2Z/oYcf5hiwt7gnzMux5A0Mxob8g4gRGI +hOOxDxZg53X9frdTW6xnMTGHq2mqmVtQnquvz6MNcDw7cnJBUQkUWHkq4wvL3y6z +bhBFUXsX7gBKox0JMY3PHeH+untLNoWdi9F9AgMBAAEwDQYJKoZIhvcNAQEFBQAD +ggIBAHVU/HAqDC+bX8J0Nt7y0jO1ioUun6qPzjcQ9QRYjZ71JrsRbTgNmYkKtBi1 +8TZ/Dyq27OO612N4qrGe8dZwTK7z8bhVv4+mjgpP/uyO1woLDpYof26z09cfYd3z +J0OE7Ta0/OlMYCDWl6ORPCNkfv7Bj0cS/XsJczfJAaPdyUozTR6Jl4qARHgS07H4 +ITZGnzPSk34AhJdZFVcnepCSjb4eXTJw1xjAd/OIaD8qtAnrrx/RnWAiii7BIUN/ +O6oOBSumPIrzBbgOJ96KyE5DDaoaECBWEFeyLsXk9PW3PC4CcPrTW1qjkr2cFrPm +oYhIb2NkYQzpx36wLqG9tiGGiO8BFmyDjffAu8rBvMIFDGjy62fA+n/BMyrfxrQ3 +bKPt/GVHEEhhpNVAF+aRdJk7UtirLIrOYnRJDcbi51ZYiLpogmsH0PZ7JcC2ZkCb +w753asG0K48OcRNw4c2D0tOXWUE+pkTjbE4HUD4xU+of3x3V98xHghd2G8MOMoRL +M4tcK/zs76pOY6gfNuZe8nN/9RI+gsiiswWLkSBDEJEAEngZchdmd0I+8ed9qKW8 +Sm+85bfdya+Pbl858kubbkVup8wdl6wfILV+1XZOks1enknQYbls6Gx6mF9Llx1h +mEHwvjERzOA7ykbVsRj/42Rn4g6JNEzJIZCsaSowk1zt0imn +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain1.crl b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain1.crl new file mode 100644 index 0000000..75efe22 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain1.crl @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD +VQQDEwxDZXJ0IENoYWluIDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMe1 +y9pN5QxRxXP50eN0G1usaTIVMbxvSvM62+uLYBoF/AcNHKH89yAuZZUYYfLuOH6N +6Q/7oedTTWr+xLM5u2/5FLGvEyUM87IM6GPfiNtVTdKVYa1H/eUE/Wzvy9rPThrh +mA/dfgEwFcQV6c269viBSzUVLpEFZNOGxZ4NrV5pAgMBAAGgADANBgkqhkiG9w0B +AQUFAAOBgQBLCg6kFYFJpEjLdeXsScF/NQ1oBOxzF3GsEfhV1fwErLk9fvW4xep8 +CkzYzXbvZrrW1MLYgj0Bp0A3HJjnLttZXLXB2rmgwvWdcap7QziypjoR2R2GmPhm +4iVZyKpVW19lV3ofUHLU6TTbP0wC3LGfQoSZv80Tp6mBdtwccQGDHQ== +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain1.crt b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain1.crt new file mode 100644 index 0000000..c4eb3e2 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain1.crt @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 50 (0x32) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 24 07:30:26 2009 GMT + Not After : Mar 24 07:30:26 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c7:b5:cb:da:4d:e5:0c:51:c5:73:f9:d1:e3:74: + 1b:5b:ac:69:32:15:31:bc:6f:4a:f3:3a:db:eb:8b: + 60:1a:05:fc:07:0d:1c:a1:fc:f7:20:2e:65:95:18: + 61:f2:ee:38:7e:8d:e9:0f:fb:a1:e7:53:4d:6a:fe: + c4:b3:39:bb:6f:f9:14:b1:af:13:25:0c:f3:b2:0c: + e8:63:df:88:db:55:4d:d2:95:61:ad:47:fd:e5:04: + fd:6c:ef:cb:da:cf:4e:1a:e1:98:0f:dd:7e:01:30: + 15:c4:15:e9:cd:ba:f6:f8:81:4b:35:15:2e:91:05: + 64:d3:86:c5:9e:0d:ad:5e:69 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 0a:20:59:10:b7:68:03:8d:c5:82:bf:b2:4d:4e:a5:0b:54:51: + 27:4d:ec:86:a8:f0:5c:e8:8d:20:23:f5:81:c2:61:7a:40:2c: + dc:bd:dd:7e:d1:f1:4e:70:4c:77:7b:11:ed:1b:4b:a6:1e:4d: + 6d:9b:f4:99:81:39:a3:3d:cd:fc:1f:ce:16:62:05:c4:99:1c: + 68:e3:98:d6:47:ea:73:e4:b0:70:d3:fa:23:b9:4d:8a:09:91: + 66:ef:57:cb:68:1c:39:c3:5c:c3:92:a3:d0:c5:db:65:af:e2: + 18:62:73:e4:aa:be:c7:e6:a5:7b:e7:31:f0:30:3e:2a:0c:1a: + 21:f1:1e:19:5f:12:b7:31:58:93:46:12:f0:7e:a8:73:46:a1: + df:2b:c3:8c:c1:ea:0f:a3:29:20:e3:ee:ad:6f:d4:a1:db:f9: + 76:d1:20:71:78:a1:b9:fb:b2:27:df:61:5a:00:17:38:29:f7: + 65:14:98:26:87:83:a2:84:31:1c:a2:22:12:2f:9a:1d:fa:bd: + 55:0c:f3:71:10:bb:f5:42:a4:12:01:61:87:2b:3e:46:bd:ad: + 4b:6b:07:e3:64:30:3a:1f:57:b8:26:44:27:de:c3:8e:07:c6: + 24:06:97:4a:10:4e:7a:b5:60:d9:b2:4d:4d:ad:38:6f:0e:41: + db:f4:a8:51:81:42:79:fd:c5:94:67:8f:21:d5:05:bc:7b:b8: + f3:94:8b:39:0c:30:7b:42:09:0f:77:0e:7e:93:e8:35:b0:ac: + 00:e0:4d:03:a6:3c:f3:96:bf:23:06:95:0d:bb:20:26:9c:7b: + 86:6c:f6:ff:84:65:a8:35:de:ad:c8:c6:57:c1:00:ae:61:4e: + 2a:0c:67:f0:9a:e3:36:4a:45:5f:3f:1f:20:13:fe:0a:f9:7d: + b5:a4:ba:ba:b5:f6:09:9e:40:fb:c6:d6:f5:74:d4:ea:0d:4b: + 53:32:89:3d:7b:f5:c3:42:3d:57:69:76:07:28:1a:62:f7:24: + c3:a1:cf:6c:77:d6:6e:98:9a:ce:4f:59:e2:94:d7:8d:80:40: + f4:eb:84:40:ca:7e:67:0e:58:7c:b8:12:e0:8e:f1:67:05:5e: + ff:b4:5e:84:cf:3a:af:d1:26:49:91:8c:60:3c:c6:8a:ed:3f: + be:30:0c:f0:1e:62:1d:61:cd:00:d5:7d:97:47:c6:28:94:90: + 91:47:a1:18:6e:8a:97:6c:51:f4:52:0b:69:d3:c0:4b:2b:7a: + 1b:cf:3a:7d:d4:56:a5:b4:df:95:d9:b7:db:c1:ee:4c:72:27: + 21:b4:19:06:de:57:19:e3:7f:22:11:72:9f:01:68:9d:a5:aa: + d2:85:85:b8:59:15:c6:24 +-----BEGIN CERTIFICATE----- +MIID2jCCAcKgAwIBAgIBMjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMyNDA3MzAyNloXDTEw +MDMyNDA3MzAyNlowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gMTCB +nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAx7XL2k3lDFHFc/nR43QbW6xpMhUx +vG9K8zrb64tgGgX8Bw0cofz3IC5llRhh8u44fo3pD/uh51NNav7Eszm7b/kUsa8T +JQzzsgzoY9+I21VN0pVhrUf95QT9bO/L2s9OGuGYD91+ATAVxBXpzbr2+IFLNRUu +kQVk04bFng2tXmkCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzAB +hhhodHRwOi8vMTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADggIBAAog +WRC3aAONxYK/sk1OpQtUUSdN7Iao8FzojSAj9YHCYXpALNy93X7R8U5wTHd7Ee0b +S6YeTW2b9JmBOaM9zfwfzhZiBcSZHGjjmNZH6nPksHDT+iO5TYoJkWbvV8toHDnD +XMOSo9DF22Wv4hhic+SqvsfmpXvnMfAwPioMGiHxHhlfErcxWJNGEvB+qHNGod8r +w4zB6g+jKSDj7q1v1KHb+XbRIHF4obn7siffYVoAFzgp92UUmCaHg6KEMRyiIhIv +mh36vVUM83EQu/VCpBIBYYcrPka9rUtrB+NkMDofV7gmRCfew44HxiQGl0oQTnq1 +YNmyTU2tOG8OQdv0qFGBQnn9xZRnjyHVBbx7uPOUizkMMHtCCQ93Dn6T6DWwrADg +TQOmPPOWvyMGlQ27ICace4Zs9v+EZag13q3IxlfBAK5hTioMZ/Ca4zZKRV8/HyAT +/gr5fbWkurq19gmeQPvG1vV01OoNS1MyiT179cNCPVdpdgcoGmL3JMOhz2x31m6Y +ms5PWeKU142AQPTrhEDKfmcOWHy4EuCO8WcFXv+0XoTPOq/RJkmRjGA8xortP74w +DPAeYh1hzQDVfZdHxiiUkJFHoRhuipdsUfRSC2nTwEsrehvPOn3UVqW035XZt9vB +7kxyJyG0GQbeVxnjfyIRcp8BaJ2lqtKFhbhZFcYk +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain1.key b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain1.key new file mode 100644 index 0000000..e152d65 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain1.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDHtcvaTeUMUcVz+dHjdBtbrGkyFTG8b0rzOtvri2AaBfwHDRyh +/PcgLmWVGGHy7jh+jekP+6HnU01q/sSzObtv+RSxrxMlDPOyDOhj34jbVU3SlWGt +R/3lBP1s78vaz04a4ZgP3X4BMBXEFenNuvb4gUs1FS6RBWTThsWeDa1eaQIDAQAB +AoGBAITKrA6vRsLnSGyyS057cImHXbdQgm6ybdrHY13+odsL6aXioQxRAR1j3GXD +/bUjk2sK/1KCVghTyqF/X9lwZOGFOM5XsyptHxF/afgBljGzZwW21GBG4hSfSOjm ++yL2Xhlejol1GbC3D9jLksxrfcKuVFkXbBJVYp1dQ+9wBWvRAkEA8AwIpeMYz4/B +W83f2FnK81ETeO8DKldFQADlgv4q3F/un2oSCxBglyyq0i7JjdK2/kgxHN62zsxZ +LeDZUr1z5QJBANT7gO03J8jODO8wqqaS63T/0vxoMHrAF/l/NC0Fpk5AZutDvsn9 +yWLy0PNwJlLzKo8XBCjIY9wVxiwS9/Ic4DUCQFWUpLyns1/Eq7YUNvsGQFHxFNUn +uWQuCvVfnHPQM+2vkf5prZceNqGO/jPDFH6ooi8UA9Z8HIar2ht+L1zNSHUCQQDI +Ifk5bv2sfKq8zH9e/WnRzF7nHcSIZB9jLDvMHqXynCPZ6RPL3PWzTDY6uuTYR3Vz +dg5LgFoNwkwwuDZTRP0NAkAUHcJbjs2ey95utZ/to9Cl+ztaJWoa83dSQCx978l0 +a9O/kVYympJTHCnL8mU9QqePQvJjtgBY4ypcsaJ2luFV +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain10.crl b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain10.crl new file mode 100644 index 0000000..1fa3283 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain10.crl @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBpTCCAQ4CAQAwZTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRYwFAYD +VQQDEw1DZXJ0IENoYWluIDEwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa +eurpTfFGrr35DIHe/fTPE/x0VBv3+9Ow9q4y/hcN35Hid8e3ZItTSLJQxhDTTcLC +nlPRrzv+0MNkv5VIo16FKffDGUxUCXpCgby58GPrCpA8nfoluO6AUMG5wo0o66Qb +iLUvDDAEjJeoqZonfFp5A0n87IE5YRxSm5ea8FTbLwIDAQABoAAwDQYJKoZIhvcN +AQEFBQADgYEAm45LnopOspLWfwwEJxCYyX/DmQ8v7bsm50hvVAn71/Zh9GiD3cnV +fgsyNQsoPR56gnh9y8QJvZjfUzQue37ueMZyXegCbgn2/bh51HaS3cW6R8Tbq5vq +PBpU1sXVSRyBK1iqH8DoBH8O5f0a1Tf4vI8k36j/pS3UWZW5T+2Kj9U= +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain10.crt b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain10.crt new file mode 100644 index 0000000..12a7b64 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain10.crt @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 55 (0x37) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 9 + Validity + Not Before: Mar 24 07:09:56 2009 GMT + Not After : Mar 24 07:09:56 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 10 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:da:7a:ea:e9:4d:f1:46:ae:bd:f9:0c:81:de:fd: + f4:cf:13:fc:74:54:1b:f7:fb:d3:b0:f6:ae:32:fe: + 17:0d:df:91:e2:77:c7:b7:64:8b:53:48:b2:50:c6: + 10:d3:4d:c2:c2:9e:53:d1:af:3b:fe:d0:c3:64:bf: + 95:48:a3:5e:85:29:f7:c3:19:4c:54:09:7a:42:81: + bc:b9:f0:63:eb:0a:90:3c:9d:fa:25:b8:ee:80:50: + c1:b9:c2:8d:28:eb:a4:1b:88:b5:2f:0c:30:04:8c: + 97:a8:a9:9a:27:7c:5a:79:03:49:fc:ec:81:39:61: + 1c:52:9b:97:9a:f0:54:db:2f + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 81:7f:37:9d:a6:8f:7d:f1:03:b0:78:a3:44:7e:c1:31:27:f0: + 73:51:eb:55:76:3f:1b:a5:59:0f:5b:ab:2f:ff:72:9d:8a:46: + af:30:a4:c1:6a:25:1c:04:b9:22:14:b8:39:52:f1:4f:f0:24: + eb:f0:5f:62:79:24:c2:ec:84:92:87:5d:9c:05:87:e8:b1:71: + a7:30:fc:03:2d:9f:c5:3b:7c:58:7e:7a:86:75:50:ad:14:5e: + f9:69:c4:49:1e:58:33:da:5f:eb:bc:c5:ac:10:2a:dd:3c:87: + 1c:0f:aa:37:93:c0:68:4c:3d:b4:0c:30:78:63:af:8a:f4:80: + e8:8e +-----BEGIN CERTIFICATE----- +MIICUTCCAbqgAwIBAgIBNzANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG +A1UEAxMMQ2VydCBDaGFpbiA5MB4XDTA5MDMyNDA3MDk1NloXDTEwMDMyNDA3MDk1 +NlowUjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xFjAUBgNVBAMTDUNlcnQgQ2hhaW4gMTAwgZ8wDQYJKoZI +hvcNAQEBBQADgY0AMIGJAoGBANp66ulN8UauvfkMgd799M8T/HRUG/f707D2rjL+ +Fw3fkeJ3x7dki1NIslDGENNNwsKeU9GvO/7Qw2S/lUijXoUp98MZTFQJekKBvLnw +Y+sKkDyd+iW47oBQwbnCjSjrpBuItS8MMASMl6ipmid8WnkDSfzsgTlhHFKbl5rw +VNsvAgMBAAGjODA2MDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDov +LzEyNy4wLjAuMTo4OS8wMDAyMA0GCSqGSIb3DQEBBQUAA4GBAIF/N52mj33xA7B4 +o0R+wTEn8HNR61V2PxulWQ9bqy//cp2KRq8wpMFqJRwEuSIUuDlS8U/wJOvwX2J5 +JMLshJKHXZwFh+ixcacw/AMtn8U7fFh+eoZ1UK0UXvlpxEkeWDPaX+u8xawQKt08 +hxwPqjeTwGhMPbQMMHhjr4r0gOiO +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain10.key b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain10.key new file mode 100644 index 0000000..0cb0874 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain10.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQDaeurpTfFGrr35DIHe/fTPE/x0VBv3+9Ow9q4y/hcN35Hid8e3 +ZItTSLJQxhDTTcLCnlPRrzv+0MNkv5VIo16FKffDGUxUCXpCgby58GPrCpA8nfol +uO6AUMG5wo0o66QbiLUvDDAEjJeoqZonfFp5A0n87IE5YRxSm5ea8FTbLwIDAQAB +AoGBALyImbKeifi+zjzeKCwv5lPUIWSZOFF0xKbPGF/0mBxms1NEndmKMBi8gPPn +F5ngXpLnYdluaE1qBVMpaD94ixSyDPpma813+TpeuTiyBsTDEWuBmRFkqNLP/G4d +r6t5QI70416sfeMoDHwLygrFAGhQ+Kd1E7PtuSP+zcEWhK2BAkEA+FPGot/RW5Nv +geG7v5FlU2Qu/uJHbR4f7yVbHopYh94ulJM3EyLvqbzNguS9RztcdQxt18IBoRLu +Q1a5bdhrIQJBAOE7DnRG/n5AQpmAMObQaMp9sXafVly3KltLiEkJEImGdgg2H43y +tf+1mfBoFpGF7tI574bprFT+p/IpG4D+TE8CQFWhVeK+OUxRx+bKt1o0wfMCne4I +i0bGV464m/YpEKQxanCTXy97IZevYlKbm+VfQ9+c3JfE75jilUSlOCX3teECQQDb +l1CIXY9SWCSWtDz5TMheZB3ZoY/55TsOt52wV34gF1CMwPgS1UhMfyoPEeyvBP3L +SWEXEExMsdvcZefC5CxRAkEArkFcrJ8KTJii0neLhFi1UkuKdoGxeVx9TGikV/fr +wXVLTrG/SyVKjWH+qMyN4B1i23MQsdBtnL6e1+q4tXcwTQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain2.crl b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain2.crl new file mode 100644 index 0000000..0549c81 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain2.crl @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD +VQQDEwxDZXJ0IENoYWluIDIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANte +pqtg84X2DQcXjK5SeBN1IYzTSiDRDYriNJX/0jEp52LprM5ept33oDjzlrIkBrbI +xgZXuvDwaQh6wb+HywYrevyBJjaBRgSbmR8fDjYFr33yV/smHaWjW69wHW9VK9bf +O91LUR4XpomUXhacCP3ZXB6tefFbQsI3WXPZ5bVlAgMBAAGgADANBgkqhkiG9w0B +AQUFAAOBgQBp9/rm/8Gr74HMFqeYZLcW8UuIi3hykrWlQCCLPgTl8eWc7gYRBVQ+ +cbvSj06cpf0oKivPVfHWTj40e+wG4pWD3czl3KlGpRqPNRM6AzwkRWHZEzlyQ82n +l3URQ1VRDeuXNhJxUM632NDKFmKK7vil2vjOguLYFTuJhKnHahaLYw== +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain2.crt b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain2.crt new file mode 100644 index 0000000..13cb5c9 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain2.crt @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 47 (0x2f) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 1 + Validity + Not Before: Mar 24 07:09:44 2009 GMT + Not After : Mar 24 07:09:44 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 2 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:db:5e:a6:ab:60:f3:85:f6:0d:07:17:8c:ae:52: + 78:13:75:21:8c:d3:4a:20:d1:0d:8a:e2:34:95:ff: + d2:31:29:e7:62:e9:ac:ce:5e:a6:dd:f7:a0:38:f3: + 96:b2:24:06:b6:c8:c6:06:57:ba:f0:f0:69:08:7a: + c1:bf:87:cb:06:2b:7a:fc:81:26:36:81:46:04:9b: + 99:1f:1f:0e:36:05:af:7d:f2:57:fb:26:1d:a5:a3: + 5b:af:70:1d:6f:55:2b:d6:df:3b:dd:4b:51:1e:17: + a6:89:94:5e:16:9c:08:fd:d9:5c:1e:ad:79:f1:5b: + 42:c2:37:59:73:d9:e5:b5:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + c1:6c:a1:95:34:3e:32:74:35:1a:cb:76:24:cb:1b:e2:a0:ff: + 6a:78:ef:8d:7f:dd:40:3f:39:85:aa:19:a9:e5:ce:ca:c4:2d: + b8:6c:6d:d4:e9:b1:a2:45:94:16:d7:8b:23:3a:d3:7f:6d:b0: + 8a:7c:ed:2e:6c:e3:ba:dc:3c:25:4b:13:f4:28:a4:f9:87:b4: + 69:b5:51:4d:da:d4:7e:9e:0f:99:6e:1a:5a:5f:b5:dc:f2:7b: + d5:8f:57:39:61:e3:a8:2e:bc:8a:b7:9d:d3:21:58:81:12:b9: + e5:bc:b9:fc:bd:39:2d:e8:8b:c0:49:bc:ba:16:ee:43:58:d9: + 93:82 +-----BEGIN CERTIFICATE----- +MIICUDCCAbmgAwIBAgIBLzANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG +A1UEAxMMQ2VydCBDaGFpbiAxMB4XDTA5MDMyNDA3MDk0NFoXDTEwMDMyNDA3MDk0 +NFowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gMjCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEA216mq2DzhfYNBxeMrlJ4E3UhjNNKINENiuI0lf/S +MSnnYumszl6m3fegOPOWsiQGtsjGBle68PBpCHrBv4fLBit6/IEmNoFGBJuZHx8O +NgWvffJX+yYdpaNbr3Adb1Ur1t873UtRHhemiZReFpwI/dlcHq158VtCwjdZc9nl +tWUCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v +MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAwWyhlTQ+MnQ1Gst2 +JMsb4qD/anjvjX/dQD85haoZqeXOysQtuGxt1OmxokWUFteLIzrTf22winztLmzj +utw8JUsT9Cik+Ye0abVRTdrUfp4PmW4aWl+13PJ71Y9XOWHjqC68ired0yFYgRK5 +5by5/L05LeiLwEm8uhbuQ1jZk4I= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain2.key b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain2.key new file mode 100644 index 0000000..898f118 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain2.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQDbXqarYPOF9g0HF4yuUngTdSGM00og0Q2K4jSV/9IxKedi6azO +Xqbd96A485ayJAa2yMYGV7rw8GkIesG/h8sGK3r8gSY2gUYEm5kfHw42Ba998lf7 +Jh2lo1uvcB1vVSvW3zvdS1EeF6aJlF4WnAj92VwerXnxW0LCN1lz2eW1ZQIDAQAB +AoGAfGJmzrXiXwrsyCCqPA222BGKPHdxiLoAm8c3WfX8ELRZ5tPoj/tLUoCd8Kzt +vYR/6hRddCs6bHNkmtJAGYG9s20fU7o6TrFJd/l4qjYVNl9cxKaWoMXN3xmANrFD +3ZiXOotSQrNCqJdllg6AvezCNRL1yDGppWXAL7TM2OGxTAECQQDwYJPFSid+CMR3 +fQTvQBsmdsrUSHaDIENMYHAfq2BqWYIkNRL2PHmhfiQ5yepi1MzQ2clq+2Gbvl8K +zmMkiEcFAkEA6aCMYZkXCM33+lRnBd447qGpj0uYgH+VGmq9WPhugfag/UtdVfsL +H3pBnMcfLctot4dFgFGKaAOpMDRVVZBC4QJABQwCDkJgUeUdOuUFFYDjEQutdoeO +9XHX9+KOeBvBCnqWoOv8We8rHpjnac8zfJ+7LSdlczmT8xEsLa3npvy1gQJAXaBR +oetQJ98jOdcJUni0KC3xXdPV0elPP773Eui8oKjN67SAOyzYUE0WblX+UMPru2Ei +oUIMTZLqAr92U0v1AQJAchSMGsAOQ113Ck4O5AWOkegz9EZFkCs9g1kmNxBmLVtv +11Jw1oMbJG+03OnXyf55zRroTCXqqt8GZUSQrVOg9A== +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain3.crl b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain3.crl new file mode 100644 index 0000000..e473395 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain3.crl @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD +VQQDEwxDZXJ0IENoYWluIDMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMY9 +x+UPx1koqrb8XtANlW3fjIJCbe+prVGsc8HhCqGOgG6sCjVVYT1EMkbZ9wNLMbDi +orP4kUvjXB1c4EhRUZoGQRriTEVcwCqGRETOAQJW5ptLjV5Jp/lAGwCTkdYuJJ8f +BFnraFH+dLoSsLh9e8KV/6an/d6KoWn7gIWlpkNPAgMBAAGgADANBgkqhkiG9w0B +AQUFAAOBgQBj+KktKrbneMSXk1AqRHqT1CyMjwgWmHsEkzsvey/hitowV7vypOGh +WjBwRJ1SrjZcn54Z+70CcM1Nv4qwSMOK3HhidwAH203CCAgMQoGmH9qYnQ2fbMgr +DuwIQJbr0Gvm2zvz5Xrvj78OrnhX/X3YjWLtVhh1XeoUCTo8HVrgaA== +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain3.crt b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain3.crt new file mode 100644 index 0000000..96152fc --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain3.crt @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 48 (0x30) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 2 + Validity + Not Before: Mar 24 07:09:46 2009 GMT + Not After : Mar 24 07:09:46 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 3 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c6:3d:c7:e5:0f:c7:59:28:aa:b6:fc:5e:d0:0d: + 95:6d:df:8c:82:42:6d:ef:a9:ad:51:ac:73:c1:e1: + 0a:a1:8e:80:6e:ac:0a:35:55:61:3d:44:32:46:d9: + f7:03:4b:31:b0:e2:a2:b3:f8:91:4b:e3:5c:1d:5c: + e0:48:51:51:9a:06:41:1a:e2:4c:45:5c:c0:2a:86: + 44:44:ce:01:02:56:e6:9b:4b:8d:5e:49:a7:f9:40: + 1b:00:93:91:d6:2e:24:9f:1f:04:59:eb:68:51:fe: + 74:ba:12:b0:b8:7d:7b:c2:95:ff:a6:a7:fd:de:8a: + a1:69:fb:80:85:a5:a6:43:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 87:26:72:c1:5b:e8:04:3a:3f:c5:65:24:17:7a:e5:40:67:f3: + 1e:cd:91:0c:75:bd:aa:14:61:d1:1a:2c:d7:11:21:bb:a3:70: + 92:54:e5:3d:30:d1:b5:50:73:72:1b:72:e8:47:b0:af:a9:85: + f5:e4:d5:53:d5:db:4d:88:48:00:4c:69:32:ab:f2:a8:d0:57: + 90:c6:24:fc:7b:77:de:6c:dd:c5:c9:6e:5b:21:15:73:4d:4d: + f7:a3:ca:31:60:84:24:e9:4d:21:fc:88:ce:13:99:35:76:4c: + e7:26:47:43:a7:eb:79:bd:7e:aa:80:48:ad:5c:46:ae:ab:74: + 9e:29 +-----BEGIN CERTIFICATE----- +MIICUDCCAbmgAwIBAgIBMDANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG +A1UEAxMMQ2VydCBDaGFpbiAyMB4XDTA5MDMyNDA3MDk0NloXDTEwMDMyNDA3MDk0 +NlowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gMzCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEAxj3H5Q/HWSiqtvxe0A2Vbd+MgkJt76mtUaxzweEK +oY6AbqwKNVVhPUQyRtn3A0sxsOKis/iRS+NcHVzgSFFRmgZBGuJMRVzAKoZERM4B +Albmm0uNXkmn+UAbAJOR1i4knx8EWetoUf50uhKwuH17wpX/pqf93oqhafuAhaWm +Q08CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v +MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAhyZywVvoBDo/xWUk +F3rlQGfzHs2RDHW9qhRh0Ros1xEhu6NwklTlPTDRtVBzchty6Eewr6mF9eTVU9Xb +TYhIAExpMqvyqNBXkMYk/Ht33mzdxcluWyEVc01N96PKMWCEJOlNIfyIzhOZNXZM +5yZHQ6freb1+qoBIrVxGrqt0nik= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain3.key b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain3.key new file mode 100644 index 0000000..8deae87 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain3.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDGPcflD8dZKKq2/F7QDZVt34yCQm3vqa1RrHPB4QqhjoBurAo1 +VWE9RDJG2fcDSzGw4qKz+JFL41wdXOBIUVGaBkEa4kxFXMAqhkREzgECVuabS41e +Saf5QBsAk5HWLiSfHwRZ62hR/nS6ErC4fXvClf+mp/3eiqFp+4CFpaZDTwIDAQAB +AoGBAIJPyj7AiIILQWzXqFuLElcPRAW8NRf9qXiuq8kebSaVzcbyQCOe5DSpx4Lb +dIwtuZRU5i73jkscQUjr7GKdUc2NHvCDQzjnk7S5uu8NFiHXqVXDJxHwAZI0svzD +vFilu2E3r9Wj7dZa7l4uSEXLyagdwo0bD2xcrdwnyu5qLTuBAkEA7CUIGOEAK7ly +Xweti+/fnni6cznMmWi1DDeM39GtbxHI3oPa2d7Ddkn5ZWRtFbIepLWi5+k6Xzpz +fkCaA3js9wJBANbo4y/L/QKNhASI70DlKwFiJr+4RmQ1739l2BDHW+8crw+sM3VZ +exVtHHKw6U6wqLMvzaojVZwnEJo05uWQ/mkCQGU7jtgThN45ttUUVoq5/3RRLyT8 +b0CIyax+F+9PVPlbd3AkuGpT/Bk2pyqXPchiPo6/qyGeMz7lsOM70IqSiYsCQGUU +6u6rSpityT98zNPANmcTLFiWqv0tZTWNyH+z1Sj1W93KR/XVHZBpXq0PSt1JOD/3 +pwt0TSsCMMvnQAcQGKkCQCXU5eHdRmhCp9Eei5+fI+XUhBLkqzyrqlK1NVijgXTE +kSXhaQWG9iLDDNgSkO6ofCPOTwcfIteXnc1OjGB/0Jk= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain4.crl b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain4.crl new file mode 100644 index 0000000..e0cfc75 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain4.crl @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD +VQQDEwxDZXJ0IENoYWluIDQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALoF +MPZlb8bkVABxHIVsXlpCZ99m4qNpvoXZhMCLG71N8u/fAdNlM/lmmgh54SFuiuY8 +3JbyQ+kyaJ0GBtf8+9LaWBaBGczXQyD0hcEDmzTAbHqhGV1PQYz7dH1Mhshv+fLI +1DjMwEQLwLANSCssxp+SIS2A3Uu92uJ9rfVdp6V/AgMBAAGgADANBgkqhkiG9w0B +AQUFAAOBgQCDwFPg48L29Vm880XqQ9ngfj9ylWk3wbW4SFnSNVRoC7g476/dNg7R +lMyuzHOGYWPQUDUBB9hrlIgOo11jihD3VMVSZRfz4U/+yPq6AU6J5QB8p8ibz5gE +sjyUHkuc9lwniTtZvqbVuvXM73UlqQJ3Y5OCW1nrAE5eoaH9Zr7ifg== +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain4.crt b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain4.crt new file mode 100644 index 0000000..c13a05c --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain4.crt @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 49 (0x31) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 3 + Validity + Not Before: Mar 24 07:09:47 2009 GMT + Not After : Mar 24 07:09:47 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 4 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:ba:05:30:f6:65:6f:c6:e4:54:00:71:1c:85:6c: + 5e:5a:42:67:df:66:e2:a3:69:be:85:d9:84:c0:8b: + 1b:bd:4d:f2:ef:df:01:d3:65:33:f9:66:9a:08:79: + e1:21:6e:8a:e6:3c:dc:96:f2:43:e9:32:68:9d:06: + 06:d7:fc:fb:d2:da:58:16:81:19:cc:d7:43:20:f4: + 85:c1:03:9b:34:c0:6c:7a:a1:19:5d:4f:41:8c:fb: + 74:7d:4c:86:c8:6f:f9:f2:c8:d4:38:cc:c0:44:0b: + c0:b0:0d:48:2b:2c:c6:9f:92:21:2d:80:dd:4b:bd: + da:e2:7d:ad:f5:5d:a7:a5:7f + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + b6:bc:69:88:2c:7a:dd:69:8b:90:cf:a8:ec:33:db:ad:10:06: + ad:d2:94:ee:cf:d3:33:97:ac:60:38:e0:5a:a4:7b:d0:ca:a7: + 5c:19:be:93:1c:61:85:14:08:f0:35:44:99:d4:7e:b0:fb:be: + 4e:5c:18:a9:b9:b5:9a:91:4e:d1:e1:44:8d:ec:ca:4e:eb:6e: + 17:27:76:0d:57:ad:cf:32:e4:a5:bc:b6:ad:22:e5:27:6d:11: + 81:4d:4c:09:14:ea:11:7c:81:14:5e:fb:95:4d:f3:1d:5d:d0: + f9:b6:45:e7:c5:c6:40:21:64:60:2e:71:1f:32:dc:21:fe:5c: + 45:da +-----BEGIN CERTIFICATE----- +MIICUDCCAbmgAwIBAgIBMTANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG +A1UEAxMMQ2VydCBDaGFpbiAzMB4XDTA5MDMyNDA3MDk0N1oXDTEwMDMyNDA3MDk0 +N1owUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gNDCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEAugUw9mVvxuRUAHEchWxeWkJn32bio2m+hdmEwIsb +vU3y798B02Uz+WaaCHnhIW6K5jzclvJD6TJonQYG1/z70tpYFoEZzNdDIPSFwQOb +NMBseqEZXU9BjPt0fUyGyG/58sjUOMzARAvAsA1IKyzGn5IhLYDdS73a4n2t9V2n +pX8CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v +MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAtrxpiCx63WmLkM+o +7DPbrRAGrdKU7s/TM5esYDjgWqR70MqnXBm+kxxhhRQI8DVEmdR+sPu+TlwYqbm1 +mpFO0eFEjezKTutuFyd2DVetzzLkpby2rSLlJ20RgU1MCRTqEXyBFF77lU3zHV3Q ++bZF58XGQCFkYC5xHzLcIf5cRdo= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain4.key b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain4.key new file mode 100644 index 0000000..7e246a9 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain4.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQC6BTD2ZW/G5FQAcRyFbF5aQmffZuKjab6F2YTAixu9TfLv3wHT +ZTP5ZpoIeeEhbormPNyW8kPpMmidBgbX/PvS2lgWgRnM10Mg9IXBA5s0wGx6oRld +T0GM+3R9TIbIb/nyyNQ4zMBEC8CwDUgrLMafkiEtgN1Lvdrifa31XaelfwIDAQAB +AoGAV3w1iMwwA5RCxWptBXrv7PcqLvEOSdhjmEOyoXNK+n78cD+rdiY0iWjtrGrV +rIl2nc2l2P/bXIMunBrHgTEjpTtQQIr1n8xqCJeyLXaVaCi2rjLYSdvxC+lABoMc +/+pODEWl1VJdEckXg9w8Jr7VY0toc3zeKbsZJuGr2O559xECQQDiYqx/fFhMb6tN ++/LkhLCCgeHbURSW7UABiOocNE2crznHfZcWSD04GLH/UgwhP3RJ6CHcOtmXSD11 +ZQkNugZ9AkEA0lq+2QxhcFDAeJWfeFFZLw8I67xRY6tlZIiOQyWnRFVh6eHPvduU +BfYxBU6FA9G0MAWgGxgZqtOLxqnQIuuQqwJBALlnSJCsHICVH/2hLv66MPjhOEDu +uWcV7MqU/+6TY1DELRTVJWzJQuHzT6uj3W1JU4rHwxtjUxrTvgmr8ms8g90CQCGE +2kJlyaUHCRRt6yJV/BsWjzpZILL8HcT+SYUDm/q0jEyjceHz+ktU5ozM7T8ljEvW +qaOHnJdu7Cf06TiXRs8CQGMP4OjEfVMq+JxG5puFaa8e1fbSjiTP4EsUgRcE1Bzj +UqT7VwOrJZXFTYK7Z9ZyG7z03WpVeucertzdRNNby9A= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain5.crl b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain5.crl new file mode 100644 index 0000000..f49d3a7 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain5.crl @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD +VQQDEwxDZXJ0IENoYWluIDUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK9m +4MEu+XXtCyezOskdnzkh+RTuHKTuw/AkpsdD3fkD0EQB5RnpeyZlPD09mrlpKgBG +DssgmMadN34MkKbXsFQrS/M+mxkzoTTrYuO5u/7MyjrZ/HEKZe8w8/QbVfCLuRLY +UCUlrF1jn9HFIfJaBLEqNKASYA+KPquih+Vb1ki/AgMBAAGgADANBgkqhkiG9w0B +AQUFAAOBgQBOhSWuteVBcr9zMnKrrNFAGKZJ4TBgqfPP5zjIoDnk8vE+7B0gUot3 +sp+sUkA03izQ5Ctx8Rdd9D4P752f2XEk+lEftnOokLcZu6EXgVtYh1aHqTFqyzK+ +3Ap/3yYmdC0KBbzIF7fDS/vTGJLlkEu5WpswNxfEvPEs7z9T6hdtXg== +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain5.crt b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain5.crt new file mode 100644 index 0000000..c5549bf --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain5.crt @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 50 (0x32) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 4 + Validity + Not Before: Mar 24 07:09:48 2009 GMT + Not After : Mar 24 07:09:48 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 5 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:af:66:e0:c1:2e:f9:75:ed:0b:27:b3:3a:c9:1d: + 9f:39:21:f9:14:ee:1c:a4:ee:c3:f0:24:a6:c7:43: + dd:f9:03:d0:44:01:e5:19:e9:7b:26:65:3c:3d:3d: + 9a:b9:69:2a:00:46:0e:cb:20:98:c6:9d:37:7e:0c: + 90:a6:d7:b0:54:2b:4b:f3:3e:9b:19:33:a1:34:eb: + 62:e3:b9:bb:fe:cc:ca:3a:d9:fc:71:0a:65:ef:30: + f3:f4:1b:55:f0:8b:b9:12:d8:50:25:25:ac:5d:63: + 9f:d1:c5:21:f2:5a:04:b1:2a:34:a0:12:60:0f:8a: + 3e:ab:a2:87:e5:5b:d6:48:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 9f:b3:eb:f1:0b:e7:fa:c3:f0:6a:3b:ba:67:c3:ae:48:51:63: + 2c:7a:b9:c7:cd:d9:92:46:75:40:a5:a2:d6:ba:8e:a1:cb:c7: + fd:5d:98:f7:2a:e5:0a:06:49:42:8a:e0:09:b1:eb:18:9c:c9: + 1b:e5:d1:4f:a0:0a:a6:14:68:54:7a:b7:9b:f6:44:c5:d8:a1: + 21:99:c9:49:db:64:a5:53:48:5f:b6:d3:ba:fa:73:67:10:10: + 5e:12:45:f8:27:a8:e0:fb:7c:16:73:fb:98:e1:3e:35:f3:de: + 7c:b7:1c:42:2d:d2:9b:8e:03:f5:5f:c7:2f:51:b1:ff:73:45: + d2:70 +-----BEGIN CERTIFICATE----- +MIICUDCCAbmgAwIBAgIBMjANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG +A1UEAxMMQ2VydCBDaGFpbiA0MB4XDTA5MDMyNDA3MDk0OFoXDTEwMDMyNDA3MDk0 +OFowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gNTCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEAr2bgwS75de0LJ7M6yR2fOSH5FO4cpO7D8CSmx0Pd ++QPQRAHlGel7JmU8PT2auWkqAEYOyyCYxp03fgyQptewVCtL8z6bGTOhNOti47m7 +/szKOtn8cQpl7zDz9BtV8Iu5EthQJSWsXWOf0cUh8loEsSo0oBJgD4o+q6KH5VvW +SL8CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v +MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAn7Pr8Qvn+sPwaju6 +Z8OuSFFjLHq5x83ZkkZ1QKWi1rqOocvH/V2Y9yrlCgZJQorgCbHrGJzJG+XRT6AK +phRoVHq3m/ZExdihIZnJSdtkpVNIX7bTuvpzZxAQXhJF+Ceo4Pt8FnP7mOE+NfPe +fLccQi3Sm44D9V/HL1Gx/3NF0nA= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain5.key b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain5.key new file mode 100644 index 0000000..756db4d --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain5.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQCvZuDBLvl17QsnszrJHZ85IfkU7hyk7sPwJKbHQ935A9BEAeUZ +6XsmZTw9PZq5aSoARg7LIJjGnTd+DJCm17BUK0vzPpsZM6E062Ljubv+zMo62fxx +CmXvMPP0G1Xwi7kS2FAlJaxdY5/RxSHyWgSxKjSgEmAPij6rooflW9ZIvwIDAQAB +AoGAUnAV3nYHhSdeANC6JmAnv6B6Ax5OlC4sJSf0wt7g6vKh5fTGCsGzwb3+7AGS +QOZueSZ0OYAejerCdBnPurrRAlZLifGptbvinAu9lRDpmaF2HUmQa4Dc0c+Y1Roa +pzWnPzMWlBrhmWqmK/DwZNJ+Vusufv3yO8epjsOGCgUVUiECQQDnRPDf0KyJlzC5 +Xc9Dc3/pdn0D6La3IChyLiPo10rg5dBN/mTCnlPxnvauiTQkyPS7j+2n2oUKwcEE +jVuwKf/ZAkEAwiiNEsejDkTLHIwDVkNa14+Glh3s0Ct5ajFv1HslQesKElMnjKVy +ab7YAQBij9Ty24p3K6mdGWY5Nwe02JNGVwJBAK++OfU61AJyu/oBCaHOQWOeQP4Z +d8/NRi8OVQd5o1MoEJVUPimOu2efTwHvDYruktt9UjH94p/8ALt+2DAUmnECQQCw +EyhEdKlJYle0DsFj9Hcob2+FKaQ98H8OL8ETt43FJsqebay7HrsQbNLkrZ20hFCt +ifeisBHZG9wdLK7zjTPHAkEAnGsXnM+YYDlm4OwChrpq0qcuud5uOgx4RuCniEol +mij1xTDGrJGLEBkFhZ+KwOLoaM8m7javKXQejqTeE6E8Fg== +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain6.crl b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain6.crl new file mode 100644 index 0000000..290f526 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain6.crl @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD +VQQDEwxDZXJ0IENoYWluIDYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM4S +INEUYAFHqkxmG0xPhy/sr/wRQb3ZmHq44d1Z0MCeQNK3i8eKZeoNDDbx5kVh3G8I +J2LQeBsmcdT+C5/qhhtDxwjWxetbEcmLg46nBQ1cbM6rcOB9BeoGOfmMlFZWN2Kz +GHe94VtToQdNx8zGTC7vqoMZtazjcisNcnoKyoFvAgMBAAGgADANBgkqhkiG9w0B +AQUFAAOBgQAU4t4likO62t1Pvrg9g4o/bx9Z7ccdQyJSF3dG+gL1dJs71aas8hBV +Z5tnuuX0VIw8Ze7pSqCltNJb1OKYT6XNrxipTWbqrJURVyLHXOPJiq7O3+Ug/8qP +a155z1LbEabXHPjDzCZ3TXplWDgfEGfa3iA2DOQsxZlrRdqrcrskeA== +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain6.crt b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain6.crt new file mode 100644 index 0000000..08c010b --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain6.crt @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 51 (0x33) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 5 + Validity + Not Before: Mar 24 07:09:51 2009 GMT + Not After : Mar 24 07:09:51 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 6 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:ce:12:20:d1:14:60:01:47:aa:4c:66:1b:4c:4f: + 87:2f:ec:af:fc:11:41:bd:d9:98:7a:b8:e1:dd:59: + d0:c0:9e:40:d2:b7:8b:c7:8a:65:ea:0d:0c:36:f1: + e6:45:61:dc:6f:08:27:62:d0:78:1b:26:71:d4:fe: + 0b:9f:ea:86:1b:43:c7:08:d6:c5:eb:5b:11:c9:8b: + 83:8e:a7:05:0d:5c:6c:ce:ab:70:e0:7d:05:ea:06: + 39:f9:8c:94:56:56:37:62:b3:18:77:bd:e1:5b:53: + a1:07:4d:c7:cc:c6:4c:2e:ef:aa:83:19:b5:ac:e3: + 72:2b:0d:72:7a:0a:ca:81:6f + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 47:f3:03:ee:f0:fe:31:bb:01:47:ca:0e:69:65:a2:f8:4a:6f: + ca:6c:86:80:42:e3:87:49:22:b9:15:f0:da:b6:ca:d9:8b:7f: + f9:38:c0:72:d0:d1:b3:44:8d:95:5e:ab:e7:ad:37:34:ba:8b: + 2f:11:64:b5:20:09:70:fe:cf:6d:3e:d3:7f:f7:f1:ae:31:74: + aa:ae:a7:0b:65:4e:e0:0b:80:87:25:d0:0c:bc:db:f5:ac:0c: + 18:8e:4b:c2:42:88:e6:29:4f:2e:6e:df:72:f4:2f:27:39:b8: + e4:dc:64:1a:d7:c8:f3:f8:42:53:60:53:24:d7:38:75:50:bc: + d1:30 +-----BEGIN CERTIFICATE----- +MIICUDCCAbmgAwIBAgIBMzANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG +A1UEAxMMQ2VydCBDaGFpbiA1MB4XDTA5MDMyNDA3MDk1MVoXDTEwMDMyNDA3MDk1 +MVowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gNjCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEAzhIg0RRgAUeqTGYbTE+HL+yv/BFBvdmYerjh3VnQ +wJ5A0reLx4pl6g0MNvHmRWHcbwgnYtB4GyZx1P4Ln+qGG0PHCNbF61sRyYuDjqcF +DVxszqtw4H0F6gY5+YyUVlY3YrMYd73hW1OhB03HzMZMLu+qgxm1rONyKw1yegrK +gW8CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v +MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAR/MD7vD+MbsBR8oO +aWWi+EpvymyGgELjh0kiuRXw2rbK2Yt/+TjActDRs0SNlV6r5603NLqLLxFktSAJ +cP7PbT7Tf/fxrjF0qq6nC2VO4AuAhyXQDLzb9awMGI5LwkKI5ilPLm7fcvQvJzm4 +5NxkGtfI8/hCU2BTJNc4dVC80TA= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain6.key b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain6.key new file mode 100644 index 0000000..db255f5 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain6.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDOEiDRFGABR6pMZhtMT4cv7K/8EUG92Zh6uOHdWdDAnkDSt4vH +imXqDQw28eZFYdxvCCdi0HgbJnHU/guf6oYbQ8cI1sXrWxHJi4OOpwUNXGzOq3Dg +fQXqBjn5jJRWVjdisxh3veFbU6EHTcfMxkwu76qDGbWs43IrDXJ6CsqBbwIDAQAB +AoGAWzE2iI/ltGtMd6av6eM/xfuOHZRdbXB/w79RZK08biEaOqWzG8ipNRw1DZOa +/ZVDAXewRlBO9mTa9xC9gDU+xsKywipWyRPnv5Yy7qfT+NP/JZCvwlL7qhqtHXzt +KPpJ5GRxcJ+o05CartwA7fCXdv9T/qF02O2nZxCIYOpFRwECQQDqMoXwT37xvE5/ +/efvGAlBQGCj02YdjBxWRwx5iq1HeU5H4tqTKrfUWyI1m3cZFXUzjz0iH/SoK2jL +7IwMwl9BAkEA4UFIcDVADwJMuLPqKuIDB49rXY+BO9mno9hfgcZ4Y/fWZcF+lJtR +Mw8H+PsCkObu603wxiQGWIsyZPorDTZkrwJAU7S7Kqk/NieX5ydZPpvYsvnPkL5+ +QRFTD4NVchue020IDamHdhJOohfwojhu2QhSW5tWvlutlm3thvWFGQpgAQJBAIHz +uMfLYM6H5B025qSgyWCmNCnA7azKr/VNkiP7jV8XD2CbFdzEEj9jr5TLszpHkJS9 +3WdiRyrz+znYPdgchk8CQQCzC1Z/NbGXu7H/OjsMD6SNgpZDmqctdXjn6jKjZr7c +vtyoo2WkJtkREWzWPd+pEDxJCsAuxMCtVifJYLkMCa+w +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain7.crl b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain7.crl new file mode 100644 index 0000000..82ced09 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain7.crl @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD +VQQDEwxDZXJ0IENoYWluIDcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANXC +GPP8CjxO9yvG/R/XE7s1dG7KXasJZyHQ7afomX55UrgyPStfG3gOqiu25wPs9X60 +VDuH2QIex+YEzyd7NuYvjo6U91vGblEs3hfaBEXqMdCVxFA8Fo4hx/AOtYbIWEim +DU2ipoyBemeJQ1YcyuNpiggFV7dtA8IEr3th7oQnAgMBAAGgADANBgkqhkiG9w0B +AQUFAAOBgQCkBxeKgQYEaocFnvlHiM94YS7cJB31E8mnIinvB+HgxdkPxgxwMD70 +iq/EcsRXOLVk07i5C5jJ0kygnBhDnIUooTlRf9dNa8yzqlJrnbsU9bkF7d0KziBu +iFxR4uNjdPPVYg8Ah4V96DjivKlsLotpOMS7cbhOaCT7YG8hH8YXpw== +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain7.crt b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain7.crt new file mode 100644 index 0000000..f07ee6c --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain7.crt @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 52 (0x34) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 6 + Validity + Not Before: Mar 24 07:09:53 2009 GMT + Not After : Mar 24 07:09:53 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 7 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:d5:c2:18:f3:fc:0a:3c:4e:f7:2b:c6:fd:1f:d7: + 13:bb:35:74:6e:ca:5d:ab:09:67:21:d0:ed:a7:e8: + 99:7e:79:52:b8:32:3d:2b:5f:1b:78:0e:aa:2b:b6: + e7:03:ec:f5:7e:b4:54:3b:87:d9:02:1e:c7:e6:04: + cf:27:7b:36:e6:2f:8e:8e:94:f7:5b:c6:6e:51:2c: + de:17:da:04:45:ea:31:d0:95:c4:50:3c:16:8e:21: + c7:f0:0e:b5:86:c8:58:48:a6:0d:4d:a2:a6:8c:81: + 7a:67:89:43:56:1c:ca:e3:69:8a:08:05:57:b7:6d: + 03:c2:04:af:7b:61:ee:84:27 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 49:e7:f8:dc:ad:06:43:cb:d8:67:e6:e7:c0:7e:dd:a8:21:cd: + b9:53:a8:d8:7a:24:df:dc:9c:bb:55:1d:d8:ca:44:0b:0f:fb: + f8:db:61:2a:97:79:21:e6:96:2a:8c:76:c4:eb:ad:77:45:53: + f5:e2:de:29:7d:29:88:3a:d4:a3:a8:5a:dc:37:24:43:d1:57: + a5:5b:0b:3e:05:2d:0a:1a:0e:18:37:50:cc:36:54:85:37:28: + 50:c8:61:c7:94:48:a0:60:ab:68:b0:b2:a8:61:14:5e:4a:dd: + 04:8a:1a:69:01:45:e2:c6:e2:cb:15:e6:01:49:98:3c:5a:5d: + 2a:d4 +-----BEGIN CERTIFICATE----- +MIICUDCCAbmgAwIBAgIBNDANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG +A1UEAxMMQ2VydCBDaGFpbiA2MB4XDTA5MDMyNDA3MDk1M1oXDTEwMDMyNDA3MDk1 +M1owUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gNzCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEA1cIY8/wKPE73K8b9H9cTuzV0bspdqwlnIdDtp+iZ +fnlSuDI9K18beA6qK7bnA+z1frRUO4fZAh7H5gTPJ3s25i+OjpT3W8ZuUSzeF9oE +Reox0JXEUDwWjiHH8A61hshYSKYNTaKmjIF6Z4lDVhzK42mKCAVXt20DwgSve2Hu +hCcCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v +MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEASef43K0GQ8vYZ+bn +wH7dqCHNuVOo2Hok39ycu1Ud2MpECw/7+NthKpd5IeaWKox2xOutd0VT9eLeKX0p +iDrUo6ha3DckQ9FXpVsLPgUtChoOGDdQzDZUhTcoUMhhx5RIoGCraLCyqGEUXkrd +BIoaaQFF4sbiyxXmAUmYPFpdKtQ= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain7.key b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain7.key new file mode 100644 index 0000000..fdffada --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain7.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQDVwhjz/Ao8Tvcrxv0f1xO7NXRuyl2rCWch0O2n6Jl+eVK4Mj0r +Xxt4DqortucD7PV+tFQ7h9kCHsfmBM8nezbmL46OlPdbxm5RLN4X2gRF6jHQlcRQ +PBaOIcfwDrWGyFhIpg1NoqaMgXpniUNWHMrjaYoIBVe3bQPCBK97Ye6EJwIDAQAB +AoGAb2ARplalcqTmTm4BB20F/94rS2qvgWWF0e3NVlZwW6CVRBoRGx8T7eseKWbE +WZxGkX0eAmKW5G7rUuMgmH6vrC2NjFBNvfMLPK3kVxhQVx3Rwu9nN2/u2olzBcMt +epGj0Yyu7kRHol/ld1+DmoBUOYb6BlOpDyGWdFFa4eW1IhECQQD8s/SXIMXIHBF8 +tUd7rPXm6e96php4M2jaY1ezB5MO7laNivcCioIHihWgEY+BrzuH8moeJbLL1TtJ +KhzysxmPAkEA2IwQYLVOCfKegG7yzgkbrrzwdWNi0i6P2LAl96kFWzf6DcUTuHun +GYGMv1yCMj/jzZ+k0VTMWETgJKRzFZUv6QJBAKlxYQgVCYlsiK0+QHhFOX1kTxfG +WOlQT3ZgNmXtJkZUueSe0ZH6ncXAaU+zdq5WeWxmt5EPZhwXFnGws0hpnzECQQCL +QIbHqc+lVf/XV4GMPQ8wLw/ybRb/UjHuhlfkCy0Gm9iRQkqMN/gcztJTvIl9BtjX +QfIbKwy9No1tAtN+7ZEBAkEA8T3mn9G2pTg/49iBP0TW1fJBsdacWj8ZK1D3egto +JR7qKqVyQTifeJpeATTX/vvuTu0ikbshLotT/UBGy8dBtw== +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain8.crl b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain8.crl new file mode 100644 index 0000000..c099c5f --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain8.crl @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD +VQQDEwxDZXJ0IENoYWluIDgwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOTg +xNyGAJRpsdWIcsjCUsBWYg72gKLvjmj52tmFAVkEXvf8Ixbc/y1SCoyBlvokHUuJ +YCwlGutOpiHFH1uH1mWM1+GiVWd+AXwohNcjVvT44ZykH3T+a8AUzP0Fe7r2sOP1 +fkbOcDlck0MB+K04pgxxYJ4LDb9CbNOeIUxV7XRzAgMBAAGgADANBgkqhkiG9w0B +AQUFAAOBgQC8LTrpUri6N2x1c8Dyrge+RTsYHP4XjtXX3tSx6A0I58t2MvoXBzPA +pnpu2X3Y14xxoGZc0zs12d32mnHmwHzH4iQpb0VvYWstrtX13sjMQc0M9K4M61Me +I3iWynn5mZbqAwZDEv57uXLJuzOmcMQ3BHe2bOpiVKUA3z7uDzR8vw== +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain8.crt b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain8.crt new file mode 100644 index 0000000..60073f6 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain8.crt @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 53 (0x35) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 7 + Validity + Not Before: Mar 24 07:09:54 2009 GMT + Not After : Mar 24 07:09:54 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 8 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:e4:e0:c4:dc:86:00:94:69:b1:d5:88:72:c8:c2: + 52:c0:56:62:0e:f6:80:a2:ef:8e:68:f9:da:d9:85: + 01:59:04:5e:f7:fc:23:16:dc:ff:2d:52:0a:8c:81: + 96:fa:24:1d:4b:89:60:2c:25:1a:eb:4e:a6:21:c5: + 1f:5b:87:d6:65:8c:d7:e1:a2:55:67:7e:01:7c:28: + 84:d7:23:56:f4:f8:e1:9c:a4:1f:74:fe:6b:c0:14: + cc:fd:05:7b:ba:f6:b0:e3:f5:7e:46:ce:70:39:5c: + 93:43:01:f8:ad:38:a6:0c:71:60:9e:0b:0d:bf:42: + 6c:d3:9e:21:4c:55:ed:74:73 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + be:aa:0c:d9:b6:cc:d6:e1:47:ca:cb:6a:36:5e:67:43:f6:8e: + ab:d9:2a:5c:9d:e0:74:f5:55:70:80:8e:2f:f8:16:4c:2d:4c: + 9c:94:80:6b:6b:c0:7a:e4:0f:f4:60:64:10:ba:93:f5:2a:39: + 0f:5f:06:8a:d4:75:5b:b2:c4:92:25:ad:21:fa:98:75:54:48: + b5:d6:80:c6:9d:96:af:bf:fd:f4:57:80:cf:03:5c:dc:2b:b3: + f6:a2:7a:8e:8d:a5:01:92:53:e4:b7:77:99:1b:71:04:97:66: + 57:a1:28:9d:3b:f8:ac:2e:15:18:17:2e:5d:0b:47:49:3b:65: + 88:fc +-----BEGIN CERTIFICATE----- +MIICUDCCAbmgAwIBAgIBNTANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG +A1UEAxMMQ2VydCBDaGFpbiA3MB4XDTA5MDMyNDA3MDk1NFoXDTEwMDMyNDA3MDk1 +NFowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gODCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEA5ODE3IYAlGmx1YhyyMJSwFZiDvaAou+OaPna2YUB +WQRe9/wjFtz/LVIKjIGW+iQdS4lgLCUa606mIcUfW4fWZYzX4aJVZ34BfCiE1yNW +9PjhnKQfdP5rwBTM/QV7uvaw4/V+Rs5wOVyTQwH4rTimDHFgngsNv0Js054hTFXt +dHMCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v +MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAvqoM2bbM1uFHystq +Nl5nQ/aOq9kqXJ3gdPVVcICOL/gWTC1MnJSAa2vAeuQP9GBkELqT9So5D18GitR1 +W7LEkiWtIfqYdVRItdaAxp2Wr7/99FeAzwNc3Cuz9qJ6jo2lAZJT5Ld3mRtxBJdm +V6EonTv4rC4VGBcuXQtHSTtliPw= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain8.key b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain8.key new file mode 100644 index 0000000..5982533 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain8.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDk4MTchgCUabHViHLIwlLAVmIO9oCi745o+drZhQFZBF73/CMW +3P8tUgqMgZb6JB1LiWAsJRrrTqYhxR9bh9ZljNfholVnfgF8KITXI1b0+OGcpB90 +/mvAFMz9BXu69rDj9X5GznA5XJNDAfitOKYMcWCeCw2/QmzTniFMVe10cwIDAQAB +AoGALlxlI/I0zds2/XTdI1NRZcpZpIRD/D0gEJ2DugnaAwkCn6LADNKJEcoLfviE +93g3QuS5yVdew4kz16VRO74hLCCjm7M++isvLhljozWAotBVfllQ8g9HcCuG551y +y2vTDbrKUfeNUELBd2DKjYMN4K3gJRzPcjh6eQvZ238fl8ECQQD6cRMUPzdKLwQp +dlTQ5dBeLJ14cn9zoFkBkgoF1JGXtDxhs+5elZQPS+skPoDy+ergjOMN8ixSaQ6T +FJ/X73STAkEA6fUtQ2x/Q+YJcoRr5EEKqtyEPIZEeACAzRdxps1PAI++vafjk3x2 +5v/pTcpAEMSRzjZtlQTqC+fkx2vMANDMoQJAMPx7IeO3meAWbVHDB1Vca39Ike27 +dk9v+XmqUjeg/s53XRkH0CJr4o4UAXPkXyJ5SdDk/K5Y8wmvmx9WoLMq1wJBAMKy +SX/Bq8tKhXQqpUrnocP9DYL8zb/70zRaHTeNxgAWn8pfDDFxs9WbBIG7HUOXAivU ++a64zzknOymGGNhY6uECQE+NCMEicPRY8yNuNX2Ygr0Uxwbb0we55N8GA24Prkrl +crhKfL6y0MdsHAgnIRaGV2+mpehS9TbVlx31AdFrugE= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain9.crl b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain9.crl new file mode 100644 index 0000000..09bed52 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain9.crl @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRUwEwYD +VQQDEwxDZXJ0IENoYWluIDkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOHI +MkJfqFOzIqNYmnwe/jMSZFw+RRhbI6x5Q0XXZG985KOVXPnhxLFjQ5x+EIGqf961 +t4WmtWA5JSJIZMVUGm6xIpDzjBeFwr4cgaqmexS0ehOylHJC73fMMKTIXICyRy73 +21PqrmNaGSAwK/HQow4NTMDJfpu1C9tRaucOdGnvAgMBAAGgADANBgkqhkiG9w0B +AQUFAAOBgQDfGF6773CFR6nLxqZl91TH8JViLLsQgN3JSMh9e71JJrjVN/pg8XHy +FyR2cFwubPkDwtIrb5EBtPqH7iNHymDwjqD2wpICNKZ+n/4KNjJ4mNP3bYj951/9 +KndQJfEViEKfsMM/aRDcKQMxHyAB17nmu0hsJs2rFhVutgAWfv1HQw== +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain9.crt b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain9.crt new file mode 100644 index 0000000..7df26a8 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain9.crt @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 54 (0x36) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 8 + Validity + Not Before: Mar 24 07:09:55 2009 GMT + Not After : Mar 24 07:09:55 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 9 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:e1:c8:32:42:5f:a8:53:b3:22:a3:58:9a:7c:1e: + fe:33:12:64:5c:3e:45:18:5b:23:ac:79:43:45:d7: + 64:6f:7c:e4:a3:95:5c:f9:e1:c4:b1:63:43:9c:7e: + 10:81:aa:7f:de:b5:b7:85:a6:b5:60:39:25:22:48: + 64:c5:54:1a:6e:b1:22:90:f3:8c:17:85:c2:be:1c: + 81:aa:a6:7b:14:b4:7a:13:b2:94:72:42:ef:77:cc: + 30:a4:c8:5c:80:b2:47:2e:f7:db:53:ea:ae:63:5a: + 19:20:30:2b:f1:d0:a3:0e:0d:4c:c0:c9:7e:9b:b5: + 0b:db:51:6a:e7:0e:74:69:ef + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + d9:93:84:69:52:8d:5a:7e:c4:b7:04:54:a0:47:32:04:c7:be: + 7b:94:1b:f9:b6:c5:88:84:a1:b4:22:4f:3b:28:ae:29:90:f1: + e4:25:f0:b9:e6:a0:dd:0e:0c:15:a9:6c:e4:8a:fa:a0:42:a7: + f9:4e:b7:0b:53:c1:ab:cb:a7:83:4c:0b:03:f0:64:95:75:5f: + 09:dc:2c:a2:19:d6:51:e8:e4:86:7f:50:60:69:01:64:a5:fd: + 0c:bb:0e:a0:cb:63:9c:b5:2c:22:63:f6:a4:e2:b1:9b:62:a5: + 8c:c7:e5:a3:93:d8:18:6a:f2:95:b6:53:6a:8d:be:b0:ce:fa: + e9:71 +-----BEGIN CERTIFICATE----- +MIICUDCCAbmgAwIBAgIBNjANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG +A1UEAxMMQ2VydCBDaGFpbiA4MB4XDTA5MDMyNDA3MDk1NVoXDTEwMDMyNDA3MDk1 +NVowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gOTCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEA4cgyQl+oU7Mio1iafB7+MxJkXD5FGFsjrHlDRddk +b3zko5Vc+eHEsWNDnH4Qgap/3rW3haa1YDklIkhkxVQabrEikPOMF4XCvhyBqqZ7 +FLR6E7KUckLvd8wwpMhcgLJHLvfbU+quY1oZIDAr8dCjDg1MwMl+m7UL21Fq5w50 +ae8CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v +MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEA2ZOEaVKNWn7EtwRU +oEcyBMe+e5Qb+bbFiIShtCJPOyiuKZDx5CXwueag3Q4MFals5Ir6oEKn+U63C1PB +q8ung0wLA/BklXVfCdwsohnWUejkhn9QYGkBZKX9DLsOoMtjnLUsImP2pOKxm2Kl +jMflo5PYGGrylbZTao2+sM766XE= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain9.key b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain9.key new file mode 100644 index 0000000..37e2d48 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain9.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDhyDJCX6hTsyKjWJp8Hv4zEmRcPkUYWyOseUNF12RvfOSjlVz5 +4cSxY0OcfhCBqn/etbeFprVgOSUiSGTFVBpusSKQ84wXhcK+HIGqpnsUtHoTspRy +Qu93zDCkyFyAskcu99tT6q5jWhkgMCvx0KMODUzAyX6btQvbUWrnDnRp7wIDAQAB +AoGABu56fIcrR8aMHa+urnjVHQRHiH1w6ZqCsdzXL+G496NB8bO4MwO3YirF/Jvy +LcjqPBAgHj5L+zRF65OFZHl8hjKtKxeRvZcFe2XhUwPCN/HJv6OPUSUSIGMxL+XL +4G62lt1tFHVZRjy9mLyqOg2SNwun6c3+dOySdvDY6vixxgECQQD32q9mwkHx8NqQ +2GTGWRNgIDsCR9bnmy1gGKxzKhQLdg0cNwmQrfTCgHXwfeBUr1eSXW6RqTx/WGlA +LqFdyiTBAkEA6TPOoAW+EaXPxx21MmzbqqgK6GqLh7NHM2Z2rkqR++933jGJqS1F +nr4jmWLoSQX017IPz/mlDxlL++CvWIXKrwJAHXMbgj80rLWskqdTmgm9dp99w3Cb +xVs30gI8g1aNmSsGtcKIXWt9+Jpg6RlbzVQkOJznZWFRceQkZV7lB4rcQQJARfTw +qziNyCWBqy3SSYo2a391pjswGElDtruqJqbgHD++Kb2amlGmbPSFIWJ2ZFGRHZOh +ArbVOS5RiQHiGCAqqQJBAMIp5kevQOAr/xYC8BLB6SD7XtfLKTJnZSHy7pWy6xeJ +ffn7QLqwUWMcyrvja+CQgBTKx7u8/MKLSgqohWguWEM= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia1.crl b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia1.crl new file mode 100644 index 0000000..4bdd37f --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia1.crl @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD +VQQDExNDZXJ0IENoYWluIE5vIEFJQSAxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQDNNrJ+X/+2VFhuPKiMLMA1EN/YFIpD6iI8mddzEatkxkmVWdfEZNmjoPlo +i93iobvhqujqrkZx+Fw1s6wS59dBPUU0P240jkFfvD4QUjMuR4uI1OjMXXtmldUN +jB+R6YXfoGhAgZeR8IonaQZDe1Lqcn4boiYu8eKSwq8bJ8FskwIDAQABoAAwDQYJ +KoZIhvcNAQEFBQADgYEAzALn2w53TUTmfkTbyT5GUpxkB8qi07U9R1WrQf0qRLT4 +0NPdNJaZTS3QoqJAcXXcfpMxdcTO+qgQbESu/StvBlnN6Y5CWIZhy/yL0jg/Fwrb +dAlIIVfbgcHpjTwMNdPyMfHy96AgOH8QAKXSwojzadpt4dSh9rSWP2GTKSdS+NQ= +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia1.crt b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia1.crt new file mode 100644 index 0000000..7794e3d --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia1.crt @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 49 (0x31) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 24 07:21:43 2009 GMT + Not After : Mar 24 07:21:43 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:cd:36:b2:7e:5f:ff:b6:54:58:6e:3c:a8:8c:2c: + c0:35:10:df:d8:14:8a:43:ea:22:3c:99:d7:73:11: + ab:64:c6:49:95:59:d7:c4:64:d9:a3:a0:f9:68:8b: + dd:e2:a1:bb:e1:aa:e8:ea:ae:46:71:f8:5c:35:b3: + ac:12:e7:d7:41:3d:45:34:3f:6e:34:8e:41:5f:bc: + 3e:10:52:33:2e:47:8b:88:d4:e8:cc:5d:7b:66:95: + d5:0d:8c:1f:91:e9:85:df:a0:68:40:81:97:91:f0: + 8a:27:69:06:43:7b:52:ea:72:7e:1b:a2:26:2e:f1: + e2:92:c2:af:1b:27:c1:6c:93 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 06:45:50:fc:2e:79:07:60:e0:bb:b7:f5:31:31:b5:86:e5:22: + 63:6e:69:ee:81:4e:6e:c1:7c:ae:14:8f:78:74:1a:c6:c2:d7: + 23:4f:e4:c7:5c:23:a6:74:0f:49:d3:c5:13:2d:93:b1:80:d9: + b3:e7:51:ac:44:37:08:56:e3:9a:a9:aa:45:47:a0:39:de:a4: + cf:f0:1f:06:2c:a1:f4:ff:db:74:00:e6:eb:bf:ed:3c:10:69: + 8a:f5:96:93:71:08:c2:91:92:f4:8f:f5:f8:3c:41:68:6a:b1: + 71:19:a7:45:fc:72:32:6c:49:35:18:ac:fa:9b:f1:47:46:d6: + b5:50:83:83:e1:cb:6d:88:73:63:bc:b7:19:29:2f:47:ea:78: + a3:28:77:41:c7:7d:36:d9:69:17:b3:b2:60:04:dc:b4:30:a3: + 86:a4:99:80:0f:5e:0c:70:54:aa:92:bc:1c:4c:70:9e:0a:63: + 73:26:53:8a:31:5f:aa:12:aa:c1:62:88:0a:24:0e:77:44:85: + 12:3c:86:47:81:3a:52:dd:21:ca:58:1d:16:08:02:af:c0:58: + 39:1e:31:52:ed:d5:16:08:2a:2d:3d:40:01:7c:f1:69:13:a0: + 5e:e5:cd:6f:d6:4a:62:68:7d:15:db:a7:c2:fd:b3:ac:34:c9: + ed:32:a8:2d:3b:6d:c7:aa:0b:91:a5:11:48:d2:25:4d:74:f6: + d0:82:1a:6a:4c:e8:10:73:8e:d4:11:45:18:f8:62:4f:c5:3b: + ac:16:0f:ad:6e:21:86:16:f8:49:e7:b9:f9:41:64:5e:dc:0b: + 35:0b:d5:b1:46:84:ae:62:99:69:2f:77:db:73:25:18:f9:24: + 92:ff:05:23:6d:53:82:16:ec:0e:ae:e5:a9:07:10:95:f5:09: + 99:d4:82:8c:e9:2c:bf:88:48:92:3f:74:b6:e6:6d:e1:f5:8c: + 37:d7:81:d0:31:e0:85:e0:5a:97:39:bb:29:e7:97:9f:d5:eb: + ac:6f:fd:bf:80:24:e5:cc:4e:c8:5f:dc:aa:51:7d:25:6e:7e: + 83:d5:d6:cf:1c:8a:3d:fa:db:e6:c1:b6:1c:ef:34:4f:1e:51: + 1c:2b:ae:c9:b5:36:93:c4:ec:04:0f:78:19:0f:f2:0b:c0:78: + f2:18:3c:2f:b2:f7:07:58:7b:3b:11:fa:4d:50:e2:95:01:63: + cb:84:02:95:08:4c:87:38:14:50:23:9e:81:3e:0a:95:a6:ab: + d0:26:3e:75:cd:d8:4c:f3:5a:40:71:b9:07:41:3b:2f:4f:f1: + 11:fa:e3:dc:07:c9:b5:b1:a9:9c:11:b5:07:cc:40:f0:53:5d: + 8f:8e:21:89:1b:ca:f8:60 +-----BEGIN CERTIFICATE----- +MIID4TCCAcmgAwIBAgIBMTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMyNDA3MjE0M1oXDTEw +MDMyNDA3MjE0M1owWDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xHDAaBgNVBAMTE0NlcnQgQ2hhaW4gTm8g +QUlBIDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM02sn5f/7ZUWG48qIws +wDUQ39gUikPqIjyZ13MRq2TGSZVZ18Rk2aOg+WiL3eKhu+Gq6OquRnH4XDWzrBLn +10E9RTQ/bjSOQV+8PhBSMy5Hi4jU6Mxde2aV1Q2MH5Hphd+gaECBl5HwiidpBkN7 +UupyfhuiJi7x4pLCrxsnwWyTAgMBAAGjODA2MDQGCCsGAQUFBwEBBCgwJjAkBggr +BgEFBQcwAYYYaHR0cDovLzEyNy4wLjAuMTo4OS8wMDAyMA0GCSqGSIb3DQEBBQUA +A4ICAQAGRVD8LnkHYOC7t/UxMbWG5SJjbmnugU5uwXyuFI94dBrGwtcjT+THXCOm +dA9J08UTLZOxgNmz51GsRDcIVuOaqapFR6A53qTP8B8GLKH0/9t0AObrv+08EGmK +9ZaTcQjCkZL0j/X4PEFoarFxGadF/HIybEk1GKz6m/FHRta1UIOD4cttiHNjvLcZ +KS9H6nijKHdBx3022WkXs7JgBNy0MKOGpJmAD14McFSqkrwcTHCeCmNzJlOKMV+q +EqrBYogKJA53RIUSPIZHgTpS3SHKWB0WCAKvwFg5HjFS7dUWCCotPUABfPFpE6Be +5c1v1kpiaH0V26fC/bOsNMntMqgtO23HqguRpRFI0iVNdPbQghpqTOgQc47UEUUY ++GJPxTusFg+tbiGGFvhJ57n5QWRe3As1C9WxRoSuYplpL3fbcyUY+SSS/wUjbVOC +FuwOruWpBxCV9QmZ1IKM6Sy/iEiSP3S25m3h9Yw314HQMeCF4FqXObsp55ef1eus +b/2/gCTlzE7IX9yqUX0lbn6D1dbPHIo9+tvmwbYc7zRPHlEcK67JtTaTxOwED3gZ +D/ILwHjyGDwvsvcHWHs7EfpNUOKVAWPLhAKVCEyHOBRQI56BPgqVpqvQJj51zdhM +81pAcbkHQTsvT/ER+uPcB8m1samcEbUHzEDwU12PjiGJG8r4YA== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia1.key b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia1.key new file mode 100644 index 0000000..f91598c --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia1.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDNNrJ+X/+2VFhuPKiMLMA1EN/YFIpD6iI8mddzEatkxkmVWdfE +ZNmjoPloi93iobvhqujqrkZx+Fw1s6wS59dBPUU0P240jkFfvD4QUjMuR4uI1OjM +XXtmldUNjB+R6YXfoGhAgZeR8IonaQZDe1Lqcn4boiYu8eKSwq8bJ8FskwIDAQAB +AoGBAKtzAVm4FspcWa1wHFlQoh0zxfCf6IypNoVu+qP2pT2CtMOE1lIM+BBPU1DX +WkAYZAI8anB3vf9GQrPTMvZwoFMub7ifTsgBe+gJzbWKpfuDYRmi8figArTopirg +yphtF+wZd5x0Yas0Ak+mxfojUuWF9Scv2p3yiope5KYkC9/xAkEA/KqYc1ucAzsV +qIfZDWv/971IcJacWFm+l1M/jZB62Cimtkyw4zvPV6O6QOOMqJMyBJPE7AWBEGBS +G7kO6yqjhwJBAM/r01/KtZErJL/fZn+bXJxxYgIZ0oBqxEigcMLiRSjyDiVwyR4N +0BeWrI0IoVQpJeWCq0uL/cKmA/oMcDtriZUCQCB4M9svPJ9VqnTb8FK/PEez9Wky +kajw74M22YXxuTeqEbJ/rIOnHgAfNEI+e8b2E4lvC/Fgy7M1DZgucfJaqmUCQDb7 +4zr6zUclhKNk/aMTP8tzRHrPv1YMZfnay9cNpUJtuIX4LIdRGc2TH/Bv7tHly8rE +4m2pCKNX6cdPUMK17n0CQBt2Y0RX3Q7OoJqzbi63JtP4eYwdaI28xnncPMhvwWji +arwmzoNeD7T7tkOEZOC+rlhXZaeZLI6LYUyC5ouEn3M= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia10.crl b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia10.crl new file mode 100644 index 0000000..5e5d740 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia10.crl @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBrDCCARUCAQAwbDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMR0wGwYD +VQQDExRDZXJ0IENoYWluIE5vIEFJQSAxMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +gYkCgYEA3wcv7lR2SVKfFnoKOS9EbRdnymoM10LCRWD5t6Li6i9TFGkCVwZ+RLbH +a59BuBwqF2s4pYnA7OJMwFmXbI0Xz+WGPTuxaZCA/oR7N065HV6Y/EY4x/EmJH16 +/PrXUVnRul8HhZ5D3/1uXzXIpP4kol6KuwG1XcXLDkD16UwLAEMCAwEAAaAAMA0G +CSqGSIb3DQEBBQUAA4GBAC3Hy+pM3gfT72/XQizjzulBIwppfiqSKChXX+SmGIIL +LDVcCXNQYvqvYJqXvNSHzZPy5sOdTPibkNU9nWj0jABa9PdhTmwDeb724HttVBvN +7/h/hYaowlrxTgqJH/LzXjT2AGYGTixnuCphuom94tRnD2yWaKYAGq8xc/kOIkiZ +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia10.crt b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia10.crt new file mode 100644 index 0000000..1696eaf --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia10.crt @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 64 (0x40) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 9 + Validity + Not Before: Mar 24 07:21:53 2009 GMT + Not After : Mar 24 07:21:53 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 10 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:df:07:2f:ee:54:76:49:52:9f:16:7a:0a:39:2f: + 44:6d:17:67:ca:6a:0c:d7:42:c2:45:60:f9:b7:a2: + e2:ea:2f:53:14:69:02:57:06:7e:44:b6:c7:6b:9f: + 41:b8:1c:2a:17:6b:38:a5:89:c0:ec:e2:4c:c0:59: + 97:6c:8d:17:cf:e5:86:3d:3b:b1:69:90:80:fe:84: + 7b:37:4e:b9:1d:5e:98:fc:46:38:c7:f1:26:24:7d: + 7a:fc:fa:d7:51:59:d1:ba:5f:07:85:9e:43:df:fd: + 6e:5f:35:c8:a4:fe:24:a2:5e:8a:bb:01:b5:5d:c5: + cb:0e:40:f5:e9:4c:0b:00:43 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 6f:3d:1c:f3:6a:7d:23:49:43:c3:dd:41:43:81:42:f4:60:bf: + 87:d4:5f:83:96:1c:6a:c3:06:28:e5:76:fb:5c:17:fc:60:1c: + 04:07:03:99:92:d4:01:ac:97:81:0c:2a:7c:67:18:88:60:88: + dc:a9:35:c1:89:75:d8:0b:0a:c3:ff:43:4a:5a:93:3a:d3:67: + b2:ce:8d:8a:8c:19:b5:23:b5:ed:b9:df:26:52:70:09:41:4e: + 68:1a:54:08:74:c8:ff:bf:03:70:f1:9b:ef:65:2e:e2:23:74: + 12:77:c4:25:de:fe:58:a9:a9:fa:d2:fb:4b:40:70:24:31:2b: + bc:64 +-----BEGIN CERTIFICATE----- +MIICXzCCAcigAwIBAgIBQDANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG +A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgOTAeFw0wOTAzMjQwNzIxNTNaFw0xMDAz +MjQwNzIxNTNaMFkxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw +FAYDVQQKEw1TYW1zdW5nIEVsZWMuMR0wGwYDVQQDExRDZXJ0IENoYWluIE5vIEFJ +QSAxMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3wcv7lR2SVKfFnoKOS9E +bRdnymoM10LCRWD5t6Li6i9TFGkCVwZ+RLbHa59BuBwqF2s4pYnA7OJMwFmXbI0X +z+WGPTuxaZCA/oR7N065HV6Y/EY4x/EmJH16/PrXUVnRul8HhZ5D3/1uXzXIpP4k +ol6KuwG1XcXLDkD16UwLAEMCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsG +AQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQAD +gYEAbz0c82p9I0lDw91BQ4FC9GC/h9Rfg5YcasMGKOV2+1wX/GAcBAcDmZLUAayX +gQwqfGcYiGCI3Kk1wYl12AsKw/9DSlqTOtNnss6NiowZtSO17bnfJlJwCUFOaBpU +CHTI/78DcPGb72Uu4iN0EnfEJd7+WKmp+tL7S0BwJDErvGQ= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia10.key b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia10.key new file mode 100644 index 0000000..a6a95d5 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia10.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDfBy/uVHZJUp8Wego5L0RtF2fKagzXQsJFYPm3ouLqL1MUaQJX +Bn5Etsdrn0G4HCoXazilicDs4kzAWZdsjRfP5YY9O7FpkID+hHs3TrkdXpj8RjjH +8SYkfXr8+tdRWdG6XweFnkPf/W5fNcik/iSiXoq7AbVdxcsOQPXpTAsAQwIDAQAB +AoGBALSKYOaRQN/CHj5XtIbuGHonBEH670IiLJl1EzDwjrf8b0iKaPaBrx14yJ36 +YXzkb75dcZGvnZkk5/SdkdKxtJ93Y83Gan34fWXWZFurdBs6B26v4wVAaRYofR53 +/75CnfCDelDH5HgtHj8tw/F4zBIxC3r7CsFn04lKQM+mEd1hAkEA+rYoUSTA9RPB +1Ki1gRiwph3Zan5Tsgt2qngWU0Ek/wsqKkwSeRgHZ5AkpsunKal7bGKMHA3yPo02 +E2EDEHLmTQJBAOO7ifiUoN88roep9pl0diYfLclTUakPViDlzIO7gulvNR0mq43D +BH1JAUVMU19A8VbilKnUS2q6bqpqaCih6M8CQHUFnV/ypdY++JRIgx/U5G9FM3xP +psVOMH91OgZ2O8yH65B+nYjEPICMeW8ZU9dQcnmurfNSVyX3R6xX9dQxrWkCQHLC +1TqBm7gjmkgfbHfUap23ZJlp9WLeqaaWZ0OTQNtmATwZeqZLun1wRsWnOvRrg7Mn +J4eVxhOYs6AJU0f2n50CQHfQU3xMJiTFfLvO8FV4fD39w141xYooC2glDWPFns+b +v3Wkd9M6Nuv+gOB9vdG9I5+X9XSkKonkmcwU9Odjv8k= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia2.crl b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia2.crl new file mode 100644 index 0000000..e22ec2c --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia2.crl @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD +VQQDExNDZXJ0IENoYWluIE5vIEFJQSAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQDTOaekGWEoNU/wm/C4jVXp2k01nj1swDCxi8BQpAhq1uP68/HLnxQutsvS +Fz29izGOyJUT8PwDQjACmGzuKunBKp954Ak1p269cGKuCVNUqWI2I7cVmAHGxVJH +oYzB3nxNhjjQEiRXdpm6HyNiIKV5EqKakLiqUJZZFu0pdJ1nUwIDAQABoAAwDQYJ +KoZIhvcNAQEFBQADgYEAuEP1aoTsRfFjG8te5yZEEbD7I8uPVin7G0GUCxYE2oof +p6C0vCW1CDvSJJ1vQJTF3v26PpKLROqpsiNKpr1uq/R12HanmTdBOgCb/2psEt5Q +sljxJFtog+PwiGdVlUB0QIZDuUeJom/IvoQ3CxfjZsm9b98jtlCw9ccCJhTKtgI= +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia2.crt b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia2.crt new file mode 100644 index 0000000..06691f5 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia2.crt @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 56 (0x38) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 1 + Validity + Not Before: Mar 24 07:21:45 2009 GMT + Not After : Mar 24 07:21:45 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 2 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:d3:39:a7:a4:19:61:28:35:4f:f0:9b:f0:b8:8d: + 55:e9:da:4d:35:9e:3d:6c:c0:30:b1:8b:c0:50:a4: + 08:6a:d6:e3:fa:f3:f1:cb:9f:14:2e:b6:cb:d2:17: + 3d:bd:8b:31:8e:c8:95:13:f0:fc:03:42:30:02:98: + 6c:ee:2a:e9:c1:2a:9f:79:e0:09:35:a7:6e:bd:70: + 62:ae:09:53:54:a9:62:36:23:b7:15:98:01:c6:c5: + 52:47:a1:8c:c1:de:7c:4d:86:38:d0:12:24:57:76: + 99:ba:1f:23:62:20:a5:79:12:a2:9a:90:b8:aa:50: + 96:59:16:ed:29:74:9d:67:53 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 29:8e:68:80:e0:f2:ce:29:e5:70:95:67:0d:51:4a:a8:a0:9c: + 9f:4f:2f:3a:83:40:67:6e:01:cb:21:bf:4a:a7:16:3d:df:f8: + 2b:ca:6d:86:92:cc:46:99:99:b5:11:09:4d:25:c7:15:5f:64: + 66:1a:18:69:ce:37:86:96:ab:e6:2e:3d:63:a3:cf:14:91:3b: + 19:fc:79:a7:37:60:eb:51:12:3f:4d:3b:07:6c:0e:ae:69:2c: + 07:4d:6a:ca:5d:97:e5:f0:24:96:7e:fa:f3:83:ec:53:7a:b1: + 53:cb:42:c5:15:b0:04:9f:36:5c:d0:d5:92:49:38:e5:a5:ef: + 91:d2 +-----BEGIN CERTIFICATE----- +MIICXjCCAcegAwIBAgIBODANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG +A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgMTAeFw0wOTAzMjQwNzIxNDVaFw0xMDAz +MjQwNzIxNDVaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw +FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ +QSAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTOaekGWEoNU/wm/C4jVXp +2k01nj1swDCxi8BQpAhq1uP68/HLnxQutsvSFz29izGOyJUT8PwDQjACmGzuKunB +Kp954Ak1p269cGKuCVNUqWI2I7cVmAHGxVJHoYzB3nxNhjjQEiRXdpm6HyNiIKV5 +EqKakLiqUJZZFu0pdJ1nUwIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB +BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB +gQApjmiA4PLOKeVwlWcNUUqooJyfTy86g0BnbgHLIb9KpxY93/grym2GksxGmZm1 +EQlNJccVX2RmGhhpzjeGlqvmLj1jo88UkTsZ/HmnN2DrURI/TTsHbA6uaSwHTWrK +XZfl8CSWfvrzg+xTerFTy0LFFbAEnzZc0NWSSTjlpe+R0g== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia2.key b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia2.key new file mode 100644 index 0000000..265f30d --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia2.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDTOaekGWEoNU/wm/C4jVXp2k01nj1swDCxi8BQpAhq1uP68/HL +nxQutsvSFz29izGOyJUT8PwDQjACmGzuKunBKp954Ak1p269cGKuCVNUqWI2I7cV +mAHGxVJHoYzB3nxNhjjQEiRXdpm6HyNiIKV5EqKakLiqUJZZFu0pdJ1nUwIDAQAB +AoGASSfMwe7wUWa1exXnN2Pr/4RV/V4C1Cl0M+m8/7DwIWCvsPjQI7/C07MHwInA +HmeZEGS0DSYHgnFoA14bTBmcv2Jh+XJRsjN8Qari8gsfoC3+gTT1CuvrVxP55xM7 +w5c/hUKBIbhyAMHfcS/lqV+o+1ahxSMtbHWkKZYL/i3h/oECQQD/lt6wu0Ne2jwy +iHchL6l+Sz5bMpW9Qx23WpwiGPOlh3YzwDZHZRNmkJbXI3sIXvC8mjSOhyxI33iB +NlpoZEIhAkEA05CJc53tiIBqg4YzlxKw5u/oeR0qvGFJFP6D8UnRTSet0R/hnlAX +VVns28irMOGZ3gRLskRxv0EMRoViO+Ji8wJBAJO3qYrxH/XRIZt/HYLznf0dFbP1 +n29cO+99keFvFFol2V39iCFpPHY5uMQsgG4NGQuYACoj26deaLIdLNFKqKECQD4A +4ze+NipGMHFBeIczFCNqdkBgmvDAtlFv0i16C9xH37olVNM3986s3yz+n6VgyN53 +ddPWGVwK7VURrFuOmp8CQEEDc0bBtkJgXfObV2PYGJRVuGGP6S1RqL+7VNfmu5/+ +ZJAdwJZOdl3PDL8b9XNSgayuBCK6Wwt3GGzdtvqz76s= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia3.crl b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia3.crl new file mode 100644 index 0000000..03710eb --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia3.crl @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD +VQQDExNDZXJ0IENoYWluIE5vIEFJQSAzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCjhFcier8v7KbTxvLhFJKOnbFa8m+Zn1MI0fnvANqnLcNkbzHfTEkgBoiS +18b/DJlJ0MVXu+qHTQasaDVqPiNs3S9OfPyc5tAdZeSHeX7ZwB7Ne/WBv3mK2G6U +IvF5ptxS6u3m94YxXbc5/M1z7Q0f8sp5uiUe9LlsvCgIqUaqHQIDAQABoAAwDQYJ +KoZIhvcNAQEFBQADgYEAKD2wV5jk1IjZY09e6qCrmlqDo0ma4FPHXXTkHHrah3qW +ThqhAGLs6tukFkzqKiPRx9yxL8Pp+TtLtaPmLO+nX8QbEABXArgJIVrIeuPQPwbW +L8OL2+glnnygdWD2yzNXSddn8k2HpZS1IWhjRg8vUTied9rhwzPq1N4uk79TQAU= +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia3.crt b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia3.crt new file mode 100644 index 0000000..f37e1a2 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia3.crt @@ -0,0 +1,62 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 57 (0x39) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 2 + Validity + Not Before: Mar 24 07:21:47 2009 GMT + Not After : Mar 24 07:21:47 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 3 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:a3:84:57:22:7a:bf:2f:ec:a6:d3:c6:f2:e1:14: + 92:8e:9d:b1:5a:f2:6f:99:9f:53:08:d1:f9:ef:00: + da:a7:2d:c3:64:6f:31:df:4c:49:20:06:88:92:d7: + c6:ff:0c:99:49:d0:c5:57:bb:ea:87:4d:06:ac:68: + 35:6a:3e:23:6c:dd:2f:4e:7c:fc:9c:e6:d0:1d:65: + e4:87:79:7e:d9:c0:1e:cd:7b:f5:81:bf:79:8a:d8: + 6e:94:22:f1:79:a6:dc:52:ea:ed:e6:f7:86:31:5d: + b7:39:fc:cd:73:ed:0d:1f:f2:ca:79:ba:25:1e:f4: + b9:6c:bc:28:08:a9:46:aa:1d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 05:E8:B5:E4:89:7E:CD:72:28:E1:08:B5:B2:9F:8E:A2:13:2B:2C:A7 + X509v3 Authority Key Identifier: + DirName:/C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 1 + serial:38 + + Signature Algorithm: sha1WithRSAEncryption + 36:e5:af:2d:c4:bd:c1:16:27:74:f0:0a:a5:12:4c:da:d6:e2: + 60:98:ee:3d:7a:d1:55:a0:ed:57:fd:6b:9b:fc:19:4b:f3:b2: + 41:19:a7:6c:f7:15:63:68:18:09:6d:db:23:f9:e1:2a:d6:75: + e5:18:46:2b:82:57:4e:1a:f8:03:fa:3d:7c:aa:70:8e:17:25: + c6:b2:ab:ca:94:90:fd:2a:69:53:f5:11:81:68:06:f8:2d:5d: + 92:39:b4:96:f0:d0:b5:03:c2:15:26:f4:e9:c0:9a:28:39:dd: + 67:ea:a6:9f:27:44:69:2e:95:e0:a1:03:f6:3c:a1:f7:92:f4: + a2:b8 +-----BEGIN CERTIFICATE----- +MIIC7jCCAlegAwIBAgIBOTANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG +A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgMjAeFw0wOTAzMjQwNzIxNDdaFw0xMDAz +MjQwNzIxNDdaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw +FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ +QSAzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjhFcier8v7KbTxvLhFJKO +nbFa8m+Zn1MI0fnvANqnLcNkbzHfTEkgBoiS18b/DJlJ0MVXu+qHTQasaDVqPiNs +3S9OfPyc5tAdZeSHeX7ZwB7Ne/WBv3mK2G6UIvF5ptxS6u3m94YxXbc5/M1z7Q0f +8sp5uiUe9LlsvCgIqUaqHQIDAQABo4HHMIHEMAkGA1UdEwQCMAAwLAYJYIZIAYb4 +QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQF +6LXkiX7NcijhCLWyn46iEysspzBqBgNVHSMEYzBhoVykWjBYMQswCQYDVQQGEwJL +UjETMBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEc +MBoGA1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgMYIBODANBgkqhkiG9w0BAQUFAAOB +gQA25a8txL3BFid08AqlEkza1uJgmO49etFVoO1X/Wub/BlL87JBGads9xVjaBgJ +bdsj+eEq1nXlGEYrgldOGvgD+j18qnCOFyXGsqvKlJD9KmlT9RGBaAb4LV2SObSW +8NC1A8IVJvTpwJooOd1n6qafJ0RpLpXgoQP2PKH3kvSiuA== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia3.key b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia3.key new file mode 100644 index 0000000..0217b1c --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia3.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQCjhFcier8v7KbTxvLhFJKOnbFa8m+Zn1MI0fnvANqnLcNkbzHf +TEkgBoiS18b/DJlJ0MVXu+qHTQasaDVqPiNs3S9OfPyc5tAdZeSHeX7ZwB7Ne/WB +v3mK2G6UIvF5ptxS6u3m94YxXbc5/M1z7Q0f8sp5uiUe9LlsvCgIqUaqHQIDAQAB +AoGAbD/eV2sfSqDGSIj6nVs7MsLeeLDqhK7fD4XCiiDsn6RCKCkcwREFj/gDTgMf +MBWtHRriqhQzTOMHOfe69NyyIf7eXihRjkX7Ist+gi1wiKqdr0ECECC3sGdWR/pu +wLBDtC2ynqiezbxog+/3C3YWs0+DTsnn87aOeKbIIfoMSFkCQQDNBAqw/BKw4dDd +msMGJqbI3UIobZVOEXLwTi3ZWwDMIM+HMJPyT62U67cCg35M4L/EMxYBYMhqdS3f +tixN9+bLAkEAzC5ZxDEG4S3j44m1Ff58qBStbV4SBlM18jZgjEVqeYlqStWq8U7J +lJLpa3F8C26bUNWXTwl7i5BIykpGjZ0ttwJAAdIVXjj+2X9H4Y/sR3O0a3g7jCxc +9RKGmMe49IMwYJ+x+BtgVPiMLBRjzavpRTmBunZRrbV0Ui20OJZfklmvPQJBAIiX +EVIgAhwtmOAkxVGbV0UR4Brj7Wbxz4rjOZ9c6Ke5d7PsUFjxfgS4axKHbpYvPhPL +b1deXpm0wh0hpyUhWu0CQQCX+HNWjZ/3oGTxWHVWhj7Q1J18CyxDj7SISA87mv84 +QZuso4AGYpbuZUdWr2cJcBvbP+ZX7DCjsr+5Ns/3Foqq +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia4.crl b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia4.crl new file mode 100644 index 0000000..7b200b5 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia4.crl @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD +VQQDExNDZXJ0IENoYWluIE5vIEFJQSA0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQDLjdBvdPcqlkda+ePVcjqBlMcP4qKbEU6SFWHcP7j9n7iuGFQlyuAaj0n3 +4YFkdkdatLydEQltx3EDzTirhV9pWu1rqjKnhbR1mqrc7O6dTgNR446miYLjJhNC +mYcEX1lYQ4ky7do06bLKM68p6yAL50oQDD8AlHU2xfhNS6SIlQIDAQABoAAwDQYJ +KoZIhvcNAQEFBQADgYEAgVwPigLP9cqlHrcmhsgMxqsmem1hsw2tmMBK3kccxat+ +c/sHgX5E5MHrUPta5NTlhsiA+A4PABY7Jr/WpGww3/iXJr5UUq+lLpTRg2wYL57c +FzieD8na8Pve5KLhgdPwAwuQjLjV8ZlADIGUSoqEMBbT4oSxXoPXKHZJHbQyUrI= +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia4.crt b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia4.crt new file mode 100644 index 0000000..a08d32c --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia4.crt @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 58 (0x3a) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 3 + Validity + Not Before: Mar 24 07:21:48 2009 GMT + Not After : Mar 24 07:21:48 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 4 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:cb:8d:d0:6f:74:f7:2a:96:47:5a:f9:e3:d5:72: + 3a:81:94:c7:0f:e2:a2:9b:11:4e:92:15:61:dc:3f: + b8:fd:9f:b8:ae:18:54:25:ca:e0:1a:8f:49:f7:e1: + 81:64:76:47:5a:b4:bc:9d:11:09:6d:c7:71:03:cd: + 38:ab:85:5f:69:5a:ed:6b:aa:32:a7:85:b4:75:9a: + aa:dc:ec:ee:9d:4e:03:51:e3:8e:a6:89:82:e3:26: + 13:42:99:87:04:5f:59:58:43:89:32:ed:da:34:e9: + b2:ca:33:af:29:eb:20:0b:e7:4a:10:0c:3f:00:94: + 75:36:c5:f8:4d:4b:a4:88:95 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 6f:51:b6:28:15:d9:aa:56:70:0d:2a:f0:52:8b:c4:53:47:68: + 78:fe:fe:89:c2:3b:87:23:40:87:04:02:67:74:4d:3c:cc:39: + 48:30:f6:9c:12:74:be:48:26:5a:7c:a1:bf:d0:fa:19:89:63: + 66:fe:44:2d:f5:e5:e8:9f:57:c5:20:fe:f0:10:2f:f0:6d:16: + ef:a0:2b:db:95:05:72:cb:63:e4:2b:28:38:8f:aa:b9:51:f2: + 88:19:0e:c1:c8:e7:0d:66:b8:13:f2:13:2d:ee:f0:dd:98:56: + 04:af:c6:c8:81:07:ce:44:f5:23:7b:a4:72:32:4d:43:a9:61: + 72:d6 +-----BEGIN CERTIFICATE----- +MIICXjCCAcegAwIBAgIBOjANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG +A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgMzAeFw0wOTAzMjQwNzIxNDhaFw0xMDAz +MjQwNzIxNDhaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw +FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ +QSA0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLjdBvdPcqlkda+ePVcjqB +lMcP4qKbEU6SFWHcP7j9n7iuGFQlyuAaj0n34YFkdkdatLydEQltx3EDzTirhV9p +Wu1rqjKnhbR1mqrc7O6dTgNR446miYLjJhNCmYcEX1lYQ4ky7do06bLKM68p6yAL +50oQDD8AlHU2xfhNS6SIlQIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB +BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB +gQBvUbYoFdmqVnANKvBSi8RTR2h4/v6JwjuHI0CHBAJndE08zDlIMPacEnS+SCZa +fKG/0PoZiWNm/kQt9eXon1fFIP7wEC/wbRbvoCvblQVyy2PkKyg4j6q5UfKIGQ7B +yOcNZrgT8hMt7vDdmFYEr8bIgQfORPUje6RyMk1DqWFy1g== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia4.key b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia4.key new file mode 100644 index 0000000..6785e26 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia4.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDLjdBvdPcqlkda+ePVcjqBlMcP4qKbEU6SFWHcP7j9n7iuGFQl +yuAaj0n34YFkdkdatLydEQltx3EDzTirhV9pWu1rqjKnhbR1mqrc7O6dTgNR446m +iYLjJhNCmYcEX1lYQ4ky7do06bLKM68p6yAL50oQDD8AlHU2xfhNS6SIlQIDAQAB +AoGBAJMGntwypujq3SV4Q7mDpYC9Xr85muvYp2Da8vFsUYlYGcQeLIGTtSVaBDp4 +dsaCrG13CJmGmcHigd4WGG3DizK7HnlOU6GuKdJfISJAT0Di/oSnH1gpIxGzxsA0 +IAjrncQT0yPcXtS/YXv4VMhOHdWTmaZvsuP0aJjd04hg/yyhAkEA623ruT6oKxk6 +5QeO8OFhUxi9ahgzQYHfHU9bXshRoCVA9OE9EzxyYvQRJa4s2WcJoRmFpwTPQoUW +iZnhKBBr2QJBAN1W56AFsqtNY33joZA1GIjZEhgbeZF1w+VUUcYWQ8wvOFYYq71S +lmw2QpZdAhgFtQ5Sy31xVbbp7USrAoXNOR0CQCyyD6B5jr+v6Ih2qOJ+R1XZSoyL +z59OIqeT20rhSO3YZL6YzFmMjkLPBzpaGNWlRCS7ja4psZd1YNP6zM4oX/ECQB0u +F9tA5Q0wZq1yFRqt5U4lT/1doelLXUgelalHxihlEUhIeFu9R5d8j8rC+EOyfOwm +fi1Lg8FZla433V1GcQECQQCDC1toUTOs6zQMR8Qjbg806oEeNCrXCuRSvER9F216 +W/gfkyu3O7ZMyTLDzssExEBemXqIwP7cPvi4AudCR+rF +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia5.crl b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia5.crl new file mode 100644 index 0000000..3cd2191 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia5.crl @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD +VQQDExNDZXJ0IENoYWluIE5vIEFJQSA1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQDbDHCjS40S+kdfXzpBkRh6m+OvmVZwlnF90Hzu2dI6kMtCyOsGpYEko9Ce +0DMEiFCk4jI3GrikP3dWtD+pzCd+ycmJHspktk7m/PoXzjuUf7IUb0CteHXzCb5i +Db6vQGHcFkuUTIsWznlfl1lWGYoj6iF8PQJTCTIXtifubjEeTQIDAQABoAAwDQYJ +KoZIhvcNAQEFBQADgYEArvxoIPSE97c62AF3OvMdckVtQeJLJqqBfNYXoLwlzoEo +h56Sn+WtrrLEcqp1wt196Wn0BOFjZIzVSMEyNSX5WZ7m5CQskdHHeXjQ9lOkKU7e +Z58GLZL8g+8Z7hJitgAUFdVeDDt4yxRI5KTWeSNziKL2Nt9qnqf/KNZa7E6qbPU= +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia5.crt b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia5.crt new file mode 100644 index 0000000..d0cedf9 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia5.crt @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 59 (0x3b) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 4 + Validity + Not Before: Mar 24 07:21:49 2009 GMT + Not After : Mar 24 07:21:49 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 5 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:db:0c:70:a3:4b:8d:12:fa:47:5f:5f:3a:41:91: + 18:7a:9b:e3:af:99:56:70:96:71:7d:d0:7c:ee:d9: + d2:3a:90:cb:42:c8:eb:06:a5:81:24:a3:d0:9e:d0: + 33:04:88:50:a4:e2:32:37:1a:b8:a4:3f:77:56:b4: + 3f:a9:cc:27:7e:c9:c9:89:1e:ca:64:b6:4e:e6:fc: + fa:17:ce:3b:94:7f:b2:14:6f:40:ad:78:75:f3:09: + be:62:0d:be:af:40:61:dc:16:4b:94:4c:8b:16:ce: + 79:5f:97:59:56:19:8a:23:ea:21:7c:3d:02:53:09: + 32:17:b6:27:ee:6e:31:1e:4d + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 86:d9:2f:aa:12:1f:31:35:60:68:49:8c:4e:75:b3:5e:8f:f2: + 81:69:79:7f:92:ca:32:ca:cf:a3:45:d0:8a:2c:d6:8b:9a:e6: + a8:3d:19:66:ee:3b:03:25:4b:ed:56:c2:49:09:99:98:b3:9f: + 13:11:ee:b5:ad:00:b8:36:31:6e:91:f6:fd:f3:95:7e:90:b9: + 0b:26:ab:06:72:cf:57:33:3c:88:4e:aa:c4:bb:89:a5:60:95: + 11:b5:e6:eb:1f:8f:fb:b0:f0:c5:78:be:6a:7f:39:29:e4:5b: + 7b:28:16:d2:b6:bf:38:af:25:de:7b:22:23:d3:23:ca:03:0d: + c6:08 +-----BEGIN CERTIFICATE----- +MIICXjCCAcegAwIBAgIBOzANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG +A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgNDAeFw0wOTAzMjQwNzIxNDlaFw0xMDAz +MjQwNzIxNDlaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw +FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ +QSA1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbDHCjS40S+kdfXzpBkRh6 +m+OvmVZwlnF90Hzu2dI6kMtCyOsGpYEko9Ce0DMEiFCk4jI3GrikP3dWtD+pzCd+ +ycmJHspktk7m/PoXzjuUf7IUb0CteHXzCb5iDb6vQGHcFkuUTIsWznlfl1lWGYoj +6iF8PQJTCTIXtifubjEeTQIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB +BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB +gQCG2S+qEh8xNWBoSYxOdbNej/KBaXl/ksoyys+jRdCKLNaLmuaoPRlm7jsDJUvt +VsJJCZmYs58TEe61rQC4NjFukfb985V+kLkLJqsGcs9XMzyITqrEu4mlYJURtebr +H4/7sPDFeL5qfzkp5Ft7KBbStr84ryXeeyIj0yPKAw3GCA== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia5.key b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia5.key new file mode 100644 index 0000000..014cc30 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia5.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQDbDHCjS40S+kdfXzpBkRh6m+OvmVZwlnF90Hzu2dI6kMtCyOsG +pYEko9Ce0DMEiFCk4jI3GrikP3dWtD+pzCd+ycmJHspktk7m/PoXzjuUf7IUb0Ct +eHXzCb5iDb6vQGHcFkuUTIsWznlfl1lWGYoj6iF8PQJTCTIXtifubjEeTQIDAQAB +AoGBANOC9ZiYMUar6RMMbsI1CsAJmxdKJw9cFYZ5NMmmBruKaNq6C0dFtKfejmlr +fHfZ8JTl3bsb0EK5DdDpB7g7a73WT1338htfrH+3e0LRsj0hU7SidXOgb0Cw922d +nRW53198ARkPc3b20uuFI71+4x8Vs5KDHiYNs644IpKD+2o5AkEA8WdqEkLaY3Wm +muV5l9SZ5bKFDv+lWV7AQTjUGslJOxlq3AwB4hBK5CJiiybYyTcV3e4jWJZfnN/t +J5NSeXVY9wJBAOhK/yp/UqblY96LgrlrfX7qQ+u6/drPHwp6JvlAGFyPzjN5WAO5 +i/9FZdKmjIvQOBu1OjvKjS5B/CpM4cTcVdsCQQDvEZJLaWesDgyj49RKV+LdRrFd +TDHtUtek/+mWaXcbjy1zpHSM88OnMKJU2nDgvKvsMHVSuwEPc/gCNHT+Ege7AkAv +/B4Nx1NpioVA2YzdhKjd6MKzFWOPKa392hHm9yiRJluwImbeDhwvVUSdaS4rS43r +m1o2M7dKUPMoQc15fxJ1AkEAq8F4Ij94qy+eGc25H4ZkGOZTdr6iyn9ffncEqf42 +xvLu/L+RSuPu4VozAqzlXUWSi5Msnmxx0GaRtKJXZ/7AuQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia6.crl b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia6.crl new file mode 100644 index 0000000..56b32fd --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia6.crl @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD +VQQDExNDZXJ0IENoYWluIE5vIEFJQSA2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCWTobpyriDSEdy+q0BqCbAxgkQ7zfgYuZr4ZedFcLliPruUIH/6/tIgG/b +QbdRWGTrjbcvAxoLNttTHRl8Sfl2DDk280/p9seQXwLd3OdRwkTMn4dME9TlkRxK +7TOigHbIVn78yXMreNl+o7IjzWnKoaeM44yXPnGsyARWvZfN0QIDAQABoAAwDQYJ +KoZIhvcNAQEFBQADgYEAQ9NTrKzNXwwH6oENb9jaNK6RKMaTzjpw+wLwVYEwy6zy +cdewGroTrbWeDxUtHDPdxITo54b8HVJcPGytQtlSgpJHK9JxLlm1EBWMzAaRPMsK +HUcL9JP716Saga0FddWLTrn5WWCQuqfZF31nBappGmXY0L+gl7vRpIMu6toCdAI= +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia6.crt b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia6.crt new file mode 100644 index 0000000..6e0a696 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia6.crt @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 60 (0x3c) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 5 + Validity + Not Before: Mar 24 07:21:50 2009 GMT + Not After : Mar 24 07:21:50 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 6 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:96:4e:86:e9:ca:b8:83:48:47:72:fa:ad:01:a8: + 26:c0:c6:09:10:ef:37:e0:62:e6:6b:e1:97:9d:15: + c2:e5:88:fa:ee:50:81:ff:eb:fb:48:80:6f:db:41: + b7:51:58:64:eb:8d:b7:2f:03:1a:0b:36:db:53:1d: + 19:7c:49:f9:76:0c:39:36:f3:4f:e9:f6:c7:90:5f: + 02:dd:dc:e7:51:c2:44:cc:9f:87:4c:13:d4:e5:91: + 1c:4a:ed:33:a2:80:76:c8:56:7e:fc:c9:73:2b:78: + d9:7e:a3:b2:23:cd:69:ca:a1:a7:8c:e3:8c:97:3e: + 71:ac:c8:04:56:bd:97:cd:d1 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 6f:e5:2b:c2:3c:65:22:24:f1:1c:a4:c4:c1:35:73:40:a0:8a: + f0:13:06:c7:46:19:83:51:e0:c6:9f:d8:49:93:59:41:3f:71: + 2d:31:67:55:98:49:42:aa:07:42:81:b5:4f:29:11:36:3f:23: + 47:75:75:89:18:95:a4:ea:af:9f:4f:b2:0e:0b:21:4e:74:4f: + 2c:18:74:c9:05:21:55:e7:e7:b2:85:9a:4f:70:ce:d1:89:1d: + 9e:f8:02:30:d0:60:c5:2a:78:87:67:9e:04:3e:8a:7b:f9:df: + 0b:4e:41:3a:81:fa:35:fa:d7:77:5f:7c:1f:cc:59:da:94:9b: + 94:55 +-----BEGIN CERTIFICATE----- +MIICXjCCAcegAwIBAgIBPDANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG +A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgNTAeFw0wOTAzMjQwNzIxNTBaFw0xMDAz +MjQwNzIxNTBaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw +FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ +QSA2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWTobpyriDSEdy+q0BqCbA +xgkQ7zfgYuZr4ZedFcLliPruUIH/6/tIgG/bQbdRWGTrjbcvAxoLNttTHRl8Sfl2 +DDk280/p9seQXwLd3OdRwkTMn4dME9TlkRxK7TOigHbIVn78yXMreNl+o7IjzWnK +oaeM44yXPnGsyARWvZfN0QIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB +BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB +gQBv5SvCPGUiJPEcpMTBNXNAoIrwEwbHRhmDUeDGn9hJk1lBP3EtMWdVmElCqgdC +gbVPKRE2PyNHdXWJGJWk6q+fT7IOCyFOdE8sGHTJBSFV5+eyhZpPcM7RiR2e+AIw +0GDFKniHZ54EPop7+d8LTkE6gfo1+td3X3wfzFnalJuUVQ== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia6.key b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia6.key new file mode 100644 index 0000000..d4cb2bf --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia6.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQCWTobpyriDSEdy+q0BqCbAxgkQ7zfgYuZr4ZedFcLliPruUIH/ +6/tIgG/bQbdRWGTrjbcvAxoLNttTHRl8Sfl2DDk280/p9seQXwLd3OdRwkTMn4dM +E9TlkRxK7TOigHbIVn78yXMreNl+o7IjzWnKoaeM44yXPnGsyARWvZfN0QIDAQAB +AoGAXqPJPRIAxeDP5CzEnGN1KzJGaRxG0YlUTp836JfYJNDwNvgIMs0yZn9Abwzc +0WJYAR01N2u7jU4YISgUcPbfFCcoH0f7p5xknHee9CYXt+YkNT52YNdungP60I4m +1EQID3Xn4/h0+vsb6ZnlUMWUFfxhfBtixvwQZuZrtixbLfECQQDGym+ysZvvxyA5 +SfiH8Ixs93hixX5csyFyDieNFntI/otZt3R+RKSHSODGAXbPgOzIWrfD91/YA6R2 +LotEJFJtAkEAwZAdZ2xvV2uVuOxre5CZtXw1dMLZolC2thAmrqoAdMek1UcSK8wI +ZdmE9XneAKcQx3esR0AvTIbKx24/6DFqdQJAOiN0fX+CSqMjIn4myKMqfqf1tnVq +GnRtQK0xFgtQLS381VVZJaCvub0vt9kvxUpAdexKOG79wfB2xfWg12IEFQJBAKnV +qGcZtqvuwuUJ09kMbEHYJRM48DpCNb6Td01j7piIn7Fe9aumD2xGKio07ryF2ewa +rfeqcpXj40KPEtXJng0CQEPJULeB6FKRqzGWsyIe4u7ow2MjMIou7m66HyjvjkHP +6Rg5DA0dSEjwJeMFQ8AklKPtLyuIyrkFunjctYXx0Cg= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia7.crl b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia7.crl new file mode 100644 index 0000000..6a397fb --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia7.crl @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD +VQQDExNDZXJ0IENoYWluIE5vIEFJQSA3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQC0W/5IECvrWK/GDlcqpVzMV4VE8tnRQ4TTQIv3euDosZ3o9LFFxmcUm6Wo +4o/LMabbYZANqgqeJtxLCzOifAdyke5q7Hc09H6lDjkTqNWGhhJbpIs4kVckjak7 ++PGmSIkgqVuz/spW8MrR7JmcV2rfjiOhfr5ffM+p2z+43KGaOQIDAQABoAAwDQYJ +KoZIhvcNAQEFBQADgYEAA0W3BM0qKXbW57gq2ZOo6/ZRYMqv0snG1Nc7mjlQrXRO +fojBgWh3k1olzNv1XVmLI/jo9fs9E7Xcuvipiv9KMb5ba7oBzWXx8fKvyjbVX8qL +G/tlyNiuX4pRbYHdh3C+zkkgItktl/DmxF344t/8Jdm/m28opW7cH0e2Zpp14ts= +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia7.crt b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia7.crt new file mode 100644 index 0000000..87fdfab --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia7.crt @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 61 (0x3d) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 6 + Validity + Not Before: Mar 24 07:21:51 2009 GMT + Not After : Mar 24 07:21:51 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 7 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b4:5b:fe:48:10:2b:eb:58:af:c6:0e:57:2a:a5: + 5c:cc:57:85:44:f2:d9:d1:43:84:d3:40:8b:f7:7a: + e0:e8:b1:9d:e8:f4:b1:45:c6:67:14:9b:a5:a8:e2: + 8f:cb:31:a6:db:61:90:0d:aa:0a:9e:26:dc:4b:0b: + 33:a2:7c:07:72:91:ee:6a:ec:77:34:f4:7e:a5:0e: + 39:13:a8:d5:86:86:12:5b:a4:8b:38:91:57:24:8d: + a9:3b:f8:f1:a6:48:89:20:a9:5b:b3:fe:ca:56:f0: + ca:d1:ec:99:9c:57:6a:df:8e:23:a1:7e:be:5f:7c: + cf:a9:db:3f:b8:dc:a1:9a:39 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 1d:2e:83:cb:9e:92:3e:d2:0a:fb:74:87:66:3d:57:84:09:11: + 4a:2a:68:0e:da:9e:4d:7b:25:af:56:fa:3c:d5:4c:02:fe:43: + dd:c3:66:c9:5d:55:50:40:15:8f:06:74:13:83:27:c5:19:7e: + 55:f3:fa:26:ec:3e:c0:1a:5d:20:ee:09:af:38:83:f8:0e:da: + bf:07:87:07:a5:70:79:21:2c:38:5b:e0:f8:d1:57:0f:9b:d1: + ee:a3:86:02:b5:e0:5b:64:08:5f:64:8b:43:65:ac:60:8a:c9: + 6f:47:37:66:61:c1:74:b0:74:0a:24:12:36:c1:28:58:b6:04: + 9b:4c +-----BEGIN CERTIFICATE----- +MIICXjCCAcegAwIBAgIBPTANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG +A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgNjAeFw0wOTAzMjQwNzIxNTFaFw0xMDAz +MjQwNzIxNTFaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw +FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ +QSA3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0W/5IECvrWK/GDlcqpVzM +V4VE8tnRQ4TTQIv3euDosZ3o9LFFxmcUm6Wo4o/LMabbYZANqgqeJtxLCzOifAdy +ke5q7Hc09H6lDjkTqNWGhhJbpIs4kVckjak7+PGmSIkgqVuz/spW8MrR7JmcV2rf +jiOhfr5ffM+p2z+43KGaOQIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB +BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB +gQAdLoPLnpI+0gr7dIdmPVeECRFKKmgO2p5NeyWvVvo81UwC/kPdw2bJXVVQQBWP +BnQTgyfFGX5V8/om7D7AGl0g7gmvOIP4Dtq/B4cHpXB5ISw4W+D40VcPm9Huo4YC +teBbZAhfZItDZaxgislvRzdmYcF0sHQKJBI2wShYtgSbTA== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia7.key b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia7.key new file mode 100644 index 0000000..2882a88 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia7.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQC0W/5IECvrWK/GDlcqpVzMV4VE8tnRQ4TTQIv3euDosZ3o9LFF +xmcUm6Wo4o/LMabbYZANqgqeJtxLCzOifAdyke5q7Hc09H6lDjkTqNWGhhJbpIs4 +kVckjak7+PGmSIkgqVuz/spW8MrR7JmcV2rfjiOhfr5ffM+p2z+43KGaOQIDAQAB +AoGAKiqfxoVRX1J6tdlAc835ZiTIGZiVaCFa+nDKyG9ICd8Mxhv/HgsGqoDBODzP +1XekRQIIRcmNdfAr7LePuNs6eh/qm98UulUr6zpEMXu8/DIqI6Lf4F8GMwMaD2lx +qmnQK+fziDrhrw10Y1ijy/ttEg6wDwCeQJJs/Iz3ncOEIMkCQQDo93B/RhJas6Gd +bIC5IIe5pwvyOzmkn6dOWCIZDU5WXJ3A2gtNDdhO6MunaFCA2i+R4RSu8dDQjUXC +dtthEfVfAkEAxjEGfrEg1NW7ug6CB2yvJiKzoHn6mVWUapKWfbstaodOrU1+WWtU +CpWn0cm6ytGOeSI1Ylc2vnp667QikWq/ZwJBAKvV97CpKtikLs1DPx9OE06pHHKr +pLT83hc3gs8ftWyWG/Yn3rYTRD3QEIeGtfqU9QmREASKcQ+jZJUvvlk3OdkCQArY +9hULFtPvWtYFI0LKxQ9eSNyYsImh8Hygx1HcY9D31OuRWUAFqtTlegj2dJ3TOGwS +3j8irOFiDMZH1riE0jMCQDtk5fJZd61phQ25I4mkBf4+8qCOiiWneuapdJlX1r+C +5GmsM9fDr/m+pBNAbQP2vR+38wSHEuEt0U9MC7NEAHU= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia8.crl b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia8.crl new file mode 100644 index 0000000..9d1bc6c --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia8.crl @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD +VQQDExNDZXJ0IENoYWluIE5vIEFJQSA4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQC8dmzRZbvDmPpNGTSmQ4rBHf8ETPnJv8XZTAiUokxVMQloOjVhxi59anqH +iLohTF5eKNnT/QG8TuJVqNfVoHLRtftv+Mp69+aJsD7Jg+X9jan8Cv2g3aIzF06g +Djcisu8n5GfVWICLFqGiVsNzaX3uR9mvTRl+nysIrUtRB0CZ8QIDAQABoAAwDQYJ +KoZIhvcNAQEFBQADgYEACgjxLIxQBVD3sgcHFUzN1o7ibcA1Y82FC3HIowZfs/n9 +VPj7EhZ1J+PVZzszjjsTLHp3hjVn9g+gYVpen0MYVTbIn4733qaA7vImfv3DCN4B +Wk75YhVBRuvJSbIKplQeJPyDGXdMfrtLQ6dYiHImkVHwkp1kueq9H5jU6TUrDd8= +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia8.crt b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia8.crt new file mode 100644 index 0000000..397c8cc --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia8.crt @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 62 (0x3e) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 7 + Validity + Not Before: Mar 24 07:21:52 2009 GMT + Not After : Mar 24 07:21:52 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 8 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:bc:76:6c:d1:65:bb:c3:98:fa:4d:19:34:a6:43: + 8a:c1:1d:ff:04:4c:f9:c9:bf:c5:d9:4c:08:94:a2: + 4c:55:31:09:68:3a:35:61:c6:2e:7d:6a:7a:87:88: + ba:21:4c:5e:5e:28:d9:d3:fd:01:bc:4e:e2:55:a8: + d7:d5:a0:72:d1:b5:fb:6f:f8:ca:7a:f7:e6:89:b0: + 3e:c9:83:e5:fd:8d:a9:fc:0a:fd:a0:dd:a2:33:17: + 4e:a0:0e:37:22:b2:ef:27:e4:67:d5:58:80:8b:16: + a1:a2:56:c3:73:69:7d:ee:47:d9:af:4d:19:7e:9f: + 2b:08:ad:4b:51:07:40:99:f1 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 40:8d:52:73:c3:85:6b:6c:4f:54:51:06:eb:d8:cd:40:5d:3d: + 89:c2:06:4d:c6:70:5e:cc:64:40:3f:bb:3e:d4:52:b0:8d:57: + 77:f3:1f:63:89:b3:21:b0:72:c6:ef:97:77:06:90:6f:fd:e8: + c3:d4:d6:13:f7:18:a8:eb:1e:87:b8:98:20:4a:0b:58:74:81: + 59:eb:6e:50:f3:68:b2:e2:8c:a2:4b:92:c5:fa:e1:4f:43:ae: + 51:ca:a6:c7:2c:40:16:2f:24:d3:a2:91:d5:45:7d:a7:3c:6e: + 65:74:a7:b0:a6:a0:07:d7:1d:3a:2e:51:6e:de:7f:e6:5b:73: + e2:7d +-----BEGIN CERTIFICATE----- +MIICXjCCAcegAwIBAgIBPjANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG +A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgNzAeFw0wOTAzMjQwNzIxNTJaFw0xMDAz +MjQwNzIxNTJaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw +FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ +QSA4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8dmzRZbvDmPpNGTSmQ4rB +Hf8ETPnJv8XZTAiUokxVMQloOjVhxi59anqHiLohTF5eKNnT/QG8TuJVqNfVoHLR +tftv+Mp69+aJsD7Jg+X9jan8Cv2g3aIzF06gDjcisu8n5GfVWICLFqGiVsNzaX3u +R9mvTRl+nysIrUtRB0CZ8QIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB +BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB +gQBAjVJzw4VrbE9UUQbr2M1AXT2JwgZNxnBezGRAP7s+1FKwjVd38x9jibMhsHLG +75d3BpBv/ejD1NYT9xio6x6HuJggSgtYdIFZ625Q82iy4oyiS5LF+uFPQ65RyqbH +LEAWLyTTopHVRX2nPG5ldKewpqAH1x06LlFu3n/mW3PifQ== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia8.key b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia8.key new file mode 100644 index 0000000..9380709 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia8.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQC8dmzRZbvDmPpNGTSmQ4rBHf8ETPnJv8XZTAiUokxVMQloOjVh +xi59anqHiLohTF5eKNnT/QG8TuJVqNfVoHLRtftv+Mp69+aJsD7Jg+X9jan8Cv2g +3aIzF06gDjcisu8n5GfVWICLFqGiVsNzaX3uR9mvTRl+nysIrUtRB0CZ8QIDAQAB +AoGAeD+3vwQCghMh4f+rMEr4RbA1/zB+UNQkEToKX4wO2Gypa+94ECK7lxpRhBkh +ag2oSLwYAML2UIiksbNBw/TUTRJUIvVFGNj01ZAY/ToySwZyB+iGVvYLs14CWCh+ +lIG8Yv6jeioXW6lUYuKGX/8MgKxsYqdjTuNDBUTU/wYHZgECQQDezuG53RnhW+cv +612+metzu3+9tnz1YME9d+xJSHehNG+44ZojxIujYaZpwq4riPfPp61JKJmJ9A1p +QUDQfLeZAkEA2Im5unIRak409a6uNlZ4ga6ISROewyoGe+pzch7trOGgcmcTy3mA +ZqmmRcolcpQ8Zvk/8pEbgSWwh1GxOuOMGQJBALwEyOcXdad+7nC5pboaGV7ocrud +K4XFyEwezv5ocMtQfJb/iht02IFe/hdxeZizVKufS9PYtvh7QnX34sIM/MECQGHy +Cjy3lAEN1w66MLsLaf7ev26unUWSINS0O/wG2WM1u6mDzoRfNSE646b1xPKK8rdx +Tuedk19bePn8jbohayECQQDWDO5OcgeD/3Yyy5ybll7UC+8O1RWHx/aYV6xI1Nbm +G4UsxB6jeEoHUD68YQ/LCaphFsrcYDK9KCaFn9qqcGeJ +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia9.crl b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia9.crl new file mode 100644 index 0000000..6424613 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia9.crl @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBqzCCARQCAQAwazELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYD +VQQDExNDZXJ0IENoYWluIE5vIEFJQSA5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCocGkc8UikcaUr0NjxAB/KKhfQP08fQ6AEUj4oczsgA5ZHmRnclTVBrwNO +CAHB1QhlTHWfKXPTq7P1nOfgc6hOvv2GZ/f0IEJ2OYWUkbhsdADIyIvRJDiS3XR2 +6Mpp9paqKRsyTtdlTdyHTP9g3ESlBmAqL0jmoJyT6yT/dKXQEwIDAQABoAAwDQYJ +KoZIhvcNAQEFBQADgYEAbWNnnytyqTafHeNCAQVVBsNuHKJhmNfYVfmrghQCPNzd +TAJ1uAbbwN8kLFYbQ8qS0Va+yeSbgzqXRfn8WIpPbgYVMU+KPkVtJd9fjRJpFJbg +Blr6TnXY+2PiGvzptLcPzE5u4un7cNyl+rc1rVzmCS26Gj6e7C7ysAHzedapDvI= +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia9.crt b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia9.crt new file mode 100644 index 0000000..3259a5b --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia9.crt @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 63 (0x3f) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 8 + Validity + Not Before: Mar 24 07:21:52 2009 GMT + Not After : Mar 24 07:21:52 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 9 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:a8:70:69:1c:f1:48:a4:71:a5:2b:d0:d8:f1:00: + 1f:ca:2a:17:d0:3f:4f:1f:43:a0:04:52:3e:28:73: + 3b:20:03:96:47:99:19:dc:95:35:41:af:03:4e:08: + 01:c1:d5:08:65:4c:75:9f:29:73:d3:ab:b3:f5:9c: + e7:e0:73:a8:4e:be:fd:86:67:f7:f4:20:42:76:39: + 85:94:91:b8:6c:74:00:c8:c8:8b:d1:24:38:92:dd: + 74:76:e8:ca:69:f6:96:aa:29:1b:32:4e:d7:65:4d: + dc:87:4c:ff:60:dc:44:a5:06:60:2a:2f:48:e6:a0: + 9c:93:eb:24:ff:74:a5:d0:13 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 8f:6f:4d:2a:68:f1:d5:08:43:43:3f:5a:53:d8:fe:71:93:e8: + 08:e5:a3:4f:dc:b2:9b:20:89:7c:dd:b0:57:7f:f7:1f:45:09: + 78:c0:ba:99:0e:ab:fe:a5:1c:de:37:f6:dd:9a:b2:f1:9f:f0: + 15:19:4b:6c:32:dc:5f:8e:af:4f:3f:fe:a3:67:ae:78:ba:af: + cd:41:fd:c9:31:ca:ce:7e:82:2e:c6:40:4d:94:b9:cd:fa:d5: + a1:b3:b6:10:47:2d:75:f1:37:3f:e9:62:81:a3:ff:7f:72:04: + f7:26:6d:d4:c0:22:38:a1:6c:64:10:66:fe:0d:95:e7:2e:64: + c8:d5 +-----BEGIN CERTIFICATE----- +MIICXjCCAcegAwIBAgIBPzANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG +A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgODAeFw0wOTAzMjQwNzIxNTJaFw0xMDAz +MjQwNzIxNTJaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw +FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ +QSA5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCocGkc8UikcaUr0NjxAB/K +KhfQP08fQ6AEUj4oczsgA5ZHmRnclTVBrwNOCAHB1QhlTHWfKXPTq7P1nOfgc6hO +vv2GZ/f0IEJ2OYWUkbhsdADIyIvRJDiS3XR26Mpp9paqKRsyTtdlTdyHTP9g3ESl +BmAqL0jmoJyT6yT/dKXQEwIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB +BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB +gQCPb00qaPHVCENDP1pT2P5xk+gI5aNP3LKbIIl83bBXf/cfRQl4wLqZDqv+pRze +N/bdmrLxn/AVGUtsMtxfjq9PP/6jZ654uq/NQf3JMcrOfoIuxkBNlLnN+tWhs7YQ +Ry118Tc/6WKBo/9/cgT3Jm3UwCI4oWxkEGb+DZXnLmTI1Q== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia9.key b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia9.key new file mode 100644 index 0000000..99a1155 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/cert_chain_no_aia9.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQCocGkc8UikcaUr0NjxAB/KKhfQP08fQ6AEUj4oczsgA5ZHmRnc +lTVBrwNOCAHB1QhlTHWfKXPTq7P1nOfgc6hOvv2GZ/f0IEJ2OYWUkbhsdADIyIvR +JDiS3XR26Mpp9paqKRsyTtdlTdyHTP9g3ESlBmAqL0jmoJyT6yT/dKXQEwIDAQAB +AoGBAJigAx7uo1wefgQN4gW+jw+oxJs2QoOZy00fGKOehlyj43BNEloF+ZPi+aOj +LbRtTIY9mfb2oLWUSCSuYI3JPx9jIsNMeCgn+/Eo96mjOPvifKgz0D4tNPsGTmf5 +PSEDPdN6NdpIuPoCyn8dTEseL99FDe4JNu1Hotm6xzyl0m+BAkEA0s2LJKsQZKFw +APuwpvLXiLE2n3jxZzxNTJY4X3TGkcDPkkh7LJLo/39KkGZ6jke73IY5UCYXKrSU +t1UlPMTx2wJBAMyNnx2o4c0P3KRyOICS45q+9CMbASIN7aSxNg3Y/bb9R0sVQbXc +C8HpfUN2erpMy2oCjcIt/aU47tTCrkJvfCkCQC+KY2L1oVDQh63xFTnRcoJFVQhK +AkdB9jzbdAMzFsUwMp/O8NhwmVNlpa9DLUiBLQDi1HIa5Qagixl9flRiJhkCQGB6 +n8T+hdoRlDEgCpRiM+YmEMKKFyO3zBG039jyMuDfX4QDd6XOLuF8Pm/WbxZ16C+N +Gs2uoYcPbl59oHGHYdkCQFYRupnzOGMA6qLlP/moi0j7OzOK0JpMLCvkGg5GcNVl +MD2Jgl3O/7JVWQQ/21rS6BLbQHr4Uty6T79bHu6ZeYY= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain1.cnf b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain1.cnf new file mode 100644 index 0000000..4cf83a0 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain1.cnf @@ -0,0 +1,313 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem # The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain10.cnf b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain10.cnf new file mode 100644 index 0000000..8d418bf --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain10.cnf @@ -0,0 +1,313 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./cert_chain # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cert_chain9.crt # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cert_chain9.pem # The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain2.cnf b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain2.cnf new file mode 100644 index 0000000..905bb59 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain2.cnf @@ -0,0 +1,313 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./cert_chain # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cert_chain1.crt # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cert_chain1.pem # The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain3.cnf b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain3.cnf new file mode 100644 index 0000000..6b4b9db --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain3.cnf @@ -0,0 +1,313 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./cert_chain # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cert_chain2.crt # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cert_chain2.pem # The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain4.cnf b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain4.cnf new file mode 100644 index 0000000..3f8a51c --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain4.cnf @@ -0,0 +1,313 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./cert_chain # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cert_chain3.crt # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cert_chain3.pem # The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain5.cnf b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain5.cnf new file mode 100644 index 0000000..1fb4520 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain5.cnf @@ -0,0 +1,313 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./cert_chain # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cert_chain4.crt # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cert_chain4.pem # The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain6.cnf b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain6.cnf new file mode 100644 index 0000000..7ff40b9 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain6.cnf @@ -0,0 +1,313 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./cert_chain # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cert_chain5.crt # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cert_chain5.pem # The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain7.cnf b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain7.cnf new file mode 100644 index 0000000..db26689 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain7.cnf @@ -0,0 +1,313 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./cert_chain # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cert_chain6.crt # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cert_chain6.pem # The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain8.cnf b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain8.cnf new file mode 100644 index 0000000..d341cdd --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain8.cnf @@ -0,0 +1,313 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./cert_chain # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cert_chain7.crt # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cert_chain7.pem # The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain9.cnf b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain9.cnf new file mode 100644 index 0000000..920d692 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain9.cnf @@ -0,0 +1,313 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./cert_chain # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cert_chain8.crt # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cert_chain8.pem # The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia1.cnf b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia1.cnf new file mode 100644 index 0000000..9e59020 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia1.cnf @@ -0,0 +1,313 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia10.cnf b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia10.cnf new file mode 100644 index 0000000..133d8ca --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia10.cnf @@ -0,0 +1,313 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./cert_chain # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cert_chain_no_aia9.crt # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cert_chain_no_aia9.pem # The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia2.cnf b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia2.cnf new file mode 100644 index 0000000..79a5b14 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia2.cnf @@ -0,0 +1,313 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./cert_chain # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cert_chain_no_aia1.crt # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cert_chain_no_aia1.pem # The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia3.cnf b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia3.cnf new file mode 100644 index 0000000..e66757a --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia3.cnf @@ -0,0 +1,313 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./cert_chain # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cert_chain_no_aia2.crt # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cert_chain_no_aia2.pem # The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia4.cnf b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia4.cnf new file mode 100644 index 0000000..e7de251 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia4.cnf @@ -0,0 +1,313 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./cert_chain # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cert_chain_no_aia3.crt # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cert_chain_no_aia3.pem # The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia5.cnf b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia5.cnf new file mode 100644 index 0000000..1ad17ce --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia5.cnf @@ -0,0 +1,313 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./cert_chain # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cert_chain_no_aia4.crt # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cert_chain_no_aia4.pem # The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia6.cnf b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia6.cnf new file mode 100644 index 0000000..4d09fb6 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia6.cnf @@ -0,0 +1,313 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./cert_chain # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cert_chain_no_aia5.crt # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cert_chain_no_aia5.pem # The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia7.cnf b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia7.cnf new file mode 100644 index 0000000..1e5aca0 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia7.cnf @@ -0,0 +1,313 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./cert_chain # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cert_chain_no_aia6.crt # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cert_chain_no_aia6.pem # The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia8.cnf b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia8.cnf new file mode 100644 index 0000000..6b4f2f3 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia8.cnf @@ -0,0 +1,313 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./cert_chain # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cert_chain_no_aia7.crt # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cert_chain_no_aia7.pem # The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia9.cnf b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia9.cnf new file mode 100644 index 0000000..fecdb41 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/configs/config_chain_no_aia9.cnf @@ -0,0 +1,313 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./cert_chain # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cert_chain_no_aia8.crt # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cert_chain_no_aia8.pem # The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/index.txt b/tests/cert-svc/data/TestData/ssl/cert_chain/index.txt new file mode 100644 index 0000000..857ea56 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/index.txt @@ -0,0 +1,64 @@ +V 100306080002Z 01 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100309031315Z 02 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Certificate for OCSP Client test - IP address as AIA +V 100309060955Z 03 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100309061108Z 04 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100309061223Z 05 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100310001031Z 06 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100310001451Z 07 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100310080409Z 08 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100311104952Z 09 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100313011918Z 0A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100313022703Z 0B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100313023759Z 0C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100313023935Z 0D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 190311031642Z 0E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Second Responder Certificate +V 190311031818Z 0F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First Test Certificate +V 190311032356Z 10 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 190311032410Z 11 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 190311032420Z 12 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 190311032430Z 13 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 190311032440Z 14 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100314113542Z 15 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100314134812Z 16 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100316053643Z 17 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100316053834Z 18 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100316061833Z 19 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Second Responder Certificate +V 100316114226Z 1A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316115653Z 1B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316121050Z 1C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316121256Z 1D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316121311Z 1E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316121809Z 1F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316122916Z 20 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316123325Z 21 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316125036Z 22 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316125902Z 23 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316125924Z 24 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316125941Z 25 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316140429Z 26 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Responder certificate with nocheck ext. field +V 190314230611Z 27 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Responder certificate with nocheck ext. field +V 190314230854Z 28 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder's certificate with delegation +V 190314233211Z 29 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Seventh OCSP Client certificate +V 100324064920Z 2A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1 +V 100324070428Z 2B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1 +V 100324070457Z 2C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1 +V 100324070709Z 2D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1 +V 100324070746Z 2E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1 +V 100324070944Z 2F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 2 +V 100324070946Z 30 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 3 +V 100324070947Z 31 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 4 +V 100324070948Z 32 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 5 +V 100324070951Z 33 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 6 +V 100324070953Z 34 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 7 +V 100324070954Z 35 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 8 +V 100324070955Z 36 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 9 +V 100324070956Z 37 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 10 +V 100324072145Z 38 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 2 +V 100324072147Z 39 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 3 +V 100324072148Z 3A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 4 +V 100324072149Z 3B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 5 +V 100324072150Z 3C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 6 +V 100324072151Z 3D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 7 +V 100324072152Z 3E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 8 +V 100324072152Z 3F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 9 +V 100324072153Z 40 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 10 diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/index.txt.attr b/tests/cert-svc/data/TestData/ssl/cert_chain/index.txt.attr new file mode 100644 index 0000000..3a7e39e --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/index.txt.attr @@ -0,0 +1 @@ +unique_subject = no diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/index.txt.attr.old b/tests/cert-svc/data/TestData/ssl/cert_chain/index.txt.attr.old new file mode 100644 index 0000000..3a7e39e --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = no diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/index.txt.old b/tests/cert-svc/data/TestData/ssl/cert_chain/index.txt.old new file mode 100644 index 0000000..11a49e6 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/index.txt.old @@ -0,0 +1,63 @@ +V 100306080002Z 01 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100309031315Z 02 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Certificate for OCSP Client test - IP address as AIA +V 100309060955Z 03 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100309061108Z 04 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100309061223Z 05 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100310001031Z 06 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100310001451Z 07 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100310080409Z 08 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100311104952Z 09 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100313011918Z 0A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100313022703Z 0B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100313023759Z 0C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100313023935Z 0D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 190311031642Z 0E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Second Responder Certificate +V 190311031818Z 0F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First Test Certificate +V 190311032356Z 10 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 190311032410Z 11 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 190311032420Z 12 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 190311032430Z 13 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 190311032440Z 14 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100314113542Z 15 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100314134812Z 16 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100316053643Z 17 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100316053834Z 18 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100316061833Z 19 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Second Responder Certificate +V 100316114226Z 1A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316115653Z 1B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316121050Z 1C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316121256Z 1D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316121311Z 1E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316121809Z 1F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316122916Z 20 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316123325Z 21 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316125036Z 22 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316125902Z 23 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316125924Z 24 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316125941Z 25 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316140429Z 26 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Responder certificate with nocheck ext. field +V 190314230611Z 27 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Responder certificate with nocheck ext. field +V 190314230854Z 28 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder's certificate with delegation +V 190314233211Z 29 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Seventh OCSP Client certificate +V 100324064920Z 2A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1 +V 100324070428Z 2B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1 +V 100324070457Z 2C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1 +V 100324070709Z 2D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1 +V 100324070746Z 2E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 1 +V 100324070944Z 2F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 2 +V 100324070946Z 30 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 3 +V 100324070947Z 31 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 4 +V 100324070948Z 32 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 5 +V 100324070951Z 33 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 6 +V 100324070953Z 34 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 7 +V 100324070954Z 35 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 8 +V 100324070955Z 36 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 9 +V 100324070956Z 37 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain 10 +V 100324072145Z 38 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 2 +V 100324072147Z 39 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 3 +V 100324072148Z 3A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 4 +V 100324072149Z 3B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 5 +V 100324072150Z 3C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 6 +V 100324072151Z 3D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 7 +V 100324072152Z 3E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 8 +V 100324072152Z 3F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 9 diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/2F.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/2F.pem new file mode 100644 index 0000000..13cb5c9 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/2F.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 47 (0x2f) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 1 + Validity + Not Before: Mar 24 07:09:44 2009 GMT + Not After : Mar 24 07:09:44 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 2 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:db:5e:a6:ab:60:f3:85:f6:0d:07:17:8c:ae:52: + 78:13:75:21:8c:d3:4a:20:d1:0d:8a:e2:34:95:ff: + d2:31:29:e7:62:e9:ac:ce:5e:a6:dd:f7:a0:38:f3: + 96:b2:24:06:b6:c8:c6:06:57:ba:f0:f0:69:08:7a: + c1:bf:87:cb:06:2b:7a:fc:81:26:36:81:46:04:9b: + 99:1f:1f:0e:36:05:af:7d:f2:57:fb:26:1d:a5:a3: + 5b:af:70:1d:6f:55:2b:d6:df:3b:dd:4b:51:1e:17: + a6:89:94:5e:16:9c:08:fd:d9:5c:1e:ad:79:f1:5b: + 42:c2:37:59:73:d9:e5:b5:65 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + c1:6c:a1:95:34:3e:32:74:35:1a:cb:76:24:cb:1b:e2:a0:ff: + 6a:78:ef:8d:7f:dd:40:3f:39:85:aa:19:a9:e5:ce:ca:c4:2d: + b8:6c:6d:d4:e9:b1:a2:45:94:16:d7:8b:23:3a:d3:7f:6d:b0: + 8a:7c:ed:2e:6c:e3:ba:dc:3c:25:4b:13:f4:28:a4:f9:87:b4: + 69:b5:51:4d:da:d4:7e:9e:0f:99:6e:1a:5a:5f:b5:dc:f2:7b: + d5:8f:57:39:61:e3:a8:2e:bc:8a:b7:9d:d3:21:58:81:12:b9: + e5:bc:b9:fc:bd:39:2d:e8:8b:c0:49:bc:ba:16:ee:43:58:d9: + 93:82 +-----BEGIN CERTIFICATE----- +MIICUDCCAbmgAwIBAgIBLzANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG +A1UEAxMMQ2VydCBDaGFpbiAxMB4XDTA5MDMyNDA3MDk0NFoXDTEwMDMyNDA3MDk0 +NFowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gMjCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEA216mq2DzhfYNBxeMrlJ4E3UhjNNKINENiuI0lf/S +MSnnYumszl6m3fegOPOWsiQGtsjGBle68PBpCHrBv4fLBit6/IEmNoFGBJuZHx8O +NgWvffJX+yYdpaNbr3Adb1Ur1t873UtRHhemiZReFpwI/dlcHq158VtCwjdZc9nl +tWUCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v +MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAwWyhlTQ+MnQ1Gst2 +JMsb4qD/anjvjX/dQD85haoZqeXOysQtuGxt1OmxokWUFteLIzrTf22winztLmzj +utw8JUsT9Cik+Ye0abVRTdrUfp4PmW4aWl+13PJ71Y9XOWHjqC68ired0yFYgRK5 +5by5/L05LeiLwEm8uhbuQ1jZk4I= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/30.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/30.pem new file mode 100644 index 0000000..96152fc --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/30.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 48 (0x30) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 2 + Validity + Not Before: Mar 24 07:09:46 2009 GMT + Not After : Mar 24 07:09:46 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 3 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c6:3d:c7:e5:0f:c7:59:28:aa:b6:fc:5e:d0:0d: + 95:6d:df:8c:82:42:6d:ef:a9:ad:51:ac:73:c1:e1: + 0a:a1:8e:80:6e:ac:0a:35:55:61:3d:44:32:46:d9: + f7:03:4b:31:b0:e2:a2:b3:f8:91:4b:e3:5c:1d:5c: + e0:48:51:51:9a:06:41:1a:e2:4c:45:5c:c0:2a:86: + 44:44:ce:01:02:56:e6:9b:4b:8d:5e:49:a7:f9:40: + 1b:00:93:91:d6:2e:24:9f:1f:04:59:eb:68:51:fe: + 74:ba:12:b0:b8:7d:7b:c2:95:ff:a6:a7:fd:de:8a: + a1:69:fb:80:85:a5:a6:43:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 87:26:72:c1:5b:e8:04:3a:3f:c5:65:24:17:7a:e5:40:67:f3: + 1e:cd:91:0c:75:bd:aa:14:61:d1:1a:2c:d7:11:21:bb:a3:70: + 92:54:e5:3d:30:d1:b5:50:73:72:1b:72:e8:47:b0:af:a9:85: + f5:e4:d5:53:d5:db:4d:88:48:00:4c:69:32:ab:f2:a8:d0:57: + 90:c6:24:fc:7b:77:de:6c:dd:c5:c9:6e:5b:21:15:73:4d:4d: + f7:a3:ca:31:60:84:24:e9:4d:21:fc:88:ce:13:99:35:76:4c: + e7:26:47:43:a7:eb:79:bd:7e:aa:80:48:ad:5c:46:ae:ab:74: + 9e:29 +-----BEGIN CERTIFICATE----- +MIICUDCCAbmgAwIBAgIBMDANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG +A1UEAxMMQ2VydCBDaGFpbiAyMB4XDTA5MDMyNDA3MDk0NloXDTEwMDMyNDA3MDk0 +NlowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gMzCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEAxj3H5Q/HWSiqtvxe0A2Vbd+MgkJt76mtUaxzweEK +oY6AbqwKNVVhPUQyRtn3A0sxsOKis/iRS+NcHVzgSFFRmgZBGuJMRVzAKoZERM4B +Albmm0uNXkmn+UAbAJOR1i4knx8EWetoUf50uhKwuH17wpX/pqf93oqhafuAhaWm +Q08CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v +MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAhyZywVvoBDo/xWUk +F3rlQGfzHs2RDHW9qhRh0Ros1xEhu6NwklTlPTDRtVBzchty6Eewr6mF9eTVU9Xb +TYhIAExpMqvyqNBXkMYk/Ht33mzdxcluWyEVc01N96PKMWCEJOlNIfyIzhOZNXZM +5yZHQ6freb1+qoBIrVxGrqt0nik= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/31.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/31.pem new file mode 100644 index 0000000..c13a05c --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/31.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 49 (0x31) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 3 + Validity + Not Before: Mar 24 07:09:47 2009 GMT + Not After : Mar 24 07:09:47 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 4 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:ba:05:30:f6:65:6f:c6:e4:54:00:71:1c:85:6c: + 5e:5a:42:67:df:66:e2:a3:69:be:85:d9:84:c0:8b: + 1b:bd:4d:f2:ef:df:01:d3:65:33:f9:66:9a:08:79: + e1:21:6e:8a:e6:3c:dc:96:f2:43:e9:32:68:9d:06: + 06:d7:fc:fb:d2:da:58:16:81:19:cc:d7:43:20:f4: + 85:c1:03:9b:34:c0:6c:7a:a1:19:5d:4f:41:8c:fb: + 74:7d:4c:86:c8:6f:f9:f2:c8:d4:38:cc:c0:44:0b: + c0:b0:0d:48:2b:2c:c6:9f:92:21:2d:80:dd:4b:bd: + da:e2:7d:ad:f5:5d:a7:a5:7f + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + b6:bc:69:88:2c:7a:dd:69:8b:90:cf:a8:ec:33:db:ad:10:06: + ad:d2:94:ee:cf:d3:33:97:ac:60:38:e0:5a:a4:7b:d0:ca:a7: + 5c:19:be:93:1c:61:85:14:08:f0:35:44:99:d4:7e:b0:fb:be: + 4e:5c:18:a9:b9:b5:9a:91:4e:d1:e1:44:8d:ec:ca:4e:eb:6e: + 17:27:76:0d:57:ad:cf:32:e4:a5:bc:b6:ad:22:e5:27:6d:11: + 81:4d:4c:09:14:ea:11:7c:81:14:5e:fb:95:4d:f3:1d:5d:d0: + f9:b6:45:e7:c5:c6:40:21:64:60:2e:71:1f:32:dc:21:fe:5c: + 45:da +-----BEGIN CERTIFICATE----- +MIICUDCCAbmgAwIBAgIBMTANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG +A1UEAxMMQ2VydCBDaGFpbiAzMB4XDTA5MDMyNDA3MDk0N1oXDTEwMDMyNDA3MDk0 +N1owUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gNDCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEAugUw9mVvxuRUAHEchWxeWkJn32bio2m+hdmEwIsb +vU3y798B02Uz+WaaCHnhIW6K5jzclvJD6TJonQYG1/z70tpYFoEZzNdDIPSFwQOb +NMBseqEZXU9BjPt0fUyGyG/58sjUOMzARAvAsA1IKyzGn5IhLYDdS73a4n2t9V2n +pX8CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v +MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAtrxpiCx63WmLkM+o +7DPbrRAGrdKU7s/TM5esYDjgWqR70MqnXBm+kxxhhRQI8DVEmdR+sPu+TlwYqbm1 +mpFO0eFEjezKTutuFyd2DVetzzLkpby2rSLlJ20RgU1MCRTqEXyBFF77lU3zHV3Q ++bZF58XGQCFkYC5xHzLcIf5cRdo= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/32.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/32.pem new file mode 100644 index 0000000..c5549bf --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/32.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 50 (0x32) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 4 + Validity + Not Before: Mar 24 07:09:48 2009 GMT + Not After : Mar 24 07:09:48 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 5 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:af:66:e0:c1:2e:f9:75:ed:0b:27:b3:3a:c9:1d: + 9f:39:21:f9:14:ee:1c:a4:ee:c3:f0:24:a6:c7:43: + dd:f9:03:d0:44:01:e5:19:e9:7b:26:65:3c:3d:3d: + 9a:b9:69:2a:00:46:0e:cb:20:98:c6:9d:37:7e:0c: + 90:a6:d7:b0:54:2b:4b:f3:3e:9b:19:33:a1:34:eb: + 62:e3:b9:bb:fe:cc:ca:3a:d9:fc:71:0a:65:ef:30: + f3:f4:1b:55:f0:8b:b9:12:d8:50:25:25:ac:5d:63: + 9f:d1:c5:21:f2:5a:04:b1:2a:34:a0:12:60:0f:8a: + 3e:ab:a2:87:e5:5b:d6:48:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 9f:b3:eb:f1:0b:e7:fa:c3:f0:6a:3b:ba:67:c3:ae:48:51:63: + 2c:7a:b9:c7:cd:d9:92:46:75:40:a5:a2:d6:ba:8e:a1:cb:c7: + fd:5d:98:f7:2a:e5:0a:06:49:42:8a:e0:09:b1:eb:18:9c:c9: + 1b:e5:d1:4f:a0:0a:a6:14:68:54:7a:b7:9b:f6:44:c5:d8:a1: + 21:99:c9:49:db:64:a5:53:48:5f:b6:d3:ba:fa:73:67:10:10: + 5e:12:45:f8:27:a8:e0:fb:7c:16:73:fb:98:e1:3e:35:f3:de: + 7c:b7:1c:42:2d:d2:9b:8e:03:f5:5f:c7:2f:51:b1:ff:73:45: + d2:70 +-----BEGIN CERTIFICATE----- +MIICUDCCAbmgAwIBAgIBMjANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG +A1UEAxMMQ2VydCBDaGFpbiA0MB4XDTA5MDMyNDA3MDk0OFoXDTEwMDMyNDA3MDk0 +OFowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gNTCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEAr2bgwS75de0LJ7M6yR2fOSH5FO4cpO7D8CSmx0Pd ++QPQRAHlGel7JmU8PT2auWkqAEYOyyCYxp03fgyQptewVCtL8z6bGTOhNOti47m7 +/szKOtn8cQpl7zDz9BtV8Iu5EthQJSWsXWOf0cUh8loEsSo0oBJgD4o+q6KH5VvW +SL8CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v +MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAn7Pr8Qvn+sPwaju6 +Z8OuSFFjLHq5x83ZkkZ1QKWi1rqOocvH/V2Y9yrlCgZJQorgCbHrGJzJG+XRT6AK +phRoVHq3m/ZExdihIZnJSdtkpVNIX7bTuvpzZxAQXhJF+Ceo4Pt8FnP7mOE+NfPe +fLccQi3Sm44D9V/HL1Gx/3NF0nA= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/33.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/33.pem new file mode 100644 index 0000000..08c010b --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/33.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 51 (0x33) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 5 + Validity + Not Before: Mar 24 07:09:51 2009 GMT + Not After : Mar 24 07:09:51 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 6 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:ce:12:20:d1:14:60:01:47:aa:4c:66:1b:4c:4f: + 87:2f:ec:af:fc:11:41:bd:d9:98:7a:b8:e1:dd:59: + d0:c0:9e:40:d2:b7:8b:c7:8a:65:ea:0d:0c:36:f1: + e6:45:61:dc:6f:08:27:62:d0:78:1b:26:71:d4:fe: + 0b:9f:ea:86:1b:43:c7:08:d6:c5:eb:5b:11:c9:8b: + 83:8e:a7:05:0d:5c:6c:ce:ab:70:e0:7d:05:ea:06: + 39:f9:8c:94:56:56:37:62:b3:18:77:bd:e1:5b:53: + a1:07:4d:c7:cc:c6:4c:2e:ef:aa:83:19:b5:ac:e3: + 72:2b:0d:72:7a:0a:ca:81:6f + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 47:f3:03:ee:f0:fe:31:bb:01:47:ca:0e:69:65:a2:f8:4a:6f: + ca:6c:86:80:42:e3:87:49:22:b9:15:f0:da:b6:ca:d9:8b:7f: + f9:38:c0:72:d0:d1:b3:44:8d:95:5e:ab:e7:ad:37:34:ba:8b: + 2f:11:64:b5:20:09:70:fe:cf:6d:3e:d3:7f:f7:f1:ae:31:74: + aa:ae:a7:0b:65:4e:e0:0b:80:87:25:d0:0c:bc:db:f5:ac:0c: + 18:8e:4b:c2:42:88:e6:29:4f:2e:6e:df:72:f4:2f:27:39:b8: + e4:dc:64:1a:d7:c8:f3:f8:42:53:60:53:24:d7:38:75:50:bc: + d1:30 +-----BEGIN CERTIFICATE----- +MIICUDCCAbmgAwIBAgIBMzANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG +A1UEAxMMQ2VydCBDaGFpbiA1MB4XDTA5MDMyNDA3MDk1MVoXDTEwMDMyNDA3MDk1 +MVowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gNjCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEAzhIg0RRgAUeqTGYbTE+HL+yv/BFBvdmYerjh3VnQ +wJ5A0reLx4pl6g0MNvHmRWHcbwgnYtB4GyZx1P4Ln+qGG0PHCNbF61sRyYuDjqcF +DVxszqtw4H0F6gY5+YyUVlY3YrMYd73hW1OhB03HzMZMLu+qgxm1rONyKw1yegrK +gW8CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v +MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAR/MD7vD+MbsBR8oO +aWWi+EpvymyGgELjh0kiuRXw2rbK2Yt/+TjActDRs0SNlV6r5603NLqLLxFktSAJ +cP7PbT7Tf/fxrjF0qq6nC2VO4AuAhyXQDLzb9awMGI5LwkKI5ilPLm7fcvQvJzm4 +5NxkGtfI8/hCU2BTJNc4dVC80TA= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/34.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/34.pem new file mode 100644 index 0000000..f07ee6c --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/34.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 52 (0x34) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 6 + Validity + Not Before: Mar 24 07:09:53 2009 GMT + Not After : Mar 24 07:09:53 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 7 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:d5:c2:18:f3:fc:0a:3c:4e:f7:2b:c6:fd:1f:d7: + 13:bb:35:74:6e:ca:5d:ab:09:67:21:d0:ed:a7:e8: + 99:7e:79:52:b8:32:3d:2b:5f:1b:78:0e:aa:2b:b6: + e7:03:ec:f5:7e:b4:54:3b:87:d9:02:1e:c7:e6:04: + cf:27:7b:36:e6:2f:8e:8e:94:f7:5b:c6:6e:51:2c: + de:17:da:04:45:ea:31:d0:95:c4:50:3c:16:8e:21: + c7:f0:0e:b5:86:c8:58:48:a6:0d:4d:a2:a6:8c:81: + 7a:67:89:43:56:1c:ca:e3:69:8a:08:05:57:b7:6d: + 03:c2:04:af:7b:61:ee:84:27 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 49:e7:f8:dc:ad:06:43:cb:d8:67:e6:e7:c0:7e:dd:a8:21:cd: + b9:53:a8:d8:7a:24:df:dc:9c:bb:55:1d:d8:ca:44:0b:0f:fb: + f8:db:61:2a:97:79:21:e6:96:2a:8c:76:c4:eb:ad:77:45:53: + f5:e2:de:29:7d:29:88:3a:d4:a3:a8:5a:dc:37:24:43:d1:57: + a5:5b:0b:3e:05:2d:0a:1a:0e:18:37:50:cc:36:54:85:37:28: + 50:c8:61:c7:94:48:a0:60:ab:68:b0:b2:a8:61:14:5e:4a:dd: + 04:8a:1a:69:01:45:e2:c6:e2:cb:15:e6:01:49:98:3c:5a:5d: + 2a:d4 +-----BEGIN CERTIFICATE----- +MIICUDCCAbmgAwIBAgIBNDANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG +A1UEAxMMQ2VydCBDaGFpbiA2MB4XDTA5MDMyNDA3MDk1M1oXDTEwMDMyNDA3MDk1 +M1owUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gNzCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEA1cIY8/wKPE73K8b9H9cTuzV0bspdqwlnIdDtp+iZ +fnlSuDI9K18beA6qK7bnA+z1frRUO4fZAh7H5gTPJ3s25i+OjpT3W8ZuUSzeF9oE +Reox0JXEUDwWjiHH8A61hshYSKYNTaKmjIF6Z4lDVhzK42mKCAVXt20DwgSve2Hu +hCcCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v +MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEASef43K0GQ8vYZ+bn +wH7dqCHNuVOo2Hok39ycu1Ud2MpECw/7+NthKpd5IeaWKox2xOutd0VT9eLeKX0p +iDrUo6ha3DckQ9FXpVsLPgUtChoOGDdQzDZUhTcoUMhhx5RIoGCraLCyqGEUXkrd +BIoaaQFF4sbiyxXmAUmYPFpdKtQ= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/35.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/35.pem new file mode 100644 index 0000000..60073f6 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/35.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 53 (0x35) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 7 + Validity + Not Before: Mar 24 07:09:54 2009 GMT + Not After : Mar 24 07:09:54 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 8 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:e4:e0:c4:dc:86:00:94:69:b1:d5:88:72:c8:c2: + 52:c0:56:62:0e:f6:80:a2:ef:8e:68:f9:da:d9:85: + 01:59:04:5e:f7:fc:23:16:dc:ff:2d:52:0a:8c:81: + 96:fa:24:1d:4b:89:60:2c:25:1a:eb:4e:a6:21:c5: + 1f:5b:87:d6:65:8c:d7:e1:a2:55:67:7e:01:7c:28: + 84:d7:23:56:f4:f8:e1:9c:a4:1f:74:fe:6b:c0:14: + cc:fd:05:7b:ba:f6:b0:e3:f5:7e:46:ce:70:39:5c: + 93:43:01:f8:ad:38:a6:0c:71:60:9e:0b:0d:bf:42: + 6c:d3:9e:21:4c:55:ed:74:73 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + be:aa:0c:d9:b6:cc:d6:e1:47:ca:cb:6a:36:5e:67:43:f6:8e: + ab:d9:2a:5c:9d:e0:74:f5:55:70:80:8e:2f:f8:16:4c:2d:4c: + 9c:94:80:6b:6b:c0:7a:e4:0f:f4:60:64:10:ba:93:f5:2a:39: + 0f:5f:06:8a:d4:75:5b:b2:c4:92:25:ad:21:fa:98:75:54:48: + b5:d6:80:c6:9d:96:af:bf:fd:f4:57:80:cf:03:5c:dc:2b:b3: + f6:a2:7a:8e:8d:a5:01:92:53:e4:b7:77:99:1b:71:04:97:66: + 57:a1:28:9d:3b:f8:ac:2e:15:18:17:2e:5d:0b:47:49:3b:65: + 88:fc +-----BEGIN CERTIFICATE----- +MIICUDCCAbmgAwIBAgIBNTANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG +A1UEAxMMQ2VydCBDaGFpbiA3MB4XDTA5MDMyNDA3MDk1NFoXDTEwMDMyNDA3MDk1 +NFowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gODCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEA5ODE3IYAlGmx1YhyyMJSwFZiDvaAou+OaPna2YUB +WQRe9/wjFtz/LVIKjIGW+iQdS4lgLCUa606mIcUfW4fWZYzX4aJVZ34BfCiE1yNW +9PjhnKQfdP5rwBTM/QV7uvaw4/V+Rs5wOVyTQwH4rTimDHFgngsNv0Js054hTFXt +dHMCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v +MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEAvqoM2bbM1uFHystq +Nl5nQ/aOq9kqXJ3gdPVVcICOL/gWTC1MnJSAa2vAeuQP9GBkELqT9So5D18GitR1 +W7LEkiWtIfqYdVRItdaAxp2Wr7/99FeAzwNc3Cuz9qJ6jo2lAZJT5Ld3mRtxBJdm +V6EonTv4rC4VGBcuXQtHSTtliPw= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/36.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/36.pem new file mode 100644 index 0000000..7df26a8 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/36.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 54 (0x36) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 8 + Validity + Not Before: Mar 24 07:09:55 2009 GMT + Not After : Mar 24 07:09:55 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 9 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:e1:c8:32:42:5f:a8:53:b3:22:a3:58:9a:7c:1e: + fe:33:12:64:5c:3e:45:18:5b:23:ac:79:43:45:d7: + 64:6f:7c:e4:a3:95:5c:f9:e1:c4:b1:63:43:9c:7e: + 10:81:aa:7f:de:b5:b7:85:a6:b5:60:39:25:22:48: + 64:c5:54:1a:6e:b1:22:90:f3:8c:17:85:c2:be:1c: + 81:aa:a6:7b:14:b4:7a:13:b2:94:72:42:ef:77:cc: + 30:a4:c8:5c:80:b2:47:2e:f7:db:53:ea:ae:63:5a: + 19:20:30:2b:f1:d0:a3:0e:0d:4c:c0:c9:7e:9b:b5: + 0b:db:51:6a:e7:0e:74:69:ef + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + d9:93:84:69:52:8d:5a:7e:c4:b7:04:54:a0:47:32:04:c7:be: + 7b:94:1b:f9:b6:c5:88:84:a1:b4:22:4f:3b:28:ae:29:90:f1: + e4:25:f0:b9:e6:a0:dd:0e:0c:15:a9:6c:e4:8a:fa:a0:42:a7: + f9:4e:b7:0b:53:c1:ab:cb:a7:83:4c:0b:03:f0:64:95:75:5f: + 09:dc:2c:a2:19:d6:51:e8:e4:86:7f:50:60:69:01:64:a5:fd: + 0c:bb:0e:a0:cb:63:9c:b5:2c:22:63:f6:a4:e2:b1:9b:62:a5: + 8c:c7:e5:a3:93:d8:18:6a:f2:95:b6:53:6a:8d:be:b0:ce:fa: + e9:71 +-----BEGIN CERTIFICATE----- +MIICUDCCAbmgAwIBAgIBNjANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG +A1UEAxMMQ2VydCBDaGFpbiA4MB4XDTA5MDMyNDA3MDk1NVoXDTEwMDMyNDA3MDk1 +NVowUTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xFTATBgNVBAMTDENlcnQgQ2hhaW4gOTCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEA4cgyQl+oU7Mio1iafB7+MxJkXD5FGFsjrHlDRddk +b3zko5Vc+eHEsWNDnH4Qgap/3rW3haa1YDklIkhkxVQabrEikPOMF4XCvhyBqqZ7 +FLR6E7KUckLvd8wwpMhcgLJHLvfbU+quY1oZIDAr8dCjDg1MwMl+m7UL21Fq5w50 +ae8CAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v +MTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQADgYEA2ZOEaVKNWn7EtwRU +oEcyBMe+e5Qb+bbFiIShtCJPOyiuKZDx5CXwueag3Q4MFals5Ir6oEKn+U63C1PB +q8ung0wLA/BklXVfCdwsohnWUejkhn9QYGkBZKX9DLsOoMtjnLUsImP2pOKxm2Kl +jMflo5PYGGrylbZTao2+sM766XE= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/37.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/37.pem new file mode 100644 index 0000000..12a7b64 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/37.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 55 (0x37) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 9 + Validity + Not Before: Mar 24 07:09:56 2009 GMT + Not After : Mar 24 07:09:56 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain 10 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:da:7a:ea:e9:4d:f1:46:ae:bd:f9:0c:81:de:fd: + f4:cf:13:fc:74:54:1b:f7:fb:d3:b0:f6:ae:32:fe: + 17:0d:df:91:e2:77:c7:b7:64:8b:53:48:b2:50:c6: + 10:d3:4d:c2:c2:9e:53:d1:af:3b:fe:d0:c3:64:bf: + 95:48:a3:5e:85:29:f7:c3:19:4c:54:09:7a:42:81: + bc:b9:f0:63:eb:0a:90:3c:9d:fa:25:b8:ee:80:50: + c1:b9:c2:8d:28:eb:a4:1b:88:b5:2f:0c:30:04:8c: + 97:a8:a9:9a:27:7c:5a:79:03:49:fc:ec:81:39:61: + 1c:52:9b:97:9a:f0:54:db:2f + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 81:7f:37:9d:a6:8f:7d:f1:03:b0:78:a3:44:7e:c1:31:27:f0: + 73:51:eb:55:76:3f:1b:a5:59:0f:5b:ab:2f:ff:72:9d:8a:46: + af:30:a4:c1:6a:25:1c:04:b9:22:14:b8:39:52:f1:4f:f0:24: + eb:f0:5f:62:79:24:c2:ec:84:92:87:5d:9c:05:87:e8:b1:71: + a7:30:fc:03:2d:9f:c5:3b:7c:58:7e:7a:86:75:50:ad:14:5e: + f9:69:c4:49:1e:58:33:da:5f:eb:bc:c5:ac:10:2a:dd:3c:87: + 1c:0f:aa:37:93:c0:68:4c:3d:b4:0c:30:78:63:af:8a:f4:80: + e8:8e +-----BEGIN CERTIFICATE----- +MIICUTCCAbqgAwIBAgIBNzANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEVMBMG +A1UEAxMMQ2VydCBDaGFpbiA5MB4XDTA5MDMyNDA3MDk1NloXDTEwMDMyNDA3MDk1 +NlowUjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xFjAUBgNVBAMTDUNlcnQgQ2hhaW4gMTAwgZ8wDQYJKoZI +hvcNAQEBBQADgY0AMIGJAoGBANp66ulN8UauvfkMgd799M8T/HRUG/f707D2rjL+ +Fw3fkeJ3x7dki1NIslDGENNNwsKeU9GvO/7Qw2S/lUijXoUp98MZTFQJekKBvLnw +Y+sKkDyd+iW47oBQwbnCjSjrpBuItS8MMASMl6ipmid8WnkDSfzsgTlhHFKbl5rw +VNsvAgMBAAGjODA2MDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDov +LzEyNy4wLjAuMTo4OS8wMDAyMA0GCSqGSIb3DQEBBQUAA4GBAIF/N52mj33xA7B4 +o0R+wTEn8HNR61V2PxulWQ9bqy//cp2KRq8wpMFqJRwEuSIUuDlS8U/wJOvwX2J5 +JMLshJKHXZwFh+ixcacw/AMtn8U7fFh+eoZ1UK0UXvlpxEkeWDPaX+u8xawQKt08 +hxwPqjeTwGhMPbQMMHhjr4r0gOiO +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/38.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/38.pem new file mode 100644 index 0000000..06691f5 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/38.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 56 (0x38) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 1 + Validity + Not Before: Mar 24 07:21:45 2009 GMT + Not After : Mar 24 07:21:45 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 2 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:d3:39:a7:a4:19:61:28:35:4f:f0:9b:f0:b8:8d: + 55:e9:da:4d:35:9e:3d:6c:c0:30:b1:8b:c0:50:a4: + 08:6a:d6:e3:fa:f3:f1:cb:9f:14:2e:b6:cb:d2:17: + 3d:bd:8b:31:8e:c8:95:13:f0:fc:03:42:30:02:98: + 6c:ee:2a:e9:c1:2a:9f:79:e0:09:35:a7:6e:bd:70: + 62:ae:09:53:54:a9:62:36:23:b7:15:98:01:c6:c5: + 52:47:a1:8c:c1:de:7c:4d:86:38:d0:12:24:57:76: + 99:ba:1f:23:62:20:a5:79:12:a2:9a:90:b8:aa:50: + 96:59:16:ed:29:74:9d:67:53 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 29:8e:68:80:e0:f2:ce:29:e5:70:95:67:0d:51:4a:a8:a0:9c: + 9f:4f:2f:3a:83:40:67:6e:01:cb:21:bf:4a:a7:16:3d:df:f8: + 2b:ca:6d:86:92:cc:46:99:99:b5:11:09:4d:25:c7:15:5f:64: + 66:1a:18:69:ce:37:86:96:ab:e6:2e:3d:63:a3:cf:14:91:3b: + 19:fc:79:a7:37:60:eb:51:12:3f:4d:3b:07:6c:0e:ae:69:2c: + 07:4d:6a:ca:5d:97:e5:f0:24:96:7e:fa:f3:83:ec:53:7a:b1: + 53:cb:42:c5:15:b0:04:9f:36:5c:d0:d5:92:49:38:e5:a5:ef: + 91:d2 +-----BEGIN CERTIFICATE----- +MIICXjCCAcegAwIBAgIBODANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG +A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgMTAeFw0wOTAzMjQwNzIxNDVaFw0xMDAz +MjQwNzIxNDVaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw +FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ +QSAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTOaekGWEoNU/wm/C4jVXp +2k01nj1swDCxi8BQpAhq1uP68/HLnxQutsvSFz29izGOyJUT8PwDQjACmGzuKunB +Kp954Ak1p269cGKuCVNUqWI2I7cVmAHGxVJHoYzB3nxNhjjQEiRXdpm6HyNiIKV5 +EqKakLiqUJZZFu0pdJ1nUwIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB +BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB +gQApjmiA4PLOKeVwlWcNUUqooJyfTy86g0BnbgHLIb9KpxY93/grym2GksxGmZm1 +EQlNJccVX2RmGhhpzjeGlqvmLj1jo88UkTsZ/HmnN2DrURI/TTsHbA6uaSwHTWrK +XZfl8CSWfvrzg+xTerFTy0LFFbAEnzZc0NWSSTjlpe+R0g== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/39.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/39.pem new file mode 100644 index 0000000..f37e1a2 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/39.pem @@ -0,0 +1,62 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 57 (0x39) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 2 + Validity + Not Before: Mar 24 07:21:47 2009 GMT + Not After : Mar 24 07:21:47 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 3 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:a3:84:57:22:7a:bf:2f:ec:a6:d3:c6:f2:e1:14: + 92:8e:9d:b1:5a:f2:6f:99:9f:53:08:d1:f9:ef:00: + da:a7:2d:c3:64:6f:31:df:4c:49:20:06:88:92:d7: + c6:ff:0c:99:49:d0:c5:57:bb:ea:87:4d:06:ac:68: + 35:6a:3e:23:6c:dd:2f:4e:7c:fc:9c:e6:d0:1d:65: + e4:87:79:7e:d9:c0:1e:cd:7b:f5:81:bf:79:8a:d8: + 6e:94:22:f1:79:a6:dc:52:ea:ed:e6:f7:86:31:5d: + b7:39:fc:cd:73:ed:0d:1f:f2:ca:79:ba:25:1e:f4: + b9:6c:bc:28:08:a9:46:aa:1d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 05:E8:B5:E4:89:7E:CD:72:28:E1:08:B5:B2:9F:8E:A2:13:2B:2C:A7 + X509v3 Authority Key Identifier: + DirName:/C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Cert Chain No AIA 1 + serial:38 + + Signature Algorithm: sha1WithRSAEncryption + 36:e5:af:2d:c4:bd:c1:16:27:74:f0:0a:a5:12:4c:da:d6:e2: + 60:98:ee:3d:7a:d1:55:a0:ed:57:fd:6b:9b:fc:19:4b:f3:b2: + 41:19:a7:6c:f7:15:63:68:18:09:6d:db:23:f9:e1:2a:d6:75: + e5:18:46:2b:82:57:4e:1a:f8:03:fa:3d:7c:aa:70:8e:17:25: + c6:b2:ab:ca:94:90:fd:2a:69:53:f5:11:81:68:06:f8:2d:5d: + 92:39:b4:96:f0:d0:b5:03:c2:15:26:f4:e9:c0:9a:28:39:dd: + 67:ea:a6:9f:27:44:69:2e:95:e0:a1:03:f6:3c:a1:f7:92:f4: + a2:b8 +-----BEGIN CERTIFICATE----- +MIIC7jCCAlegAwIBAgIBOTANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG +A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgMjAeFw0wOTAzMjQwNzIxNDdaFw0xMDAz +MjQwNzIxNDdaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw +FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ +QSAzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjhFcier8v7KbTxvLhFJKO +nbFa8m+Zn1MI0fnvANqnLcNkbzHfTEkgBoiS18b/DJlJ0MVXu+qHTQasaDVqPiNs +3S9OfPyc5tAdZeSHeX7ZwB7Ne/WBv3mK2G6UIvF5ptxS6u3m94YxXbc5/M1z7Q0f +8sp5uiUe9LlsvCgIqUaqHQIDAQABo4HHMIHEMAkGA1UdEwQCMAAwLAYJYIZIAYb4 +QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQF +6LXkiX7NcijhCLWyn46iEysspzBqBgNVHSMEYzBhoVykWjBYMQswCQYDVQQGEwJL +UjETMBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEc +MBoGA1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgMYIBODANBgkqhkiG9w0BAQUFAAOB +gQA25a8txL3BFid08AqlEkza1uJgmO49etFVoO1X/Wub/BlL87JBGads9xVjaBgJ +bdsj+eEq1nXlGEYrgldOGvgD+j18qnCOFyXGsqvKlJD9KmlT9RGBaAb4LV2SObSW +8NC1A8IVJvTpwJooOd1n6qafJ0RpLpXgoQP2PKH3kvSiuA== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/3A.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/3A.pem new file mode 100644 index 0000000..a08d32c --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/3A.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 58 (0x3a) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 3 + Validity + Not Before: Mar 24 07:21:48 2009 GMT + Not After : Mar 24 07:21:48 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 4 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:cb:8d:d0:6f:74:f7:2a:96:47:5a:f9:e3:d5:72: + 3a:81:94:c7:0f:e2:a2:9b:11:4e:92:15:61:dc:3f: + b8:fd:9f:b8:ae:18:54:25:ca:e0:1a:8f:49:f7:e1: + 81:64:76:47:5a:b4:bc:9d:11:09:6d:c7:71:03:cd: + 38:ab:85:5f:69:5a:ed:6b:aa:32:a7:85:b4:75:9a: + aa:dc:ec:ee:9d:4e:03:51:e3:8e:a6:89:82:e3:26: + 13:42:99:87:04:5f:59:58:43:89:32:ed:da:34:e9: + b2:ca:33:af:29:eb:20:0b:e7:4a:10:0c:3f:00:94: + 75:36:c5:f8:4d:4b:a4:88:95 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 6f:51:b6:28:15:d9:aa:56:70:0d:2a:f0:52:8b:c4:53:47:68: + 78:fe:fe:89:c2:3b:87:23:40:87:04:02:67:74:4d:3c:cc:39: + 48:30:f6:9c:12:74:be:48:26:5a:7c:a1:bf:d0:fa:19:89:63: + 66:fe:44:2d:f5:e5:e8:9f:57:c5:20:fe:f0:10:2f:f0:6d:16: + ef:a0:2b:db:95:05:72:cb:63:e4:2b:28:38:8f:aa:b9:51:f2: + 88:19:0e:c1:c8:e7:0d:66:b8:13:f2:13:2d:ee:f0:dd:98:56: + 04:af:c6:c8:81:07:ce:44:f5:23:7b:a4:72:32:4d:43:a9:61: + 72:d6 +-----BEGIN CERTIFICATE----- +MIICXjCCAcegAwIBAgIBOjANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG +A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgMzAeFw0wOTAzMjQwNzIxNDhaFw0xMDAz +MjQwNzIxNDhaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw +FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ +QSA0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLjdBvdPcqlkda+ePVcjqB +lMcP4qKbEU6SFWHcP7j9n7iuGFQlyuAaj0n34YFkdkdatLydEQltx3EDzTirhV9p +Wu1rqjKnhbR1mqrc7O6dTgNR446miYLjJhNCmYcEX1lYQ4ky7do06bLKM68p6yAL +50oQDD8AlHU2xfhNS6SIlQIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB +BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB +gQBvUbYoFdmqVnANKvBSi8RTR2h4/v6JwjuHI0CHBAJndE08zDlIMPacEnS+SCZa +fKG/0PoZiWNm/kQt9eXon1fFIP7wEC/wbRbvoCvblQVyy2PkKyg4j6q5UfKIGQ7B +yOcNZrgT8hMt7vDdmFYEr8bIgQfORPUje6RyMk1DqWFy1g== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/3B.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/3B.pem new file mode 100644 index 0000000..d0cedf9 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/3B.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 59 (0x3b) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 4 + Validity + Not Before: Mar 24 07:21:49 2009 GMT + Not After : Mar 24 07:21:49 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 5 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:db:0c:70:a3:4b:8d:12:fa:47:5f:5f:3a:41:91: + 18:7a:9b:e3:af:99:56:70:96:71:7d:d0:7c:ee:d9: + d2:3a:90:cb:42:c8:eb:06:a5:81:24:a3:d0:9e:d0: + 33:04:88:50:a4:e2:32:37:1a:b8:a4:3f:77:56:b4: + 3f:a9:cc:27:7e:c9:c9:89:1e:ca:64:b6:4e:e6:fc: + fa:17:ce:3b:94:7f:b2:14:6f:40:ad:78:75:f3:09: + be:62:0d:be:af:40:61:dc:16:4b:94:4c:8b:16:ce: + 79:5f:97:59:56:19:8a:23:ea:21:7c:3d:02:53:09: + 32:17:b6:27:ee:6e:31:1e:4d + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 86:d9:2f:aa:12:1f:31:35:60:68:49:8c:4e:75:b3:5e:8f:f2: + 81:69:79:7f:92:ca:32:ca:cf:a3:45:d0:8a:2c:d6:8b:9a:e6: + a8:3d:19:66:ee:3b:03:25:4b:ed:56:c2:49:09:99:98:b3:9f: + 13:11:ee:b5:ad:00:b8:36:31:6e:91:f6:fd:f3:95:7e:90:b9: + 0b:26:ab:06:72:cf:57:33:3c:88:4e:aa:c4:bb:89:a5:60:95: + 11:b5:e6:eb:1f:8f:fb:b0:f0:c5:78:be:6a:7f:39:29:e4:5b: + 7b:28:16:d2:b6:bf:38:af:25:de:7b:22:23:d3:23:ca:03:0d: + c6:08 +-----BEGIN CERTIFICATE----- +MIICXjCCAcegAwIBAgIBOzANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG +A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgNDAeFw0wOTAzMjQwNzIxNDlaFw0xMDAz +MjQwNzIxNDlaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw +FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ +QSA1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbDHCjS40S+kdfXzpBkRh6 +m+OvmVZwlnF90Hzu2dI6kMtCyOsGpYEko9Ce0DMEiFCk4jI3GrikP3dWtD+pzCd+ +ycmJHspktk7m/PoXzjuUf7IUb0CteHXzCb5iDb6vQGHcFkuUTIsWznlfl1lWGYoj +6iF8PQJTCTIXtifubjEeTQIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB +BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB +gQCG2S+qEh8xNWBoSYxOdbNej/KBaXl/ksoyys+jRdCKLNaLmuaoPRlm7jsDJUvt +VsJJCZmYs58TEe61rQC4NjFukfb985V+kLkLJqsGcs9XMzyITqrEu4mlYJURtebr +H4/7sPDFeL5qfzkp5Ft7KBbStr84ryXeeyIj0yPKAw3GCA== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/3C.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/3C.pem new file mode 100644 index 0000000..6e0a696 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/3C.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 60 (0x3c) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 5 + Validity + Not Before: Mar 24 07:21:50 2009 GMT + Not After : Mar 24 07:21:50 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 6 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:96:4e:86:e9:ca:b8:83:48:47:72:fa:ad:01:a8: + 26:c0:c6:09:10:ef:37:e0:62:e6:6b:e1:97:9d:15: + c2:e5:88:fa:ee:50:81:ff:eb:fb:48:80:6f:db:41: + b7:51:58:64:eb:8d:b7:2f:03:1a:0b:36:db:53:1d: + 19:7c:49:f9:76:0c:39:36:f3:4f:e9:f6:c7:90:5f: + 02:dd:dc:e7:51:c2:44:cc:9f:87:4c:13:d4:e5:91: + 1c:4a:ed:33:a2:80:76:c8:56:7e:fc:c9:73:2b:78: + d9:7e:a3:b2:23:cd:69:ca:a1:a7:8c:e3:8c:97:3e: + 71:ac:c8:04:56:bd:97:cd:d1 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 6f:e5:2b:c2:3c:65:22:24:f1:1c:a4:c4:c1:35:73:40:a0:8a: + f0:13:06:c7:46:19:83:51:e0:c6:9f:d8:49:93:59:41:3f:71: + 2d:31:67:55:98:49:42:aa:07:42:81:b5:4f:29:11:36:3f:23: + 47:75:75:89:18:95:a4:ea:af:9f:4f:b2:0e:0b:21:4e:74:4f: + 2c:18:74:c9:05:21:55:e7:e7:b2:85:9a:4f:70:ce:d1:89:1d: + 9e:f8:02:30:d0:60:c5:2a:78:87:67:9e:04:3e:8a:7b:f9:df: + 0b:4e:41:3a:81:fa:35:fa:d7:77:5f:7c:1f:cc:59:da:94:9b: + 94:55 +-----BEGIN CERTIFICATE----- +MIICXjCCAcegAwIBAgIBPDANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG +A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgNTAeFw0wOTAzMjQwNzIxNTBaFw0xMDAz +MjQwNzIxNTBaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw +FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ +QSA2MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWTobpyriDSEdy+q0BqCbA +xgkQ7zfgYuZr4ZedFcLliPruUIH/6/tIgG/bQbdRWGTrjbcvAxoLNttTHRl8Sfl2 +DDk280/p9seQXwLd3OdRwkTMn4dME9TlkRxK7TOigHbIVn78yXMreNl+o7IjzWnK +oaeM44yXPnGsyARWvZfN0QIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB +BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB +gQBv5SvCPGUiJPEcpMTBNXNAoIrwEwbHRhmDUeDGn9hJk1lBP3EtMWdVmElCqgdC +gbVPKRE2PyNHdXWJGJWk6q+fT7IOCyFOdE8sGHTJBSFV5+eyhZpPcM7RiR2e+AIw +0GDFKniHZ54EPop7+d8LTkE6gfo1+td3X3wfzFnalJuUVQ== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/3D.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/3D.pem new file mode 100644 index 0000000..87fdfab --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/3D.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 61 (0x3d) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 6 + Validity + Not Before: Mar 24 07:21:51 2009 GMT + Not After : Mar 24 07:21:51 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 7 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b4:5b:fe:48:10:2b:eb:58:af:c6:0e:57:2a:a5: + 5c:cc:57:85:44:f2:d9:d1:43:84:d3:40:8b:f7:7a: + e0:e8:b1:9d:e8:f4:b1:45:c6:67:14:9b:a5:a8:e2: + 8f:cb:31:a6:db:61:90:0d:aa:0a:9e:26:dc:4b:0b: + 33:a2:7c:07:72:91:ee:6a:ec:77:34:f4:7e:a5:0e: + 39:13:a8:d5:86:86:12:5b:a4:8b:38:91:57:24:8d: + a9:3b:f8:f1:a6:48:89:20:a9:5b:b3:fe:ca:56:f0: + ca:d1:ec:99:9c:57:6a:df:8e:23:a1:7e:be:5f:7c: + cf:a9:db:3f:b8:dc:a1:9a:39 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 1d:2e:83:cb:9e:92:3e:d2:0a:fb:74:87:66:3d:57:84:09:11: + 4a:2a:68:0e:da:9e:4d:7b:25:af:56:fa:3c:d5:4c:02:fe:43: + dd:c3:66:c9:5d:55:50:40:15:8f:06:74:13:83:27:c5:19:7e: + 55:f3:fa:26:ec:3e:c0:1a:5d:20:ee:09:af:38:83:f8:0e:da: + bf:07:87:07:a5:70:79:21:2c:38:5b:e0:f8:d1:57:0f:9b:d1: + ee:a3:86:02:b5:e0:5b:64:08:5f:64:8b:43:65:ac:60:8a:c9: + 6f:47:37:66:61:c1:74:b0:74:0a:24:12:36:c1:28:58:b6:04: + 9b:4c +-----BEGIN CERTIFICATE----- +MIICXjCCAcegAwIBAgIBPTANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG +A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgNjAeFw0wOTAzMjQwNzIxNTFaFw0xMDAz +MjQwNzIxNTFaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw +FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ +QSA3MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0W/5IECvrWK/GDlcqpVzM +V4VE8tnRQ4TTQIv3euDosZ3o9LFFxmcUm6Wo4o/LMabbYZANqgqeJtxLCzOifAdy +ke5q7Hc09H6lDjkTqNWGhhJbpIs4kVckjak7+PGmSIkgqVuz/spW8MrR7JmcV2rf +jiOhfr5ffM+p2z+43KGaOQIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB +BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB +gQAdLoPLnpI+0gr7dIdmPVeECRFKKmgO2p5NeyWvVvo81UwC/kPdw2bJXVVQQBWP +BnQTgyfFGX5V8/om7D7AGl0g7gmvOIP4Dtq/B4cHpXB5ISw4W+D40VcPm9Huo4YC +teBbZAhfZItDZaxgislvRzdmYcF0sHQKJBI2wShYtgSbTA== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/3E.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/3E.pem new file mode 100644 index 0000000..397c8cc --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/3E.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 62 (0x3e) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 7 + Validity + Not Before: Mar 24 07:21:52 2009 GMT + Not After : Mar 24 07:21:52 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 8 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:bc:76:6c:d1:65:bb:c3:98:fa:4d:19:34:a6:43: + 8a:c1:1d:ff:04:4c:f9:c9:bf:c5:d9:4c:08:94:a2: + 4c:55:31:09:68:3a:35:61:c6:2e:7d:6a:7a:87:88: + ba:21:4c:5e:5e:28:d9:d3:fd:01:bc:4e:e2:55:a8: + d7:d5:a0:72:d1:b5:fb:6f:f8:ca:7a:f7:e6:89:b0: + 3e:c9:83:e5:fd:8d:a9:fc:0a:fd:a0:dd:a2:33:17: + 4e:a0:0e:37:22:b2:ef:27:e4:67:d5:58:80:8b:16: + a1:a2:56:c3:73:69:7d:ee:47:d9:af:4d:19:7e:9f: + 2b:08:ad:4b:51:07:40:99:f1 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 40:8d:52:73:c3:85:6b:6c:4f:54:51:06:eb:d8:cd:40:5d:3d: + 89:c2:06:4d:c6:70:5e:cc:64:40:3f:bb:3e:d4:52:b0:8d:57: + 77:f3:1f:63:89:b3:21:b0:72:c6:ef:97:77:06:90:6f:fd:e8: + c3:d4:d6:13:f7:18:a8:eb:1e:87:b8:98:20:4a:0b:58:74:81: + 59:eb:6e:50:f3:68:b2:e2:8c:a2:4b:92:c5:fa:e1:4f:43:ae: + 51:ca:a6:c7:2c:40:16:2f:24:d3:a2:91:d5:45:7d:a7:3c:6e: + 65:74:a7:b0:a6:a0:07:d7:1d:3a:2e:51:6e:de:7f:e6:5b:73: + e2:7d +-----BEGIN CERTIFICATE----- +MIICXjCCAcegAwIBAgIBPjANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG +A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgNzAeFw0wOTAzMjQwNzIxNTJaFw0xMDAz +MjQwNzIxNTJaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw +FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ +QSA4MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8dmzRZbvDmPpNGTSmQ4rB +Hf8ETPnJv8XZTAiUokxVMQloOjVhxi59anqHiLohTF5eKNnT/QG8TuJVqNfVoHLR +tftv+Mp69+aJsD7Jg+X9jan8Cv2g3aIzF06gDjcisu8n5GfVWICLFqGiVsNzaX3u +R9mvTRl+nysIrUtRB0CZ8QIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB +BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB +gQBAjVJzw4VrbE9UUQbr2M1AXT2JwgZNxnBezGRAP7s+1FKwjVd38x9jibMhsHLG +75d3BpBv/ejD1NYT9xio6x6HuJggSgtYdIFZ625Q82iy4oyiS5LF+uFPQ65RyqbH +LEAWLyTTopHVRX2nPG5ldKewpqAH1x06LlFu3n/mW3PifQ== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/3F.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/3F.pem new file mode 100644 index 0000000..3259a5b --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/3F.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 63 (0x3f) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 8 + Validity + Not Before: Mar 24 07:21:52 2009 GMT + Not After : Mar 24 07:21:52 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 9 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:a8:70:69:1c:f1:48:a4:71:a5:2b:d0:d8:f1:00: + 1f:ca:2a:17:d0:3f:4f:1f:43:a0:04:52:3e:28:73: + 3b:20:03:96:47:99:19:dc:95:35:41:af:03:4e:08: + 01:c1:d5:08:65:4c:75:9f:29:73:d3:ab:b3:f5:9c: + e7:e0:73:a8:4e:be:fd:86:67:f7:f4:20:42:76:39: + 85:94:91:b8:6c:74:00:c8:c8:8b:d1:24:38:92:dd: + 74:76:e8:ca:69:f6:96:aa:29:1b:32:4e:d7:65:4d: + dc:87:4c:ff:60:dc:44:a5:06:60:2a:2f:48:e6:a0: + 9c:93:eb:24:ff:74:a5:d0:13 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 8f:6f:4d:2a:68:f1:d5:08:43:43:3f:5a:53:d8:fe:71:93:e8: + 08:e5:a3:4f:dc:b2:9b:20:89:7c:dd:b0:57:7f:f7:1f:45:09: + 78:c0:ba:99:0e:ab:fe:a5:1c:de:37:f6:dd:9a:b2:f1:9f:f0: + 15:19:4b:6c:32:dc:5f:8e:af:4f:3f:fe:a3:67:ae:78:ba:af: + cd:41:fd:c9:31:ca:ce:7e:82:2e:c6:40:4d:94:b9:cd:fa:d5: + a1:b3:b6:10:47:2d:75:f1:37:3f:e9:62:81:a3:ff:7f:72:04: + f7:26:6d:d4:c0:22:38:a1:6c:64:10:66:fe:0d:95:e7:2e:64: + c8:d5 +-----BEGIN CERTIFICATE----- +MIICXjCCAcegAwIBAgIBPzANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG +A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgODAeFw0wOTAzMjQwNzIxNTJaFw0xMDAz +MjQwNzIxNTJaMFgxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw +FAYDVQQKEw1TYW1zdW5nIEVsZWMuMRwwGgYDVQQDExNDZXJ0IENoYWluIE5vIEFJ +QSA5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCocGkc8UikcaUr0NjxAB/K +KhfQP08fQ6AEUj4oczsgA5ZHmRnclTVBrwNOCAHB1QhlTHWfKXPTq7P1nOfgc6hO +vv2GZ/f0IEJ2OYWUkbhsdADIyIvRJDiS3XR26Mpp9paqKRsyTtdlTdyHTP9g3ESl +BmAqL0jmoJyT6yT/dKXQEwIDAQABozgwNjA0BggrBgEFBQcBAQQoMCYwJAYIKwYB +BQUHMAGGGGh0dHA6Ly8xMjcuMC4wLjE6ODkvMDAwMjANBgkqhkiG9w0BAQUFAAOB +gQCPb00qaPHVCENDP1pT2P5xk+gI5aNP3LKbIIl83bBXf/cfRQl4wLqZDqv+pRze +N/bdmrLxn/AVGUtsMtxfjq9PP/6jZ654uq/NQf3JMcrOfoIuxkBNlLnN+tWhs7YQ +Ry118Tc/6WKBo/9/cgT3Jm3UwCI4oWxkEGb+DZXnLmTI1Q== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/40.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/40.pem new file mode 100644 index 0000000..1696eaf --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/newcerts/40.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 64 (0x40) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 9 + Validity + Not Before: Mar 24 07:21:53 2009 GMT + Not After : Mar 24 07:21:53 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Cert Chain No AIA 10 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:df:07:2f:ee:54:76:49:52:9f:16:7a:0a:39:2f: + 44:6d:17:67:ca:6a:0c:d7:42:c2:45:60:f9:b7:a2: + e2:ea:2f:53:14:69:02:57:06:7e:44:b6:c7:6b:9f: + 41:b8:1c:2a:17:6b:38:a5:89:c0:ec:e2:4c:c0:59: + 97:6c:8d:17:cf:e5:86:3d:3b:b1:69:90:80:fe:84: + 7b:37:4e:b9:1d:5e:98:fc:46:38:c7:f1:26:24:7d: + 7a:fc:fa:d7:51:59:d1:ba:5f:07:85:9e:43:df:fd: + 6e:5f:35:c8:a4:fe:24:a2:5e:8a:bb:01:b5:5d:c5: + cb:0e:40:f5:e9:4c:0b:00:43 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:89/0002 + + Signature Algorithm: sha1WithRSAEncryption + 6f:3d:1c:f3:6a:7d:23:49:43:c3:dd:41:43:81:42:f4:60:bf: + 87:d4:5f:83:96:1c:6a:c3:06:28:e5:76:fb:5c:17:fc:60:1c: + 04:07:03:99:92:d4:01:ac:97:81:0c:2a:7c:67:18:88:60:88: + dc:a9:35:c1:89:75:d8:0b:0a:c3:ff:43:4a:5a:93:3a:d3:67: + b2:ce:8d:8a:8c:19:b5:23:b5:ed:b9:df:26:52:70:09:41:4e: + 68:1a:54:08:74:c8:ff:bf:03:70:f1:9b:ef:65:2e:e2:23:74: + 12:77:c4:25:de:fe:58:a9:a9:fa:d2:fb:4b:40:70:24:31:2b: + bc:64 +-----BEGIN CERTIFICATE----- +MIICXzCCAcigAwIBAgIBQDANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzEWMBQGA1UEChMNU2Ftc3VuZyBFbGVjLjEcMBoG +A1UEAxMTQ2VydCBDaGFpbiBObyBBSUEgOTAeFw0wOTAzMjQwNzIxNTNaFw0xMDAz +MjQwNzIxNTNaMFkxCzAJBgNVBAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMRYw +FAYDVQQKEw1TYW1zdW5nIEVsZWMuMR0wGwYDVQQDExRDZXJ0IENoYWluIE5vIEFJ +QSAxMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3wcv7lR2SVKfFnoKOS9E +bRdnymoM10LCRWD5t6Li6i9TFGkCVwZ+RLbHa59BuBwqF2s4pYnA7OJMwFmXbI0X +z+WGPTuxaZCA/oR7N065HV6Y/EY4x/EmJH16/PrXUVnRul8HhZ5D3/1uXzXIpP4k +ol6KuwG1XcXLDkD16UwLAEMCAwEAAaM4MDYwNAYIKwYBBQUHAQEEKDAmMCQGCCsG +AQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjg5LzAwMDIwDQYJKoZIhvcNAQEFBQAD +gYEAbz0c82p9I0lDw91BQ4FC9GC/h9Rfg5YcasMGKOV2+1wX/GAcBAcDmZLUAayX +gQwqfGcYiGCI3Kk1wYl12AsKw/9DSlqTOtNnss6NiowZtSO17bnfJlJwCUFOaBpU +CHTI/78DcPGb72Uu4iN0EnfEJd7+WKmp+tL7S0BwJDErvGQ= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain1.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain1.pem new file mode 100644 index 0000000..e152d65 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain1.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDHtcvaTeUMUcVz+dHjdBtbrGkyFTG8b0rzOtvri2AaBfwHDRyh +/PcgLmWVGGHy7jh+jekP+6HnU01q/sSzObtv+RSxrxMlDPOyDOhj34jbVU3SlWGt +R/3lBP1s78vaz04a4ZgP3X4BMBXEFenNuvb4gUs1FS6RBWTThsWeDa1eaQIDAQAB +AoGBAITKrA6vRsLnSGyyS057cImHXbdQgm6ybdrHY13+odsL6aXioQxRAR1j3GXD +/bUjk2sK/1KCVghTyqF/X9lwZOGFOM5XsyptHxF/afgBljGzZwW21GBG4hSfSOjm ++yL2Xhlejol1GbC3D9jLksxrfcKuVFkXbBJVYp1dQ+9wBWvRAkEA8AwIpeMYz4/B +W83f2FnK81ETeO8DKldFQADlgv4q3F/un2oSCxBglyyq0i7JjdK2/kgxHN62zsxZ +LeDZUr1z5QJBANT7gO03J8jODO8wqqaS63T/0vxoMHrAF/l/NC0Fpk5AZutDvsn9 +yWLy0PNwJlLzKo8XBCjIY9wVxiwS9/Ic4DUCQFWUpLyns1/Eq7YUNvsGQFHxFNUn +uWQuCvVfnHPQM+2vkf5prZceNqGO/jPDFH6ooi8UA9Z8HIar2ht+L1zNSHUCQQDI +Ifk5bv2sfKq8zH9e/WnRzF7nHcSIZB9jLDvMHqXynCPZ6RPL3PWzTDY6uuTYR3Vz +dg5LgFoNwkwwuDZTRP0NAkAUHcJbjs2ey95utZ/to9Cl+ztaJWoa83dSQCx978l0 +a9O/kVYympJTHCnL8mU9QqePQvJjtgBY4ypcsaJ2luFV +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain10.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain10.pem new file mode 100644 index 0000000..0cb0874 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain10.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQDaeurpTfFGrr35DIHe/fTPE/x0VBv3+9Ow9q4y/hcN35Hid8e3 +ZItTSLJQxhDTTcLCnlPRrzv+0MNkv5VIo16FKffDGUxUCXpCgby58GPrCpA8nfol +uO6AUMG5wo0o66QbiLUvDDAEjJeoqZonfFp5A0n87IE5YRxSm5ea8FTbLwIDAQAB +AoGBALyImbKeifi+zjzeKCwv5lPUIWSZOFF0xKbPGF/0mBxms1NEndmKMBi8gPPn +F5ngXpLnYdluaE1qBVMpaD94ixSyDPpma813+TpeuTiyBsTDEWuBmRFkqNLP/G4d +r6t5QI70416sfeMoDHwLygrFAGhQ+Kd1E7PtuSP+zcEWhK2BAkEA+FPGot/RW5Nv +geG7v5FlU2Qu/uJHbR4f7yVbHopYh94ulJM3EyLvqbzNguS9RztcdQxt18IBoRLu +Q1a5bdhrIQJBAOE7DnRG/n5AQpmAMObQaMp9sXafVly3KltLiEkJEImGdgg2H43y +tf+1mfBoFpGF7tI574bprFT+p/IpG4D+TE8CQFWhVeK+OUxRx+bKt1o0wfMCne4I +i0bGV464m/YpEKQxanCTXy97IZevYlKbm+VfQ9+c3JfE75jilUSlOCX3teECQQDb +l1CIXY9SWCSWtDz5TMheZB3ZoY/55TsOt52wV34gF1CMwPgS1UhMfyoPEeyvBP3L +SWEXEExMsdvcZefC5CxRAkEArkFcrJ8KTJii0neLhFi1UkuKdoGxeVx9TGikV/fr +wXVLTrG/SyVKjWH+qMyN4B1i23MQsdBtnL6e1+q4tXcwTQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain2.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain2.pem new file mode 100644 index 0000000..898f118 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain2.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQDbXqarYPOF9g0HF4yuUngTdSGM00og0Q2K4jSV/9IxKedi6azO +Xqbd96A485ayJAa2yMYGV7rw8GkIesG/h8sGK3r8gSY2gUYEm5kfHw42Ba998lf7 +Jh2lo1uvcB1vVSvW3zvdS1EeF6aJlF4WnAj92VwerXnxW0LCN1lz2eW1ZQIDAQAB +AoGAfGJmzrXiXwrsyCCqPA222BGKPHdxiLoAm8c3WfX8ELRZ5tPoj/tLUoCd8Kzt +vYR/6hRddCs6bHNkmtJAGYG9s20fU7o6TrFJd/l4qjYVNl9cxKaWoMXN3xmANrFD +3ZiXOotSQrNCqJdllg6AvezCNRL1yDGppWXAL7TM2OGxTAECQQDwYJPFSid+CMR3 +fQTvQBsmdsrUSHaDIENMYHAfq2BqWYIkNRL2PHmhfiQ5yepi1MzQ2clq+2Gbvl8K +zmMkiEcFAkEA6aCMYZkXCM33+lRnBd447qGpj0uYgH+VGmq9WPhugfag/UtdVfsL +H3pBnMcfLctot4dFgFGKaAOpMDRVVZBC4QJABQwCDkJgUeUdOuUFFYDjEQutdoeO +9XHX9+KOeBvBCnqWoOv8We8rHpjnac8zfJ+7LSdlczmT8xEsLa3npvy1gQJAXaBR +oetQJ98jOdcJUni0KC3xXdPV0elPP773Eui8oKjN67SAOyzYUE0WblX+UMPru2Ei +oUIMTZLqAr92U0v1AQJAchSMGsAOQ113Ck4O5AWOkegz9EZFkCs9g1kmNxBmLVtv +11Jw1oMbJG+03OnXyf55zRroTCXqqt8GZUSQrVOg9A== +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain3.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain3.pem new file mode 100644 index 0000000..8deae87 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain3.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDGPcflD8dZKKq2/F7QDZVt34yCQm3vqa1RrHPB4QqhjoBurAo1 +VWE9RDJG2fcDSzGw4qKz+JFL41wdXOBIUVGaBkEa4kxFXMAqhkREzgECVuabS41e +Saf5QBsAk5HWLiSfHwRZ62hR/nS6ErC4fXvClf+mp/3eiqFp+4CFpaZDTwIDAQAB +AoGBAIJPyj7AiIILQWzXqFuLElcPRAW8NRf9qXiuq8kebSaVzcbyQCOe5DSpx4Lb +dIwtuZRU5i73jkscQUjr7GKdUc2NHvCDQzjnk7S5uu8NFiHXqVXDJxHwAZI0svzD +vFilu2E3r9Wj7dZa7l4uSEXLyagdwo0bD2xcrdwnyu5qLTuBAkEA7CUIGOEAK7ly +Xweti+/fnni6cznMmWi1DDeM39GtbxHI3oPa2d7Ddkn5ZWRtFbIepLWi5+k6Xzpz +fkCaA3js9wJBANbo4y/L/QKNhASI70DlKwFiJr+4RmQ1739l2BDHW+8crw+sM3VZ +exVtHHKw6U6wqLMvzaojVZwnEJo05uWQ/mkCQGU7jtgThN45ttUUVoq5/3RRLyT8 +b0CIyax+F+9PVPlbd3AkuGpT/Bk2pyqXPchiPo6/qyGeMz7lsOM70IqSiYsCQGUU +6u6rSpityT98zNPANmcTLFiWqv0tZTWNyH+z1Sj1W93KR/XVHZBpXq0PSt1JOD/3 +pwt0TSsCMMvnQAcQGKkCQCXU5eHdRmhCp9Eei5+fI+XUhBLkqzyrqlK1NVijgXTE +kSXhaQWG9iLDDNgSkO6ofCPOTwcfIteXnc1OjGB/0Jk= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain4.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain4.pem new file mode 100644 index 0000000..7e246a9 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain4.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQC6BTD2ZW/G5FQAcRyFbF5aQmffZuKjab6F2YTAixu9TfLv3wHT +ZTP5ZpoIeeEhbormPNyW8kPpMmidBgbX/PvS2lgWgRnM10Mg9IXBA5s0wGx6oRld +T0GM+3R9TIbIb/nyyNQ4zMBEC8CwDUgrLMafkiEtgN1Lvdrifa31XaelfwIDAQAB +AoGAV3w1iMwwA5RCxWptBXrv7PcqLvEOSdhjmEOyoXNK+n78cD+rdiY0iWjtrGrV +rIl2nc2l2P/bXIMunBrHgTEjpTtQQIr1n8xqCJeyLXaVaCi2rjLYSdvxC+lABoMc +/+pODEWl1VJdEckXg9w8Jr7VY0toc3zeKbsZJuGr2O559xECQQDiYqx/fFhMb6tN ++/LkhLCCgeHbURSW7UABiOocNE2crznHfZcWSD04GLH/UgwhP3RJ6CHcOtmXSD11 +ZQkNugZ9AkEA0lq+2QxhcFDAeJWfeFFZLw8I67xRY6tlZIiOQyWnRFVh6eHPvduU +BfYxBU6FA9G0MAWgGxgZqtOLxqnQIuuQqwJBALlnSJCsHICVH/2hLv66MPjhOEDu +uWcV7MqU/+6TY1DELRTVJWzJQuHzT6uj3W1JU4rHwxtjUxrTvgmr8ms8g90CQCGE +2kJlyaUHCRRt6yJV/BsWjzpZILL8HcT+SYUDm/q0jEyjceHz+ktU5ozM7T8ljEvW +qaOHnJdu7Cf06TiXRs8CQGMP4OjEfVMq+JxG5puFaa8e1fbSjiTP4EsUgRcE1Bzj +UqT7VwOrJZXFTYK7Z9ZyG7z03WpVeucertzdRNNby9A= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain5.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain5.pem new file mode 100644 index 0000000..756db4d --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain5.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQCvZuDBLvl17QsnszrJHZ85IfkU7hyk7sPwJKbHQ935A9BEAeUZ +6XsmZTw9PZq5aSoARg7LIJjGnTd+DJCm17BUK0vzPpsZM6E062Ljubv+zMo62fxx +CmXvMPP0G1Xwi7kS2FAlJaxdY5/RxSHyWgSxKjSgEmAPij6rooflW9ZIvwIDAQAB +AoGAUnAV3nYHhSdeANC6JmAnv6B6Ax5OlC4sJSf0wt7g6vKh5fTGCsGzwb3+7AGS +QOZueSZ0OYAejerCdBnPurrRAlZLifGptbvinAu9lRDpmaF2HUmQa4Dc0c+Y1Roa +pzWnPzMWlBrhmWqmK/DwZNJ+Vusufv3yO8epjsOGCgUVUiECQQDnRPDf0KyJlzC5 +Xc9Dc3/pdn0D6La3IChyLiPo10rg5dBN/mTCnlPxnvauiTQkyPS7j+2n2oUKwcEE +jVuwKf/ZAkEAwiiNEsejDkTLHIwDVkNa14+Glh3s0Ct5ajFv1HslQesKElMnjKVy +ab7YAQBij9Ty24p3K6mdGWY5Nwe02JNGVwJBAK++OfU61AJyu/oBCaHOQWOeQP4Z +d8/NRi8OVQd5o1MoEJVUPimOu2efTwHvDYruktt9UjH94p/8ALt+2DAUmnECQQCw +EyhEdKlJYle0DsFj9Hcob2+FKaQ98H8OL8ETt43FJsqebay7HrsQbNLkrZ20hFCt +ifeisBHZG9wdLK7zjTPHAkEAnGsXnM+YYDlm4OwChrpq0qcuud5uOgx4RuCniEol +mij1xTDGrJGLEBkFhZ+KwOLoaM8m7javKXQejqTeE6E8Fg== +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain6.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain6.pem new file mode 100644 index 0000000..db255f5 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain6.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDOEiDRFGABR6pMZhtMT4cv7K/8EUG92Zh6uOHdWdDAnkDSt4vH +imXqDQw28eZFYdxvCCdi0HgbJnHU/guf6oYbQ8cI1sXrWxHJi4OOpwUNXGzOq3Dg +fQXqBjn5jJRWVjdisxh3veFbU6EHTcfMxkwu76qDGbWs43IrDXJ6CsqBbwIDAQAB +AoGAWzE2iI/ltGtMd6av6eM/xfuOHZRdbXB/w79RZK08biEaOqWzG8ipNRw1DZOa +/ZVDAXewRlBO9mTa9xC9gDU+xsKywipWyRPnv5Yy7qfT+NP/JZCvwlL7qhqtHXzt +KPpJ5GRxcJ+o05CartwA7fCXdv9T/qF02O2nZxCIYOpFRwECQQDqMoXwT37xvE5/ +/efvGAlBQGCj02YdjBxWRwx5iq1HeU5H4tqTKrfUWyI1m3cZFXUzjz0iH/SoK2jL +7IwMwl9BAkEA4UFIcDVADwJMuLPqKuIDB49rXY+BO9mno9hfgcZ4Y/fWZcF+lJtR +Mw8H+PsCkObu603wxiQGWIsyZPorDTZkrwJAU7S7Kqk/NieX5ydZPpvYsvnPkL5+ +QRFTD4NVchue020IDamHdhJOohfwojhu2QhSW5tWvlutlm3thvWFGQpgAQJBAIHz +uMfLYM6H5B025qSgyWCmNCnA7azKr/VNkiP7jV8XD2CbFdzEEj9jr5TLszpHkJS9 +3WdiRyrz+znYPdgchk8CQQCzC1Z/NbGXu7H/OjsMD6SNgpZDmqctdXjn6jKjZr7c +vtyoo2WkJtkREWzWPd+pEDxJCsAuxMCtVifJYLkMCa+w +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain7.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain7.pem new file mode 100644 index 0000000..fdffada --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain7.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQDVwhjz/Ao8Tvcrxv0f1xO7NXRuyl2rCWch0O2n6Jl+eVK4Mj0r +Xxt4DqortucD7PV+tFQ7h9kCHsfmBM8nezbmL46OlPdbxm5RLN4X2gRF6jHQlcRQ +PBaOIcfwDrWGyFhIpg1NoqaMgXpniUNWHMrjaYoIBVe3bQPCBK97Ye6EJwIDAQAB +AoGAb2ARplalcqTmTm4BB20F/94rS2qvgWWF0e3NVlZwW6CVRBoRGx8T7eseKWbE +WZxGkX0eAmKW5G7rUuMgmH6vrC2NjFBNvfMLPK3kVxhQVx3Rwu9nN2/u2olzBcMt +epGj0Yyu7kRHol/ld1+DmoBUOYb6BlOpDyGWdFFa4eW1IhECQQD8s/SXIMXIHBF8 +tUd7rPXm6e96php4M2jaY1ezB5MO7laNivcCioIHihWgEY+BrzuH8moeJbLL1TtJ +KhzysxmPAkEA2IwQYLVOCfKegG7yzgkbrrzwdWNi0i6P2LAl96kFWzf6DcUTuHun +GYGMv1yCMj/jzZ+k0VTMWETgJKRzFZUv6QJBAKlxYQgVCYlsiK0+QHhFOX1kTxfG +WOlQT3ZgNmXtJkZUueSe0ZH6ncXAaU+zdq5WeWxmt5EPZhwXFnGws0hpnzECQQCL +QIbHqc+lVf/XV4GMPQ8wLw/ybRb/UjHuhlfkCy0Gm9iRQkqMN/gcztJTvIl9BtjX +QfIbKwy9No1tAtN+7ZEBAkEA8T3mn9G2pTg/49iBP0TW1fJBsdacWj8ZK1D3egto +JR7qKqVyQTifeJpeATTX/vvuTu0ikbshLotT/UBGy8dBtw== +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain8.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain8.pem new file mode 100644 index 0000000..5982533 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain8.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDk4MTchgCUabHViHLIwlLAVmIO9oCi745o+drZhQFZBF73/CMW +3P8tUgqMgZb6JB1LiWAsJRrrTqYhxR9bh9ZljNfholVnfgF8KITXI1b0+OGcpB90 +/mvAFMz9BXu69rDj9X5GznA5XJNDAfitOKYMcWCeCw2/QmzTniFMVe10cwIDAQAB +AoGALlxlI/I0zds2/XTdI1NRZcpZpIRD/D0gEJ2DugnaAwkCn6LADNKJEcoLfviE +93g3QuS5yVdew4kz16VRO74hLCCjm7M++isvLhljozWAotBVfllQ8g9HcCuG551y +y2vTDbrKUfeNUELBd2DKjYMN4K3gJRzPcjh6eQvZ238fl8ECQQD6cRMUPzdKLwQp +dlTQ5dBeLJ14cn9zoFkBkgoF1JGXtDxhs+5elZQPS+skPoDy+ergjOMN8ixSaQ6T +FJ/X73STAkEA6fUtQ2x/Q+YJcoRr5EEKqtyEPIZEeACAzRdxps1PAI++vafjk3x2 +5v/pTcpAEMSRzjZtlQTqC+fkx2vMANDMoQJAMPx7IeO3meAWbVHDB1Vca39Ike27 +dk9v+XmqUjeg/s53XRkH0CJr4o4UAXPkXyJ5SdDk/K5Y8wmvmx9WoLMq1wJBAMKy +SX/Bq8tKhXQqpUrnocP9DYL8zb/70zRaHTeNxgAWn8pfDDFxs9WbBIG7HUOXAivU ++a64zzknOymGGNhY6uECQE+NCMEicPRY8yNuNX2Ygr0Uxwbb0we55N8GA24Prkrl +crhKfL6y0MdsHAgnIRaGV2+mpehS9TbVlx31AdFrugE= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain9.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain9.pem new file mode 100644 index 0000000..37e2d48 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain9.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDhyDJCX6hTsyKjWJp8Hv4zEmRcPkUYWyOseUNF12RvfOSjlVz5 +4cSxY0OcfhCBqn/etbeFprVgOSUiSGTFVBpusSKQ84wXhcK+HIGqpnsUtHoTspRy +Qu93zDCkyFyAskcu99tT6q5jWhkgMCvx0KMODUzAyX6btQvbUWrnDnRp7wIDAQAB +AoGABu56fIcrR8aMHa+urnjVHQRHiH1w6ZqCsdzXL+G496NB8bO4MwO3YirF/Jvy +LcjqPBAgHj5L+zRF65OFZHl8hjKtKxeRvZcFe2XhUwPCN/HJv6OPUSUSIGMxL+XL +4G62lt1tFHVZRjy9mLyqOg2SNwun6c3+dOySdvDY6vixxgECQQD32q9mwkHx8NqQ +2GTGWRNgIDsCR9bnmy1gGKxzKhQLdg0cNwmQrfTCgHXwfeBUr1eSXW6RqTx/WGlA +LqFdyiTBAkEA6TPOoAW+EaXPxx21MmzbqqgK6GqLh7NHM2Z2rkqR++933jGJqS1F +nr4jmWLoSQX017IPz/mlDxlL++CvWIXKrwJAHXMbgj80rLWskqdTmgm9dp99w3Cb +xVs30gI8g1aNmSsGtcKIXWt9+Jpg6RlbzVQkOJznZWFRceQkZV7lB4rcQQJARfTw +qziNyCWBqy3SSYo2a391pjswGElDtruqJqbgHD++Kb2amlGmbPSFIWJ2ZFGRHZOh +ArbVOS5RiQHiGCAqqQJBAMIp5kevQOAr/xYC8BLB6SD7XtfLKTJnZSHy7pWy6xeJ +ffn7QLqwUWMcyrvja+CQgBTKx7u8/MKLSgqohWguWEM= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia1.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia1.pem new file mode 100644 index 0000000..f91598c --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia1.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDNNrJ+X/+2VFhuPKiMLMA1EN/YFIpD6iI8mddzEatkxkmVWdfE +ZNmjoPloi93iobvhqujqrkZx+Fw1s6wS59dBPUU0P240jkFfvD4QUjMuR4uI1OjM +XXtmldUNjB+R6YXfoGhAgZeR8IonaQZDe1Lqcn4boiYu8eKSwq8bJ8FskwIDAQAB +AoGBAKtzAVm4FspcWa1wHFlQoh0zxfCf6IypNoVu+qP2pT2CtMOE1lIM+BBPU1DX +WkAYZAI8anB3vf9GQrPTMvZwoFMub7ifTsgBe+gJzbWKpfuDYRmi8figArTopirg +yphtF+wZd5x0Yas0Ak+mxfojUuWF9Scv2p3yiope5KYkC9/xAkEA/KqYc1ucAzsV +qIfZDWv/971IcJacWFm+l1M/jZB62Cimtkyw4zvPV6O6QOOMqJMyBJPE7AWBEGBS +G7kO6yqjhwJBAM/r01/KtZErJL/fZn+bXJxxYgIZ0oBqxEigcMLiRSjyDiVwyR4N +0BeWrI0IoVQpJeWCq0uL/cKmA/oMcDtriZUCQCB4M9svPJ9VqnTb8FK/PEez9Wky +kajw74M22YXxuTeqEbJ/rIOnHgAfNEI+e8b2E4lvC/Fgy7M1DZgucfJaqmUCQDb7 +4zr6zUclhKNk/aMTP8tzRHrPv1YMZfnay9cNpUJtuIX4LIdRGc2TH/Bv7tHly8rE +4m2pCKNX6cdPUMK17n0CQBt2Y0RX3Q7OoJqzbi63JtP4eYwdaI28xnncPMhvwWji +arwmzoNeD7T7tkOEZOC+rlhXZaeZLI6LYUyC5ouEn3M= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia10.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia10.pem new file mode 100644 index 0000000..a6a95d5 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia10.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDfBy/uVHZJUp8Wego5L0RtF2fKagzXQsJFYPm3ouLqL1MUaQJX +Bn5Etsdrn0G4HCoXazilicDs4kzAWZdsjRfP5YY9O7FpkID+hHs3TrkdXpj8RjjH +8SYkfXr8+tdRWdG6XweFnkPf/W5fNcik/iSiXoq7AbVdxcsOQPXpTAsAQwIDAQAB +AoGBALSKYOaRQN/CHj5XtIbuGHonBEH670IiLJl1EzDwjrf8b0iKaPaBrx14yJ36 +YXzkb75dcZGvnZkk5/SdkdKxtJ93Y83Gan34fWXWZFurdBs6B26v4wVAaRYofR53 +/75CnfCDelDH5HgtHj8tw/F4zBIxC3r7CsFn04lKQM+mEd1hAkEA+rYoUSTA9RPB +1Ki1gRiwph3Zan5Tsgt2qngWU0Ek/wsqKkwSeRgHZ5AkpsunKal7bGKMHA3yPo02 +E2EDEHLmTQJBAOO7ifiUoN88roep9pl0diYfLclTUakPViDlzIO7gulvNR0mq43D +BH1JAUVMU19A8VbilKnUS2q6bqpqaCih6M8CQHUFnV/ypdY++JRIgx/U5G9FM3xP +psVOMH91OgZ2O8yH65B+nYjEPICMeW8ZU9dQcnmurfNSVyX3R6xX9dQxrWkCQHLC +1TqBm7gjmkgfbHfUap23ZJlp9WLeqaaWZ0OTQNtmATwZeqZLun1wRsWnOvRrg7Mn +J4eVxhOYs6AJU0f2n50CQHfQU3xMJiTFfLvO8FV4fD39w141xYooC2glDWPFns+b +v3Wkd9M6Nuv+gOB9vdG9I5+X9XSkKonkmcwU9Odjv8k= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia2.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia2.pem new file mode 100644 index 0000000..265f30d --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia2.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDTOaekGWEoNU/wm/C4jVXp2k01nj1swDCxi8BQpAhq1uP68/HL +nxQutsvSFz29izGOyJUT8PwDQjACmGzuKunBKp954Ak1p269cGKuCVNUqWI2I7cV +mAHGxVJHoYzB3nxNhjjQEiRXdpm6HyNiIKV5EqKakLiqUJZZFu0pdJ1nUwIDAQAB +AoGASSfMwe7wUWa1exXnN2Pr/4RV/V4C1Cl0M+m8/7DwIWCvsPjQI7/C07MHwInA +HmeZEGS0DSYHgnFoA14bTBmcv2Jh+XJRsjN8Qari8gsfoC3+gTT1CuvrVxP55xM7 +w5c/hUKBIbhyAMHfcS/lqV+o+1ahxSMtbHWkKZYL/i3h/oECQQD/lt6wu0Ne2jwy +iHchL6l+Sz5bMpW9Qx23WpwiGPOlh3YzwDZHZRNmkJbXI3sIXvC8mjSOhyxI33iB +NlpoZEIhAkEA05CJc53tiIBqg4YzlxKw5u/oeR0qvGFJFP6D8UnRTSet0R/hnlAX +VVns28irMOGZ3gRLskRxv0EMRoViO+Ji8wJBAJO3qYrxH/XRIZt/HYLznf0dFbP1 +n29cO+99keFvFFol2V39iCFpPHY5uMQsgG4NGQuYACoj26deaLIdLNFKqKECQD4A +4ze+NipGMHFBeIczFCNqdkBgmvDAtlFv0i16C9xH37olVNM3986s3yz+n6VgyN53 +ddPWGVwK7VURrFuOmp8CQEEDc0bBtkJgXfObV2PYGJRVuGGP6S1RqL+7VNfmu5/+ +ZJAdwJZOdl3PDL8b9XNSgayuBCK6Wwt3GGzdtvqz76s= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia3.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia3.pem new file mode 100644 index 0000000..0217b1c --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia3.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQCjhFcier8v7KbTxvLhFJKOnbFa8m+Zn1MI0fnvANqnLcNkbzHf +TEkgBoiS18b/DJlJ0MVXu+qHTQasaDVqPiNs3S9OfPyc5tAdZeSHeX7ZwB7Ne/WB +v3mK2G6UIvF5ptxS6u3m94YxXbc5/M1z7Q0f8sp5uiUe9LlsvCgIqUaqHQIDAQAB +AoGAbD/eV2sfSqDGSIj6nVs7MsLeeLDqhK7fD4XCiiDsn6RCKCkcwREFj/gDTgMf +MBWtHRriqhQzTOMHOfe69NyyIf7eXihRjkX7Ist+gi1wiKqdr0ECECC3sGdWR/pu +wLBDtC2ynqiezbxog+/3C3YWs0+DTsnn87aOeKbIIfoMSFkCQQDNBAqw/BKw4dDd +msMGJqbI3UIobZVOEXLwTi3ZWwDMIM+HMJPyT62U67cCg35M4L/EMxYBYMhqdS3f +tixN9+bLAkEAzC5ZxDEG4S3j44m1Ff58qBStbV4SBlM18jZgjEVqeYlqStWq8U7J +lJLpa3F8C26bUNWXTwl7i5BIykpGjZ0ttwJAAdIVXjj+2X9H4Y/sR3O0a3g7jCxc +9RKGmMe49IMwYJ+x+BtgVPiMLBRjzavpRTmBunZRrbV0Ui20OJZfklmvPQJBAIiX +EVIgAhwtmOAkxVGbV0UR4Brj7Wbxz4rjOZ9c6Ke5d7PsUFjxfgS4axKHbpYvPhPL +b1deXpm0wh0hpyUhWu0CQQCX+HNWjZ/3oGTxWHVWhj7Q1J18CyxDj7SISA87mv84 +QZuso4AGYpbuZUdWr2cJcBvbP+ZX7DCjsr+5Ns/3Foqq +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia4.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia4.pem new file mode 100644 index 0000000..6785e26 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia4.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDLjdBvdPcqlkda+ePVcjqBlMcP4qKbEU6SFWHcP7j9n7iuGFQl +yuAaj0n34YFkdkdatLydEQltx3EDzTirhV9pWu1rqjKnhbR1mqrc7O6dTgNR446m +iYLjJhNCmYcEX1lYQ4ky7do06bLKM68p6yAL50oQDD8AlHU2xfhNS6SIlQIDAQAB +AoGBAJMGntwypujq3SV4Q7mDpYC9Xr85muvYp2Da8vFsUYlYGcQeLIGTtSVaBDp4 +dsaCrG13CJmGmcHigd4WGG3DizK7HnlOU6GuKdJfISJAT0Di/oSnH1gpIxGzxsA0 +IAjrncQT0yPcXtS/YXv4VMhOHdWTmaZvsuP0aJjd04hg/yyhAkEA623ruT6oKxk6 +5QeO8OFhUxi9ahgzQYHfHU9bXshRoCVA9OE9EzxyYvQRJa4s2WcJoRmFpwTPQoUW +iZnhKBBr2QJBAN1W56AFsqtNY33joZA1GIjZEhgbeZF1w+VUUcYWQ8wvOFYYq71S +lmw2QpZdAhgFtQ5Sy31xVbbp7USrAoXNOR0CQCyyD6B5jr+v6Ih2qOJ+R1XZSoyL +z59OIqeT20rhSO3YZL6YzFmMjkLPBzpaGNWlRCS7ja4psZd1YNP6zM4oX/ECQB0u +F9tA5Q0wZq1yFRqt5U4lT/1doelLXUgelalHxihlEUhIeFu9R5d8j8rC+EOyfOwm +fi1Lg8FZla433V1GcQECQQCDC1toUTOs6zQMR8Qjbg806oEeNCrXCuRSvER9F216 +W/gfkyu3O7ZMyTLDzssExEBemXqIwP7cPvi4AudCR+rF +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia5.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia5.pem new file mode 100644 index 0000000..014cc30 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia5.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQDbDHCjS40S+kdfXzpBkRh6m+OvmVZwlnF90Hzu2dI6kMtCyOsG +pYEko9Ce0DMEiFCk4jI3GrikP3dWtD+pzCd+ycmJHspktk7m/PoXzjuUf7IUb0Ct +eHXzCb5iDb6vQGHcFkuUTIsWznlfl1lWGYoj6iF8PQJTCTIXtifubjEeTQIDAQAB +AoGBANOC9ZiYMUar6RMMbsI1CsAJmxdKJw9cFYZ5NMmmBruKaNq6C0dFtKfejmlr +fHfZ8JTl3bsb0EK5DdDpB7g7a73WT1338htfrH+3e0LRsj0hU7SidXOgb0Cw922d +nRW53198ARkPc3b20uuFI71+4x8Vs5KDHiYNs644IpKD+2o5AkEA8WdqEkLaY3Wm +muV5l9SZ5bKFDv+lWV7AQTjUGslJOxlq3AwB4hBK5CJiiybYyTcV3e4jWJZfnN/t +J5NSeXVY9wJBAOhK/yp/UqblY96LgrlrfX7qQ+u6/drPHwp6JvlAGFyPzjN5WAO5 +i/9FZdKmjIvQOBu1OjvKjS5B/CpM4cTcVdsCQQDvEZJLaWesDgyj49RKV+LdRrFd +TDHtUtek/+mWaXcbjy1zpHSM88OnMKJU2nDgvKvsMHVSuwEPc/gCNHT+Ege7AkAv +/B4Nx1NpioVA2YzdhKjd6MKzFWOPKa392hHm9yiRJluwImbeDhwvVUSdaS4rS43r +m1o2M7dKUPMoQc15fxJ1AkEAq8F4Ij94qy+eGc25H4ZkGOZTdr6iyn9ffncEqf42 +xvLu/L+RSuPu4VozAqzlXUWSi5Msnmxx0GaRtKJXZ/7AuQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia6.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia6.pem new file mode 100644 index 0000000..d4cb2bf --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia6.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQCWTobpyriDSEdy+q0BqCbAxgkQ7zfgYuZr4ZedFcLliPruUIH/ +6/tIgG/bQbdRWGTrjbcvAxoLNttTHRl8Sfl2DDk280/p9seQXwLd3OdRwkTMn4dM +E9TlkRxK7TOigHbIVn78yXMreNl+o7IjzWnKoaeM44yXPnGsyARWvZfN0QIDAQAB +AoGAXqPJPRIAxeDP5CzEnGN1KzJGaRxG0YlUTp836JfYJNDwNvgIMs0yZn9Abwzc +0WJYAR01N2u7jU4YISgUcPbfFCcoH0f7p5xknHee9CYXt+YkNT52YNdungP60I4m +1EQID3Xn4/h0+vsb6ZnlUMWUFfxhfBtixvwQZuZrtixbLfECQQDGym+ysZvvxyA5 +SfiH8Ixs93hixX5csyFyDieNFntI/otZt3R+RKSHSODGAXbPgOzIWrfD91/YA6R2 +LotEJFJtAkEAwZAdZ2xvV2uVuOxre5CZtXw1dMLZolC2thAmrqoAdMek1UcSK8wI +ZdmE9XneAKcQx3esR0AvTIbKx24/6DFqdQJAOiN0fX+CSqMjIn4myKMqfqf1tnVq +GnRtQK0xFgtQLS381VVZJaCvub0vt9kvxUpAdexKOG79wfB2xfWg12IEFQJBAKnV +qGcZtqvuwuUJ09kMbEHYJRM48DpCNb6Td01j7piIn7Fe9aumD2xGKio07ryF2ewa +rfeqcpXj40KPEtXJng0CQEPJULeB6FKRqzGWsyIe4u7ow2MjMIou7m66HyjvjkHP +6Rg5DA0dSEjwJeMFQ8AklKPtLyuIyrkFunjctYXx0Cg= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia7.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia7.pem new file mode 100644 index 0000000..2882a88 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia7.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQC0W/5IECvrWK/GDlcqpVzMV4VE8tnRQ4TTQIv3euDosZ3o9LFF +xmcUm6Wo4o/LMabbYZANqgqeJtxLCzOifAdyke5q7Hc09H6lDjkTqNWGhhJbpIs4 +kVckjak7+PGmSIkgqVuz/spW8MrR7JmcV2rfjiOhfr5ffM+p2z+43KGaOQIDAQAB +AoGAKiqfxoVRX1J6tdlAc835ZiTIGZiVaCFa+nDKyG9ICd8Mxhv/HgsGqoDBODzP +1XekRQIIRcmNdfAr7LePuNs6eh/qm98UulUr6zpEMXu8/DIqI6Lf4F8GMwMaD2lx +qmnQK+fziDrhrw10Y1ijy/ttEg6wDwCeQJJs/Iz3ncOEIMkCQQDo93B/RhJas6Gd +bIC5IIe5pwvyOzmkn6dOWCIZDU5WXJ3A2gtNDdhO6MunaFCA2i+R4RSu8dDQjUXC +dtthEfVfAkEAxjEGfrEg1NW7ug6CB2yvJiKzoHn6mVWUapKWfbstaodOrU1+WWtU +CpWn0cm6ytGOeSI1Ylc2vnp667QikWq/ZwJBAKvV97CpKtikLs1DPx9OE06pHHKr +pLT83hc3gs8ftWyWG/Yn3rYTRD3QEIeGtfqU9QmREASKcQ+jZJUvvlk3OdkCQArY +9hULFtPvWtYFI0LKxQ9eSNyYsImh8Hygx1HcY9D31OuRWUAFqtTlegj2dJ3TOGwS +3j8irOFiDMZH1riE0jMCQDtk5fJZd61phQ25I4mkBf4+8qCOiiWneuapdJlX1r+C +5GmsM9fDr/m+pBNAbQP2vR+38wSHEuEt0U9MC7NEAHU= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia8.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia8.pem new file mode 100644 index 0000000..9380709 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia8.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQC8dmzRZbvDmPpNGTSmQ4rBHf8ETPnJv8XZTAiUokxVMQloOjVh +xi59anqHiLohTF5eKNnT/QG8TuJVqNfVoHLRtftv+Mp69+aJsD7Jg+X9jan8Cv2g +3aIzF06gDjcisu8n5GfVWICLFqGiVsNzaX3uR9mvTRl+nysIrUtRB0CZ8QIDAQAB +AoGAeD+3vwQCghMh4f+rMEr4RbA1/zB+UNQkEToKX4wO2Gypa+94ECK7lxpRhBkh +ag2oSLwYAML2UIiksbNBw/TUTRJUIvVFGNj01ZAY/ToySwZyB+iGVvYLs14CWCh+ +lIG8Yv6jeioXW6lUYuKGX/8MgKxsYqdjTuNDBUTU/wYHZgECQQDezuG53RnhW+cv +612+metzu3+9tnz1YME9d+xJSHehNG+44ZojxIujYaZpwq4riPfPp61JKJmJ9A1p +QUDQfLeZAkEA2Im5unIRak409a6uNlZ4ga6ISROewyoGe+pzch7trOGgcmcTy3mA +ZqmmRcolcpQ8Zvk/8pEbgSWwh1GxOuOMGQJBALwEyOcXdad+7nC5pboaGV7ocrud +K4XFyEwezv5ocMtQfJb/iht02IFe/hdxeZizVKufS9PYtvh7QnX34sIM/MECQGHy +Cjy3lAEN1w66MLsLaf7ev26unUWSINS0O/wG2WM1u6mDzoRfNSE646b1xPKK8rdx +Tuedk19bePn8jbohayECQQDWDO5OcgeD/3Yyy5ybll7UC+8O1RWHx/aYV6xI1Nbm +G4UsxB6jeEoHUD68YQ/LCaphFsrcYDK9KCaFn9qqcGeJ +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia9.pem b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia9.pem new file mode 100644 index 0000000..99a1155 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/private/cert_chain_no_aia9.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQCocGkc8UikcaUr0NjxAB/KKhfQP08fQ6AEUj4oczsgA5ZHmRnc +lTVBrwNOCAHB1QhlTHWfKXPTq7P1nOfgc6hOvv2GZ/f0IEJ2OYWUkbhsdADIyIvR +JDiS3XR26Mpp9paqKRsyTtdlTdyHTP9g3ESlBmAqL0jmoJyT6yT/dKXQEwIDAQAB +AoGBAJigAx7uo1wefgQN4gW+jw+oxJs2QoOZy00fGKOehlyj43BNEloF+ZPi+aOj +LbRtTIY9mfb2oLWUSCSuYI3JPx9jIsNMeCgn+/Eo96mjOPvifKgz0D4tNPsGTmf5 +PSEDPdN6NdpIuPoCyn8dTEseL99FDe4JNu1Hotm6xzyl0m+BAkEA0s2LJKsQZKFw +APuwpvLXiLE2n3jxZzxNTJY4X3TGkcDPkkh7LJLo/39KkGZ6jke73IY5UCYXKrSU +t1UlPMTx2wJBAMyNnx2o4c0P3KRyOICS45q+9CMbASIN7aSxNg3Y/bb9R0sVQbXc +C8HpfUN2erpMy2oCjcIt/aU47tTCrkJvfCkCQC+KY2L1oVDQh63xFTnRcoJFVQhK +AkdB9jzbdAMzFsUwMp/O8NhwmVNlpa9DLUiBLQDi1HIa5Qagixl9flRiJhkCQGB6 +n8T+hdoRlDEgCpRiM+YmEMKKFyO3zBG039jyMuDfX4QDd6XOLuF8Pm/WbxZ16C+N +Gs2uoYcPbl59oHGHYdkCQFYRupnzOGMA6qLlP/moi0j7OzOK0JpMLCvkGg5GcNVl +MD2Jgl3O/7JVWQQ/21rS6BLbQHr4Uty6T79bHu6ZeYY= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/serial b/tests/cert-svc/data/TestData/ssl/cert_chain/serial new file mode 100644 index 0000000..87523dd --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/serial @@ -0,0 +1 @@ +41 diff --git a/tests/cert-svc/data/TestData/ssl/cert_chain/serial.old b/tests/cert-svc/data/TestData/ssl/cert_chain/serial.old new file mode 100644 index 0000000..425151f --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/cert_chain/serial.old @@ -0,0 +1 @@ +40 diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/ca.csr b/tests/cert-svc/data/TestData/ssl/demoCA/ca.csr new file mode 100644 index 0000000..5c09561 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/ca.csr @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEnzCCAocCAQAwWjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +ETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMQswCQYD +VQQDEwJDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMXhh68aWUeO +MDqFnGm1yuqgKJ5gL7aLXkLvaoptZnZchTi+LbzDEIhAyHLVZhzW5TTalY9IsvqI +B+vax6kYSJl1vzIqha7dBsHcftCqJqlDwl35pPOOfDJBcMjd211arVe/7XHIsdTm +OaGpBVF/7WGMGgla9HIFLnr/EocSdxq/tyU82TPHBpTfjOnkXxuZLkvcTBdm2e3Z +a6iLoXZBUwqAEbbfTQnsBClcBgUyaVR1bxwLjEbjmg8N9RvpHSNDhVBQkjRg80zn +ryxojICHB3JplfNBFGJ+PtymRXQEouvzZRiy0tLRHydvULO1hsVO/mGtaKyhFILU +kn240w1u8aiyM/7a1VEy+hYS4lLOiQnbCsZI6gWdzmroa1tBOOV3mjTb0tjnxIGb +Gu2fnEQMrKhRBN1l04hELBlTUqGgvXqWBgYB03uaHt61Ul4HjAPqLWkmWu/CZlEO +6ewoCoJHCPR0Z89gGdrcMzJBaF2dsceurIcYL+rSlALTkpo3SiQiRlqcNSQQUUhF +cE+fsQq050gXxk6AMjZi3EZC/Lj2Z/oYcf5hiwt7gnzMux5A0Mxob8g4gRGIhOOx +DxZg53X9frdTW6xnMTGHq2mqmVtQnquvz6MNcDw7cnJBUQkUWHkq4wvL3y6zbhBF +UXsX7gBKox0JMY3PHeH+untLNoWdi9F9AgMBAAGgADANBgkqhkiG9w0BAQUFAAOC +AgEARyunUCI3xAmw7kJY0NbLJA/+SvULDT+x0DMsHp/GHB25GFqPh8LXd7+nYCxR +b4XKMUPwVhOuZgLIgv2yGcSvztXtm9OVtonVmrWfHCDPPrKVABrYOZ6odhKiIi6s +hzW0MKEwcl774cqO8YYZwrJF4tHCc0sDKK3iCcw0JvRN/x64XlmeidiHyhgrJwPd +REzMZaBTGiL69EKLs6JwUndI2cY8vOOmISSW098RRy0kJSLZXKvgx/vLlfCMEDdn +vZm/5bCuOIiCMcu2JFGG4DsVV32kfUSDgkmUbVK9Cb2c/irldxh277Dt2vBzpG3T +j8R7TOJcUfjjt61LCO1KVZMx/STGUqbyNJq1Zk8hWbK+x4ed+Abo4CHZS5kN7DWo +IieX5xESyFqoHMyyoZVQ1n0DGk7SbQDTOrN4Iq1okMscRdZuZVwv34yadmZbQRWB +V+HvEqOSYFOqeZLi7kEGiuPwEtQD189VbXLNpD4blWMcV7Uji9LeRJ00enFPcEHR +MOZ7axCJKpEHyoRcJwYEceUhx8j8WOuVnptySbR+o20NNMcdCZ3Iaht5SfFaB/HO +GOdL0kne1nrWcyPUWPQZmCYVrNvAraeJ657T9dnsIf6UWUk1Q7fbyXl7vAvtY3mt +5V52iP/BiImA+Xy+7XwY/ByrPJrqdWpQxueI+GcO7v77i6k= +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/cacert.pem b/tests/cert-svc/data/TestData/ssl/demoCA/cacert.pem new file mode 100644 index 0000000..646524d --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/cacert.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFMDCCAxgCCQDyW0BbwrfQZDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJL +UjETMBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNV +BAoTDVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMwNjA3MjIxNFoX +DTE5MDMwNDA3MjIxNFowWjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2kt +RG8xETAPBgNVBAcTCFN1d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMQsw +CQYDVQQDEwJDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMXhh68a +WUeOMDqFnGm1yuqgKJ5gL7aLXkLvaoptZnZchTi+LbzDEIhAyHLVZhzW5TTalY9I +svqIB+vax6kYSJl1vzIqha7dBsHcftCqJqlDwl35pPOOfDJBcMjd211arVe/7XHI +sdTmOaGpBVF/7WGMGgla9HIFLnr/EocSdxq/tyU82TPHBpTfjOnkXxuZLkvcTBdm +2e3Za6iLoXZBUwqAEbbfTQnsBClcBgUyaVR1bxwLjEbjmg8N9RvpHSNDhVBQkjRg +80znryxojICHB3JplfNBFGJ+PtymRXQEouvzZRiy0tLRHydvULO1hsVO/mGtaKyh +FILUkn240w1u8aiyM/7a1VEy+hYS4lLOiQnbCsZI6gWdzmroa1tBOOV3mjTb0tjn +xIGbGu2fnEQMrKhRBN1l04hELBlTUqGgvXqWBgYB03uaHt61Ul4HjAPqLWkmWu/C +ZlEO6ewoCoJHCPR0Z89gGdrcMzJBaF2dsceurIcYL+rSlALTkpo3SiQiRlqcNSQQ +UUhFcE+fsQq050gXxk6AMjZi3EZC/Lj2Z/oYcf5hiwt7gnzMux5A0Mxob8g4gRGI +hOOxDxZg53X9frdTW6xnMTGHq2mqmVtQnquvz6MNcDw7cnJBUQkUWHkq4wvL3y6z +bhBFUXsX7gBKox0JMY3PHeH+untLNoWdi9F9AgMBAAEwDQYJKoZIhvcNAQEFBQAD +ggIBAHVU/HAqDC+bX8J0Nt7y0jO1ioUun6qPzjcQ9QRYjZ71JrsRbTgNmYkKtBi1 +8TZ/Dyq27OO612N4qrGe8dZwTK7z8bhVv4+mjgpP/uyO1woLDpYof26z09cfYd3z +J0OE7Ta0/OlMYCDWl6ORPCNkfv7Bj0cS/XsJczfJAaPdyUozTR6Jl4qARHgS07H4 +ITZGnzPSk34AhJdZFVcnepCSjb4eXTJw1xjAd/OIaD8qtAnrrx/RnWAiii7BIUN/ +O6oOBSumPIrzBbgOJ96KyE5DDaoaECBWEFeyLsXk9PW3PC4CcPrTW1qjkr2cFrPm +oYhIb2NkYQzpx36wLqG9tiGGiO8BFmyDjffAu8rBvMIFDGjy62fA+n/BMyrfxrQ3 +bKPt/GVHEEhhpNVAF+aRdJk7UtirLIrOYnRJDcbi51ZYiLpogmsH0PZ7JcC2ZkCb +w753asG0K48OcRNw4c2D0tOXWUE+pkTjbE4HUD4xU+of3x3V98xHghd2G8MOMoRL +M4tcK/zs76pOY6gfNuZe8nN/9RI+gsiiswWLkSBDEJEAEngZchdmd0I+8ed9qKW8 +Sm+85bfdya+Pbl858kubbkVup8wdl6wfILV+1XZOks1enknQYbls6Gx6mF9Llx1h +mEHwvjERzOA7ykbVsRj/42Rn4g6JNEzJIZCsaSowk1zt0imn +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/index.txt b/tests/cert-svc/data/TestData/ssl/demoCA/index.txt new file mode 100644 index 0000000..3fd04a4 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/index.txt @@ -0,0 +1,42 @@ +V 100306080002Z 01 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100309031315Z 02 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Certificate for OCSP Client test - IP address as AIA +V 100309060955Z 03 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100309061108Z 04 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100309061223Z 05 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100310001031Z 06 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100310001451Z 07 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100310080409Z 08 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100311104952Z 09 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100313011918Z 0A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100313022703Z 0B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100313023759Z 0C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100313023935Z 0D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 190311031642Z 0E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Second Responder Certificate +V 190311031818Z 0F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First Test Certificate +V 190311032356Z 10 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 190311032410Z 11 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 190311032420Z 12 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 190311032430Z 13 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 190311032440Z 14 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100314113542Z 15 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100314134812Z 16 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100316053643Z 17 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100316053834Z 18 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100316061833Z 19 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Second Responder Certificate +V 100316114226Z 1A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316115653Z 1B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316121050Z 1C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316121256Z 1D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316121311Z 1E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316121809Z 1F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316122916Z 20 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316123325Z 21 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316125036Z 22 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316125902Z 23 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316125924Z 24 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316125941Z 25 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316140429Z 26 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Responder certificate with nocheck ext. field +V 190314230611Z 27 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Responder certificate with nocheck ext. field +V 190314230854Z 28 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder's certificate with delegation +V 190314233211Z 29 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Seventh OCSP Client certificate +V 190618082147Z 2A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First Test Certificate diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/index.txt.attr b/tests/cert-svc/data/TestData/ssl/demoCA/index.txt.attr new file mode 100644 index 0000000..3a7e39e --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/index.txt.attr @@ -0,0 +1 @@ +unique_subject = no diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/index.txt.attr.old b/tests/cert-svc/data/TestData/ssl/demoCA/index.txt.attr.old new file mode 100644 index 0000000..3a7e39e --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = no diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/index.txt.old b/tests/cert-svc/data/TestData/ssl/demoCA/index.txt.old new file mode 100644 index 0000000..7de5529 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/index.txt.old @@ -0,0 +1,41 @@ +V 100306080002Z 01 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100309031315Z 02 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Certificate for OCSP Client test - IP address as AIA +V 100309060955Z 03 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100309061108Z 04 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100309061223Z 05 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100310001031Z 06 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100310001451Z 07 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100310080409Z 08 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100311104952Z 09 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100313011918Z 0A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100313022703Z 0B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100313023759Z 0C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100313023935Z 0D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 190311031642Z 0E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Second Responder Certificate +V 190311031818Z 0F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First Test Certificate +V 190311032356Z 10 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 190311032410Z 11 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 190311032420Z 12 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 190311032430Z 13 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 190311032440Z 14 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100314113542Z 15 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100314134812Z 16 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100316053643Z 17 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100316053834Z 18 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=First certificate to test OCSP +V 100316061833Z 19 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Second Responder Certificate +V 100316114226Z 1A unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316115653Z 1B unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316121050Z 1C unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316121256Z 1D unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316121311Z 1E unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316121809Z 1F unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316122916Z 20 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316123325Z 21 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316125036Z 22 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316125902Z 23 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316125924Z 24 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316125941Z 25 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder +V 100316140429Z 26 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Responder certificate with nocheck ext. field +V 190314230611Z 27 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Responder certificate with nocheck ext. field +V 190314230854Z 28 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=OCSP Responder's certificate with delegation +V 190314233211Z 29 unknown /C=KR/ST=KyungGi-Do/O=Samsung Elec./CN=Seventh OCSP Client certificate diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/01.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/01.pem new file mode 100644 index 0000000..a3c5540 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/01.pem @@ -0,0 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 6 08:00:02 2009 GMT + Not After : Mar 6 08:00:02 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:d4:41:90:ba:e8:97:0c:89:05:f0:95:75:44:ff: + f3:c9:b1:68:90:0a:83:a2:30:6d:f4:8d:2d:e1:ec: + c7:bd:ba:24:39:bf:ae:29:fa:65:2b:c6:98:ee:13: + 74:7c:5d:68:36:5b:b4:0c:ae:6b:99:40:b8:39:a2: + df:fa:97:e3:62:37:ff:3c:ae:39:6a:1c:77:39:81: + 2e:9d:c9:a4:30:e0:4c:e6:18:e9:57:04:a1:09:0b: + ab:ac:00:9c:ca:65:96:59:1f:e9:21:86:9b:d8:ef: + 86:db:99:70:1c:39:31:9f:48:f9:02:0d:4d:53:aa: + ac:ad:f1:58:ca:84:98:44:95 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + OCSP Signing + Signature Algorithm: sha1WithRSAEncryption + 0e:0d:eb:90:52:0b:d8:81:b9:b1:87:da:b4:c2:18:5b:fc:01: + bc:de:1b:16:5e:09:e1:a4:76:68:7a:05:e0:77:58:f0:bf:ce: + 8e:52:f1:fb:ab:35:9b:1d:e7:40:14:88:b5:36:0a:1d:b6:70: + cc:83:bd:2c:2f:7b:9e:fa:33:29:4f:c8:5e:ec:fb:56:90:1b: + 7c:9c:c0:e8:0e:bb:92:dc:20:5f:22:10:d6:c3:68:3d:26:6e: + f1:3f:df:42:45:f1:82:04:76:ef:3c:a9:d5:be:8e:dd:3b:a8: + d4:c3:08:51:f9:2e:60:8e:93:4c:c3:e2:93:ea:ef:6c:d0:47: + f1:f3:15:8e:6e:66:0b:22:36:32:8a:f7:7f:c9:41:d8:d1:69: + 0d:32:62:ea:3c:fe:72:8a:c8:77:ff:5f:a1:4a:59:1b:5a:12: + 7b:a0:52:17:ae:6e:d4:d6:b3:c1:3b:50:26:3e:55:46:37:39: + 50:ea:2b:fd:97:15:ca:ca:fc:a3:dd:9b:72:c9:d8:a9:39:aa: + e2:77:b1:d1:bd:2c:62:0c:90:72:75:32:e0:18:3d:4b:01:9c: + e7:69:77:c8:05:1e:49:44:0f:fa:e2:71:0e:6b:b2:99:f6:a8: + ae:fe:4b:02:73:fa:00:7b:f4:2b:50:44:b2:50:12:2a:82:ee: + be:da:ff:47:51:b6:95:f7:fb:39:c7:7f:1f:01:b7:5c:19:01: + 87:d8:c0:3d:bf:d5:ca:1d:67:6e:1b:6b:e6:98:8a:81:ab:91: + 53:ef:03:e0:62:17:c2:5f:f5:ed:4b:24:12:10:64:aa:09:bf: + 8b:fa:bb:54:a1:45:6a:7e:0a:f8:85:d2:ae:cc:b5:65:1a:db: + 9b:17:1f:e5:64:f3:1b:8a:be:40:10:28:d9:a5:ac:30:ed:7e: + fb:40:39:8b:f3:8d:10:1a:db:85:fd:83:a6:89:eb:09:b3:c1: + a2:3f:b4:a9:35:62:58:24:6a:37:76:a8:e9:80:12:b9:bc:b0: + db:e3:ba:e4:a2:dc:b9:8f:ac:99:6d:95:44:7b:b1:7e:1b:05: + c3:79:25:bc:ae:15:4f:7c:f7:b6:70:0d:fb:d7:fc:91:d9:d4: + 52:a3:bb:50:83:a2:2e:c9:ec:26:73:e3:a5:e2:b3:24:87:1e: + 48:28:f5:7c:49:51:51:c4:1f:8e:06:53:cb:3c:49:8d:b9:ae: + ce:51:a9:85:a8:25:57:02:22:70:17:16:78:29:31:c9:ad:63: + 3f:39:75:1d:c2:ce:7a:0d:85:96:95:3b:01:02:0a:15:8b:ef: + 93:74:65:44:c3:87:19:01:04:0a:87:82:da:66:f6:bd:34:00: + ab:09:25:e3:20:4d:87:6e +-----BEGIN CERTIFICATE----- +MIIDuzCCAaOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMwNjA4MDAwMloXDTEw +MDMwNjA4MDAwMlowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUQZC66JcMiQXwlXVE//PJsWiQ +CoOiMG30jS3h7Me9uiQ5v64p+mUrxpjuE3R8XWg2W7QMrmuZQLg5ot/6l+NiN/88 +rjlqHHc5gS6dyaQw4EzmGOlXBKEJC6usAJzKZZZZH+khhpvY74bbmXAcOTGfSPkC +DU1Tqqyt8VjKhJhElQIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkq +hkiG9w0BAQUFAAOCAgEADg3rkFIL2IG5sYfatMIYW/wBvN4bFl4J4aR2aHoF4HdY +8L/OjlLx+6s1mx3nQBSItTYKHbZwzIO9LC97nvozKU/IXuz7VpAbfJzA6A67ktwg +XyIQ1sNoPSZu8T/fQkXxggR27zyp1b6O3Tuo1MMIUfkuYI6TTMPik+rvbNBH8fMV +jm5mCyI2Mor3f8lB2NFpDTJi6jz+corId/9foUpZG1oSe6BSF65u1NazwTtQJj5V +Rjc5UOor/ZcVysr8o92bcsnYqTmq4nex0b0sYgyQcnUy4Bg9SwGc52l3yAUeSUQP ++uJxDmuymfaorv5LAnP6AHv0K1BEslASKoLuvtr/R1G2lff7Ocd/HwG3XBkBh9jA +Pb/Vyh1nbhtr5piKgauRU+8D4GIXwl/17UskEhBkqgm/i/q7VKFFan4K+IXSrsy1 +ZRrbmxcf5WTzG4q+QBAo2aWsMO1++0A5i/ONEBrbhf2DponrCbPBoj+0qTViWCRq +N3ao6YASubyw2+O65KLcuY+smW2VRHuxfhsFw3klvK4VT3z3tnAN+9f8kdnUUqO7 +UIOiLsnsJnPjpeKzJIceSCj1fElRUcQfjgZTyzxJjbmuzlGphaglVwIicBcWeCkx +ya1jPzl1HcLOeg2FlpU7AQIKFYvvk3RlRMOHGQEECoeC2mb2vTQAqwkl4yBNh24= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/02.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/02.pem new file mode 100644 index 0000000..99119fa --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/02.pem @@ -0,0 +1,82 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 9 03:13:15 2009 GMT + Not After : Mar 9 03:13:15 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Certificate for OCSP Client test - IP address as AIA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:e1:a1:0b:40:23:f4:c2:29:2a:e6:9a:f8:55:86: + 03:94:76:99:15:00:61:d5:97:00:ca:aa:7e:f6:d1: + 7b:70:12:40:99:00:01:94:8c:69:7f:c0:fa:d7:72: + 7d:fc:61:54:3d:ad:02:53:a3:c4:49:24:8b:42:59: + 61:01:b5:4f:52:83:df:09:de:19:5a:a6:ce:78:7b: + 1e:fd:03:2a:4e:24:37:89:d8:12:61:c2:f5:49:74: + c5:f8:75:7b:02:b2:5a:a8:2d:a3:b3:18:3f:f0:0a: + 18:e9:f9:e0:92:fa:37:b8:f2:15:99:23:26:07:a1: + cb:2e:e3:c6:1f:d8:88:65:cd + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - IP Address:127.0.0.1 + + Signature Algorithm: sha1WithRSAEncryption + 3c:50:d3:19:27:36:33:e5:1d:a9:e0:30:c1:bf:8b:90:6c:ef: + e6:40:e7:2a:5e:f6:1c:f4:e1:17:f2:2d:50:42:30:e7:68:30: + d8:ea:a1:bc:92:77:b8:06:cb:f2:d8:b9:bc:26:c1:ff:6f:8c: + cf:3b:22:a1:2f:07:c4:41:a8:91:4c:fd:1b:c8:85:5c:21:cf: + 03:1b:1a:15:c4:f4:3e:bc:10:8a:27:82:fa:2c:a9:1b:e9:07: + 72:bc:a2:79:91:3d:99:45:8c:cc:08:5d:c9:b9:4f:94:19:d0: + 5e:9c:08:7c:8b:6c:11:c5:a7:7e:f3:5c:95:35:23:55:d2:cd: + 06:34:98:00:a3:64:54:5e:ad:b4:d1:4d:e0:cd:4d:cf:11:53: + d4:12:88:9a:42:12:77:61:73:2d:ae:9a:ba:2a:73:f5:59:96: + e5:0b:85:3c:01:3f:16:0e:df:fc:c6:e5:a9:68:21:e9:09:7a: + 7e:a9:fb:32:f0:69:d2:6d:30:e2:ed:34:6f:3d:fa:75:86:88: + 08:5f:fa:ee:72:b6:51:e3:77:00:cb:25:27:42:cd:86:46:f0: + 1a:08:6c:e4:a4:b0:97:2b:69:12:e6:3d:81:9b:d5:aa:31:c2: + ac:93:43:04:3a:c1:e9:cf:53:f7:0a:ff:ed:6b:ef:ef:d0:43: + 43:54:de:10:de:c7:77:f3:e7:d1:14:66:c2:02:25:e2:5b:c6: + c9:09:3c:a5:c0:b5:6e:e9:b0:6c:03:87:3f:b6:9c:3c:f8:9e: + 21:7c:dd:2d:99:09:62:ee:7f:44:d6:4c:dc:ff:33:97:77:86: + 03:1b:e0:16:c8:c6:83:79:9f:20:a4:a5:e0:f6:0d:d5:d2:c2: + ab:80:2b:f0:f4:09:e8:9d:38:9e:d3:2e:5b:3c:72:7b:1f:56: + d7:96:d7:e3:49:de:b1:99:e6:1f:44:0c:9a:11:ac:18:8b:64: + a5:4f:48:eb:93:b5:73:1e:1e:ee:62:39:f0:65:2f:6f:ff:76: + 28:ac:d3:15:6a:39:04:b1:2b:1b:46:07:1a:b3:71:ea:e6:2c: + 55:3d:f6:a5:c9:a1:5e:aa:bc:a5:35:61:8f:ec:69:ca:78:76: + cd:b5:47:04:66:d3:96:84:62:0f:c0:8e:17:df:24:6c:81:b1: + 85:9a:83:94:88:c1:37:e5:fa:bc:6d:f6:b3:b3:93:67:58:20: + 63:73:81:9e:51:f9:5d:dd:ba:c9:a9:7c:ee:cd:5f:8b:df:d0: + 2e:33:e4:aa:4e:35:17:6b:79:47:17:d0:89:68:53:37:0e:87: + b7:9f:56:91:c9:a8:5d:12:5c:95:be:24:ff:8b:79:73:12:2e: + 25:66:01:33:ac:08:e4:3a +-----BEGIN CERTIFICATE----- +MIID7jCCAdagAwIBAgIBAjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMwOTAzMTMxNVoXDTEw +MDMwOTAzMTMxNVoweTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xPTA7BgNVBAMTNENlcnRpZmljYXRlIGZv +ciBPQ1NQIENsaWVudCB0ZXN0IC0gSVAgYWRkcmVzcyBhcyBBSUEwgZ8wDQYJKoZI +hvcNAQEBBQADgY0AMIGJAoGBAOGhC0Aj9MIpKuaa+FWGA5R2mRUAYdWXAMqqfvbR +e3ASQJkAAZSMaX/A+tdyffxhVD2tAlOjxEkki0JZYQG1T1KD3wneGVqmznh7Hv0D +Kk4kN4nYEmHC9Ul0xfh1ewKyWqgto7MYP/AKGOn54JL6N7jyFZkjJgehyy7jxh/Y +iGXNAgMBAAGjJDAiMCAGCCsGAQUFBwEBBBQwEjAQBggrBgEFBQcwAYcEfwAAATAN +BgkqhkiG9w0BAQUFAAOCAgEAPFDTGSc2M+UdqeAwwb+LkGzv5kDnKl72HPThF/It +UEIw52gw2OqhvJJ3uAbL8ti5vCbB/2+MzzsioS8HxEGokUz9G8iFXCHPAxsaFcT0 +PrwQiieC+iypG+kHcryieZE9mUWMzAhdyblPlBnQXpwIfItsEcWnfvNclTUjVdLN +BjSYAKNkVF6ttNFN4M1NzxFT1BKImkISd2FzLa6auipz9VmW5QuFPAE/Fg7f/Mbl +qWgh6Ql6fqn7MvBp0m0w4u00bz36dYaICF/67nK2UeN3AMslJ0LNhkbwGghs5KSw +lytpEuY9gZvVqjHCrJNDBDrB6c9T9wr/7Wvv79BDQ1TeEN7Hd/Pn0RRmwgIl4lvG +yQk8pcC1bumwbAOHP7acPPieIXzdLZkJYu5/RNZM3P8zl3eGAxvgFsjGg3mfIKSl +4PYN1dLCq4Ar8PQJ6J04ntMuWzxyex9W15bX40nesZnmH0QMmhGsGItkpU9I65O1 +cx4e7mI58GUvb/92KKzTFWo5BLErG0YHGrNx6uYsVT32pcmhXqq8pTVhj+xpynh2 +zbVHBGbTloRiD8COF98kbIGxhZqDlIjBN+X6vG32s7OTZ1ggY3OBnlH5Xd26yal8 +7s1fi9/QLjPkqk41F2t5RxfQiWhTNw6Ht59WkcmoXRJclb4k/4t5cxIuJWYBM6wI +5Do= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/03.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/03.pem new file mode 100644 index 0000000..5ef078e --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/03.pem @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 9 06:09:55 2009 GMT + Not After : Mar 9 06:09:55 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab: + 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68: + fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41: + b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07: + 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14: + 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3: + 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd: + bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57: + 2a:e8:e8:44:0f:59:ea:e7:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:80 + + Signature Algorithm: sha1WithRSAEncryption + a2:38:fe:fc:ab:b7:a1:d0:6d:52:b9:bd:7d:ab:24:94:01:bf: + 2c:26:a9:6d:90:33:ac:3a:84:f3:35:7d:2e:26:5b:27:30:c7: + 98:ba:a2:a8:a8:21:1c:32:a4:e9:3c:0a:91:9e:f9:e7:f1:6a: + 9a:c4:58:e6:24:1c:78:8e:2e:94:9c:c1:d8:87:bf:ba:0b:84: + b8:96:5f:47:fc:b1:da:5d:d6:ae:a1:d7:37:36:4a:bf:41:5e: + cc:6f:ef:4f:2f:a1:a4:25:ba:b9:a3:01:6d:3e:e9:19:e4:a7: + 05:51:f9:a4:8b:09:e3:3c:1f:0d:e2:98:9d:5a:66:c2:e2:80: + ef:7d:4c:34:00:fe:08:10:4a:8f:6d:3d:46:95:cb:5a:19:95: + 65:98:b0:b7:9f:ec:14:65:56:04:c7:a5:e3:95:5e:5a:11:30: + 92:4f:40:e2:bc:b9:01:cb:ff:a9:34:b3:c0:7e:ab:3d:8d:f9: + 68:aa:46:33:2c:52:fd:ab:5a:b0:32:27:f0:43:8e:79:cd:aa: + c9:c8:1b:1e:45:58:8c:36:b3:39:c4:25:a6:9c:81:01:5f:a3: + 19:d8:4d:e1:a3:a0:14:92:45:0c:ba:38:57:ce:aa:c6:98:b7: + b0:53:74:fb:d6:52:ba:3b:0a:95:29:d6:99:57:d5:4f:19:48: + e1:87:ac:ed:14:2c:34:0c:65:e7:d3:df:c0:92:5f:4b:2b:9c: + 3c:48:a0:bb:21:af:fe:37:b5:84:36:00:e5:97:00:ef:46:75: + 9f:e8:b4:24:91:76:ae:49:ed:a6:63:3d:22:2b:26:39:f6:77: + 76:f0:d1:93:bd:68:6e:66:50:50:4f:26:d1:4b:8f:d3:b1:b8: + 07:8b:5f:f8:ca:79:b6:40:1d:ab:09:14:e0:96:32:69:4a:bd: + 81:c2:5f:1e:5f:d8:84:9c:df:3a:3e:0c:14:10:46:b6:9d:b4: + 2d:71:f5:57:37:8e:b4:b5:9b:26:d5:69:89:7c:12:d8:0c:29: + 42:96:5b:e8:57:07:da:60:3e:c8:4e:52:83:b1:46:4b:91:ad: + 1e:89:97:b0:26:a6:b9:d5:b2:67:9b:e5:8c:02:56:aa:44:78: + 7b:15:a7:ad:ed:7b:d4:75:ac:5f:3e:fd:f3:52:89:7d:a5:25: + 5f:2d:b2:cb:99:25:8a:64:48:39:23:c0:82:34:4f:06:41:c3: + 07:d9:38:cc:99:59:c2:f0:88:65:91:7e:fb:59:3a:02:34:02: + 5a:90:4a:78:11:c0:fe:ab:09:04:c9:66:80:1e:fa:24:fc:c8: + cd:d8:bf:b4:fe:23:5d:22:0c:92:09:90:2d:76:a6:99:c1:7e: + d4:68:b4:36:ae:11:c8:b2 +-----BEGIN CERTIFICATE----- +MIID5zCCAc+gAwIBAgIBAzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMwOTA2MDk1NVoXDTEw +MDMwOTA2MDk1NVowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj +YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR +YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU +Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm +bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaMzMDEwLwYIKwYBBQUH +AQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vMTI3LjAuMC4xOjgwMA0GCSqGSIb3 +DQEBBQUAA4ICAQCiOP78q7eh0G1Sub19qySUAb8sJqltkDOsOoTzNX0uJlsnMMeY +uqKoqCEcMqTpPAqRnvnn8WqaxFjmJBx4ji6UnMHYh7+6C4S4ll9H/LHaXdauodc3 +Nkq/QV7Mb+9PL6GkJbq5owFtPukZ5KcFUfmkiwnjPB8N4pidWmbC4oDvfUw0AP4I +EEqPbT1GlctaGZVlmLC3n+wUZVYEx6XjlV5aETCST0DivLkBy/+pNLPAfqs9jflo +qkYzLFL9q1qwMifwQ455zarJyBseRViMNrM5xCWmnIEBX6MZ2E3ho6AUkkUMujhX +zqrGmLewU3T71lK6OwqVKdaZV9VPGUjhh6ztFCw0DGXn09/Akl9LK5w8SKC7Ia/+ +N7WENgDllwDvRnWf6LQkkXauSe2mYz0iKyY59nd28NGTvWhuZlBQTybRS4/TsbgH +i1/4ynm2QB2rCRTgljJpSr2Bwl8eX9iEnN86PgwUEEa2nbQtcfVXN460tZsm1WmJ +fBLYDClCllvoVwfaYD7ITlKDsUZLka0eiZewJqa51bJnm+WMAlaqRHh7Faet7XvU +daxfPv3zUol9pSVfLbLLmSWKZEg5I8CCNE8GQcMH2TjMmVnC8IhlkX77WToCNAJa +kEp4EcD+qwkEyWaAHvok/MjN2L+0/iNdIgySCZAtdqaZwX7UaLQ2rhHIsg== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/04.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/04.pem new file mode 100644 index 0000000..8de6e3d --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/04.pem @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 9 06:11:08 2009 GMT + Not After : Mar 9 06:11:08 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab: + 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68: + fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41: + b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07: + 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14: + 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3: + 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd: + bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57: + 2a:e8:e8:44:0f:59:ea:e7:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:80 + + Signature Algorithm: sha1WithRSAEncryption + 6c:b3:f9:8e:f2:e6:c1:5e:a5:61:96:b3:77:9a:e7:bb:ba:6c: + ff:0c:cc:47:b7:4f:f4:98:08:57:0f:40:cb:4a:3b:dc:52:64: + 04:33:e3:c3:94:65:1d:a7:2b:d8:59:3b:74:37:cc:0e:06:fa: + db:8c:b5:45:08:b1:f6:0b:3f:c8:f6:d6:36:4a:9b:df:41:58: + 7c:9d:85:e4:d7:a3:87:64:68:1c:0d:33:bc:f3:b0:c7:01:72: + ee:e8:e0:9b:e4:bf:b1:71:ec:eb:ca:6c:c5:4f:b8:66:06:42: + fd:24:a4:d3:cb:35:d1:e8:0a:88:dd:ff:4e:43:59:87:96:9a: + 13:08:8b:e4:c6:3f:3d:b8:5f:5f:91:a1:2f:39:bf:a7:33:4c: + 7d:3d:38:3d:b9:f7:15:f6:eb:f6:c3:5a:ed:1d:54:d2:7b:98: + aa:32:06:7e:b1:9c:fe:29:02:be:7e:f2:d6:75:0a:a8:21:e6: + 38:6e:8d:29:60:65:64:5c:7a:1d:75:fd:48:ca:25:76:79:95: + 19:0b:98:d5:76:14:c0:27:92:aa:f7:c6:1f:bc:82:65:d0:7c: + ea:bb:a0:1c:e6:7b:0f:5d:87:8f:31:75:5a:79:49:cd:eb:1d: + ee:02:e1:4c:ae:d0:89:78:d1:43:fb:ca:08:11:26:4c:46:43: + a4:43:3f:55:a0:5c:d3:48:ee:e7:6c:c0:d1:1e:1c:7d:af:45: + 0c:6f:31:33:df:28:dd:94:71:09:e5:1c:12:86:58:2a:78:0c: + e3:05:5e:92:ae:fb:0b:2e:16:bb:9a:d0:b9:d8:77:8b:17:fb: + fe:9a:0c:99:bb:1e:9a:ac:b4:dc:08:fa:6b:f8:48:fc:71:c7: + 06:16:20:5c:38:19:66:f7:4d:86:e8:6e:f9:f9:4c:94:d7:df: + 57:d4:2a:08:37:a7:71:17:51:37:3e:b3:8e:0a:5a:4c:1f:6c: + 24:5a:df:4b:39:ec:a1:12:8a:c1:95:43:e8:6f:5a:63:b2:20: + 1b:b0:c4:67:17:a9:be:c3:1d:04:99:26:37:f9:df:04:3d:e9: + 26:54:d2:26:20:30:df:f8:1d:0e:1a:21:12:a5:b4:cf:ae:5f: + 4b:87:6d:3c:a3:9f:5f:e9:ad:34:ed:38:59:8c:be:2b:c7:1a: + 51:a3:b9:8a:1c:ae:47:b0:93:78:5a:21:fc:c1:91:6d:87:3c: + 74:2a:a7:6f:fc:73:fe:6c:c8:17:19:2c:1f:2e:17:b9:62:38: + bd:0e:81:fb:6e:39:94:25:55:21:d3:6a:6a:c4:3e:00:61:99: + 00:33:d5:6b:36:2e:f6:d4:bf:bc:d0:a5:c6:51:95:aa:d4:67: + aa:b7:a2:92:10:7a:96:51 +-----BEGIN CERTIFICATE----- +MIID5zCCAc+gAwIBAgIBBDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMwOTA2MTEwOFoXDTEw +MDMwOTA2MTEwOFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj +YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR +YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU +Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm +bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaMzMDEwLwYIKwYBBQUH +AQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vMTI3LjAuMC4xOjgwMA0GCSqGSIb3 +DQEBBQUAA4ICAQBss/mO8ubBXqVhlrN3mue7umz/DMxHt0/0mAhXD0DLSjvcUmQE +M+PDlGUdpyvYWTt0N8wOBvrbjLVFCLH2Cz/I9tY2SpvfQVh8nYXk16OHZGgcDTO8 +87DHAXLu6OCb5L+xcezrymzFT7hmBkL9JKTTyzXR6AqI3f9OQ1mHlpoTCIvkxj89 +uF9fkaEvOb+nM0x9PTg9ufcV9uv2w1rtHVTSe5iqMgZ+sZz+KQK+fvLWdQqoIeY4 +bo0pYGVkXHoddf1IyiV2eZUZC5jVdhTAJ5Kq98YfvIJl0Hzqu6Ac5nsPXYePMXVa +eUnN6x3uAuFMrtCJeNFD+8oIESZMRkOkQz9VoFzTSO7nbMDRHhx9r0UMbzEz3yjd +lHEJ5RwShlgqeAzjBV6SrvsLLha7mtC52HeLF/v+mgyZux6arLTcCPpr+Ej8cccG +FiBcOBlm902G6G75+UyU199X1CoIN6dxF1E3PrOOClpMH2wkWt9LOeyhEorBlUPo +b1pjsiAbsMRnF6m+wx0EmSY3+d8EPekmVNImIDDf+B0OGiESpbTPrl9Lh208o59f +6a007ThZjL4rxxpRo7mKHK5HsJN4WiH8wZFthzx0Kqdv/HP+bMgXGSwfLhe5Yji9 +DoH7bjmUJVUh02pqxD4AYZkAM9VrNi721L+80KXGUZWq1Geqt6KSEHqWUQ== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/05.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/05.pem new file mode 100644 index 0000000..de8f1da --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/05.pem @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 5 (0x5) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 9 06:12:23 2009 GMT + Not After : Mar 9 06:12:23 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab: + 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68: + fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41: + b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07: + 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14: + 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3: + 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd: + bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57: + 2a:e8:e8:44:0f:59:ea:e7:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:80 + + Signature Algorithm: sha1WithRSAEncryption + 4d:c8:99:4f:87:bc:aa:fa:03:99:57:b0:9b:56:a4:6a:7f:fc: + 34:5d:ef:c5:9e:f1:d2:65:95:8c:f0:d6:47:9e:50:3b:1b:1f: + 54:a7:75:6c:67:19:11:c4:c0:23:2f:a2:80:2c:08:84:10:63: + 17:f5:4f:e7:24:53:cf:f6:52:64:b4:e6:5a:44:73:c9:f2:c0: + 91:5f:23:2a:a4:4e:14:57:19:9e:82:82:d5:e1:cd:2e:1a:8d: + 6c:45:e9:46:41:ec:25:e1:84:c9:f7:97:61:0c:2d:28:86:03: + 1f:bf:8f:61:f2:b4:37:eb:e9:e7:9e:1a:55:1c:95:2d:50:f8: + 1e:01:b8:3a:22:cb:18:00:43:ec:6c:6c:51:0c:ee:28:a1:85: + 1c:b5:15:69:8b:0d:45:26:d9:48:19:d3:42:6a:e9:29:81:60: + db:49:df:f0:1a:4b:82:68:f0:40:af:8b:22:1f:60:08:8a:40: + e3:c1:cc:89:8f:28:12:ea:70:eb:a7:98:af:c8:2e:36:0d:5f: + b9:eb:79:dc:64:f4:a6:70:91:00:f6:0e:81:bc:f6:35:d2:0a: + ed:52:ff:2e:69:68:72:d1:19:32:39:47:80:82:c3:3d:36:98: + 2f:9a:fe:6d:dc:7c:45:7a:fe:01:d6:36:de:53:92:4e:2c:0c: + b1:a2:39:d1:5f:50:c4:6a:a1:2b:15:17:df:20:8f:dd:79:cf: + f1:ce:76:df:fa:b1:f6:6b:67:e7:c7:3a:7d:2e:53:fe:f7:c2: + 1f:b7:fa:71:09:b7:9f:83:91:0a:ce:eb:00:55:47:35:0b:ef: + fc:ac:b2:03:e0:78:89:2d:56:a8:52:a1:93:6c:44:25:58:bd: + 4a:ba:f9:85:23:fc:c0:db:4c:8b:95:54:be:ed:18:90:46:27: + f1:3f:37:26:00:08:9f:fc:ce:5b:7e:64:26:46:51:42:c1:de: + c4:2f:a8:73:74:0b:e6:48:aa:f3:01:df:63:36:d9:4b:6a:08: + 02:ac:51:44:e9:ce:99:02:62:f5:87:d9:b2:a6:0b:77:bf:93: + bd:ea:47:4c:6c:83:b5:0f:ca:ba:9b:55:8c:da:4f:87:63:d6: + 32:87:b0:8a:74:3e:02:f5:47:96:dd:85:26:2e:43:63:96:45: + 48:ca:45:b9:7c:4e:ae:93:69:0c:72:b2:c1:fe:81:ae:ab:be: + e9:14:eb:ea:d6:e8:a4:a3:4f:dc:90:d5:10:b7:53:b7:85:81: + aa:46:bc:c6:f6:97:1f:a7:55:0b:e2:45:e8:f9:ef:f4:62:88: + bd:46:85:39:55:3c:32:92:1c:41:0c:cc:92:3b:17:9a:cc:ef: + 2f:3b:c5:e0:39:cc:23:47 +-----BEGIN CERTIFICATE----- +MIID5zCCAc+gAwIBAgIBBTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMwOTA2MTIyM1oXDTEw +MDMwOTA2MTIyM1owYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj +YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR +YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU +Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm +bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaMzMDEwLwYIKwYBBQUH +AQEEIzAhMB8GCCsGAQUFBzABhhNodHRwOi8vMTI3LjAuMC4xOjgwMA0GCSqGSIb3 +DQEBBQUAA4ICAQBNyJlPh7yq+gOZV7CbVqRqf/w0Xe/FnvHSZZWM8NZHnlA7Gx9U +p3VsZxkRxMAjL6KALAiEEGMX9U/nJFPP9lJktOZaRHPJ8sCRXyMqpE4UVxmegoLV +4c0uGo1sRelGQewl4YTJ95dhDC0ohgMfv49h8rQ36+nnnhpVHJUtUPgeAbg6IssY +AEPsbGxRDO4ooYUctRVpiw1FJtlIGdNCaukpgWDbSd/wGkuCaPBAr4siH2AIikDj +wcyJjygS6nDrp5ivyC42DV+563ncZPSmcJEA9g6BvPY10grtUv8uaWhy0RkyOUeA +gsM9Npgvmv5t3HxFev4B1jbeU5JOLAyxojnRX1DEaqErFRffII/dec/xznbf+rH2 +a2fnxzp9LlP+98Ift/pxCbefg5EKzusAVUc1C+/8rLID4HiJLVaoUqGTbEQlWL1K +uvmFI/zA20yLlVS+7RiQRifxPzcmAAif/M5bfmQmRlFCwd7EL6hzdAvmSKrzAd9j +NtlLaggCrFFE6c6ZAmL1h9mypgt3v5O96kdMbIO1D8q6m1WM2k+HY9Yyh7CKdD4C +9UeW3YUmLkNjlkVIykW5fE6uk2kMcrLB/oGuq77pFOvq1uiko0/ckNUQt1O3hYGq +RrzG9pcfp1UL4kXo+e/0Yoi9RoU5VTwykhxBDMySOxeazO8vO8XgOcwjRw== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/06.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/06.pem new file mode 100644 index 0000000..2fb2e95 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/06.pem @@ -0,0 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6 (0x6) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 10 00:10:31 2009 GMT + Not After : Mar 10 00:10:31 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:d4:41:90:ba:e8:97:0c:89:05:f0:95:75:44:ff: + f3:c9:b1:68:90:0a:83:a2:30:6d:f4:8d:2d:e1:ec: + c7:bd:ba:24:39:bf:ae:29:fa:65:2b:c6:98:ee:13: + 74:7c:5d:68:36:5b:b4:0c:ae:6b:99:40:b8:39:a2: + df:fa:97:e3:62:37:ff:3c:ae:39:6a:1c:77:39:81: + 2e:9d:c9:a4:30:e0:4c:e6:18:e9:57:04:a1:09:0b: + ab:ac:00:9c:ca:65:96:59:1f:e9:21:86:9b:d8:ef: + 86:db:99:70:1c:39:31:9f:48:f9:02:0d:4d:53:aa: + ac:ad:f1:58:ca:84:98:44:95 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + OCSP Signing + Signature Algorithm: sha1WithRSAEncryption + a5:f6:ed:d3:38:76:cd:45:47:1f:0d:cf:67:ee:7d:e7:c5:dc: + fe:a6:8d:88:3e:f8:29:dd:54:1c:a4:b7:3b:7b:a3:59:5d:64: + 16:a9:2a:66:3b:3e:08:2d:32:88:0e:cd:8c:05:84:39:a0:19: + 1f:91:24:ee:e9:a8:a7:b6:21:40:ca:12:d7:e5:98:4a:0f:d7: + 31:e4:86:b0:1b:56:c1:38:d7:26:c2:fb:3d:2b:71:68:4c:a4: + 80:16:2e:13:1a:d6:5e:92:b9:cf:ff:19:ea:65:49:b1:db:17: + b8:d3:46:99:2c:12:20:51:6c:7d:a3:41:b3:88:f6:88:e2:07: + 6e:49:6f:32:8d:dc:a0:e3:01:e6:5e:15:07:06:55:48:ae:f5: + 77:8c:92:92:31:fa:06:29:5e:fc:16:1c:69:25:62:7e:6c:e4: + 9b:60:c1:c9:28:6b:62:d3:72:bb:e6:a1:41:89:5d:56:5b:3f: + 38:98:c0:c0:08:41:84:01:c1:cf:23:44:92:98:f7:47:40:a0: + 8c:a7:29:a3:2d:15:f8:cd:7b:40:dc:84:8f:46:0f:d4:fe:78: + 96:3a:53:01:31:64:47:3b:d8:50:92:7f:87:6c:94:ce:9e:07: + 96:53:0a:c5:a8:2b:07:b4:8c:55:0d:e3:96:1b:fd:62:e8:19: + c7:bc:ab:79:65:aa:83:5d:a3:94:db:84:23:e2:4c:ef:74:8f: + 36:15:71:fd:a1:78:f0:c4:23:2e:ec:8b:de:df:23:58:6e:f6: + c0:4a:ff:d0:b4:1b:f5:dd:e4:ab:bf:65:13:ee:ac:e4:86:31: + 35:60:8d:04:bd:a3:90:35:11:b6:55:86:65:22:ec:ae:ef:65: + 06:27:91:b7:a3:a0:84:83:c3:ae:fb:39:0b:74:c2:aa:da:2e: + 52:27:5a:07:10:ba:10:a8:2c:54:c1:87:4d:cb:d5:fa:6f:6a: + fe:1b:61:74:79:96:c4:b1:26:61:2d:26:6a:59:07:cd:20:11: + 15:13:78:9b:77:5b:65:43:17:e0:0a:6e:6e:e5:72:37:58:3a: + 96:e4:28:08:56:c5:78:2a:e8:ac:cb:44:66:25:a4:19:8a:bb: + c8:10:8f:25:0d:93:a2:e8:d0:58:85:69:b0:fd:fa:38:83:90: + 29:84:57:1c:39:6c:52:87:f5:4b:de:cf:c6:b8:4a:e2:a2:c8: + c9:4e:7a:a3:51:13:d7:62:3a:31:7c:b9:ad:df:1e:a2:2f:c6: + 5f:3f:f9:e3:e7:e2:8d:6c:1d:49:93:b7:ea:84:80:01:41:6e: + 8d:a4:00:4e:9c:8b:5a:6f:84:6e:04:a2:7c:9c:e7:6b:30:50: + a5:1d:2d:2e:00:24:6c:6b +-----BEGIN CERTIFICATE----- +MIIDuzCCAaOgAwIBAgIBBjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMDAwMTAzMVoXDTEw +MDMxMDAwMTAzMVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUQZC66JcMiQXwlXVE//PJsWiQ +CoOiMG30jS3h7Me9uiQ5v64p+mUrxpjuE3R8XWg2W7QMrmuZQLg5ot/6l+NiN/88 +rjlqHHc5gS6dyaQw4EzmGOlXBKEJC6usAJzKZZZZH+khhpvY74bbmXAcOTGfSPkC +DU1Tqqyt8VjKhJhElQIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkq +hkiG9w0BAQUFAAOCAgEApfbt0zh2zUVHHw3PZ+5958Xc/qaNiD74Kd1UHKS3O3uj +WV1kFqkqZjs+CC0yiA7NjAWEOaAZH5Ek7umop7YhQMoS1+WYSg/XMeSGsBtWwTjX +JsL7PStxaEykgBYuExrWXpK5z/8Z6mVJsdsXuNNGmSwSIFFsfaNBs4j2iOIHbklv +Mo3coOMB5l4VBwZVSK71d4ySkjH6Bile/BYcaSVifmzkm2DByShrYtNyu+ahQYld +Vls/OJjAwAhBhAHBzyNEkpj3R0CgjKcpoy0V+M17QNyEj0YP1P54ljpTATFkRzvY +UJJ/h2yUzp4HllMKxagrB7SMVQ3jlhv9YugZx7yreWWqg12jlNuEI+JM73SPNhVx +/aF48MQjLuyL3t8jWG72wEr/0LQb9d3kq79lE+6s5IYxNWCNBL2jkDURtlWGZSLs +ru9lBieRt6OghIPDrvs5C3TCqtouUidaBxC6EKgsVMGHTcvV+m9q/hthdHmWxLEm +YS0malkHzSARFRN4m3dbZUMX4ApubuVyN1g6luQoCFbFeCrorMtEZiWkGYq7yBCP +JQ2ToujQWIVpsP36OIOQKYRXHDlsUof1S97PxrhK4qLIyU56o1ET12I6MXy5rd8e +oi/GXz/54+fijWwdSZO36oSAAUFujaQATpyLWm+EbgSifJznazBQpR0tLgAkbGs= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/07.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/07.pem new file mode 100644 index 0000000..5550456 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/07.pem @@ -0,0 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 7 (0x7) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 10 00:14:51 2009 GMT + Not After : Mar 10 00:14:51 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42: + 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37: + cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be: + ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14: + 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a: + b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51: + ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3: + 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46: + c7:92:f2:b3:ba:6c:90:3d:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + OCSP Signing + Signature Algorithm: sha1WithRSAEncryption + 2d:28:82:cc:79:30:2e:b5:8e:4f:d9:3b:f4:8b:c8:a3:e6:3b: + cb:2c:0f:97:1c:8b:7f:06:e1:5d:3b:ec:af:c5:de:ef:c4:fa: + 0b:63:ee:cb:ad:60:7f:42:6f:82:6d:f2:fb:bb:9a:36:f7:1a: + 6c:9c:82:e8:17:18:41:35:47:72:e8:36:b4:1a:c1:ae:59:7c: + 92:07:62:8f:00:9a:2e:c8:5e:62:20:5f:14:82:0d:fe:de:04: + c8:b0:b6:03:d4:aa:41:70:4f:f9:05:ba:b5:c7:3c:36:a0:68: + 81:c5:82:91:56:fc:65:fe:73:c4:b3:91:d2:c4:51:16:cb:48: + 32:e3:b1:ea:a4:dc:e0:de:9b:f2:75:22:cd:04:2d:2d:c9:76: + aa:3b:b8:c6:1a:86:86:1f:a7:11:e0:6d:16:f4:5b:b3:09:1d: + 34:c1:0e:1a:c8:21:82:91:73:bc:e5:c5:cb:d3:ed:46:d5:f5: + a6:f8:65:a6:91:7b:cd:a9:0d:a6:37:3e:d9:3f:6f:c4:c7:aa: + d9:95:75:dc:6d:38:9e:54:3d:0f:a1:26:16:28:71:6b:14:9e: + be:66:8b:f4:71:c1:3e:34:a0:a1:5d:da:31:1c:63:9f:9d:01: + 7f:62:13:9d:3b:74:a2:b3:0a:d5:24:c0:35:07:c0:6d:20:c1: + 2a:21:fb:82:a5:9c:eb:3e:ce:25:57:02:d6:38:77:5e:a0:2a: + 52:0c:f7:3f:f3:d3:aa:0c:53:a9:1c:e9:39:d7:0d:96:28:b8: + e2:e9:1c:e3:92:12:1e:e1:3e:44:5a:fb:25:1e:2c:74:a9:93: + 24:a0:f0:02:63:bf:e2:45:a0:c5:6f:40:e4:3b:b2:b1:f1:0a: + 19:89:b9:54:d6:61:21:3d:7b:4b:91:fe:d9:f0:e1:48:20:d9: + 0b:e2:be:dd:f7:5b:6f:c8:76:ca:74:9f:a5:4a:9a:9c:1d:f0: + ec:40:72:82:67:fc:2a:9f:4e:f1:7f:e4:b5:7e:c0:3f:22:36: + 18:c3:48:88:7f:0c:2d:26:cc:40:c5:82:bd:23:e5:6c:ce:3c: + 27:19:27:fe:7b:1b:fa:cb:38:0a:9f:a6:44:4b:c2:22:63:68: + 3c:fa:86:11:af:5d:05:7c:5b:fd:26:9a:78:18:c7:f6:1e:1f: + 69:b9:ba:71:3b:dc:95:c1:3f:59:17:42:f1:48:2b:10:5f:67: + 46:32:37:4a:1a:85:d0:00:81:92:50:6c:29:80:e1:b5:bf:52: + a8:79:c0:5d:b9:36:e3:f7:d5:69:dc:de:54:13:c0:d3:6e:7a: + 9c:a8:e9:e4:f6:57:ed:aa:bd:6e:c1:c5:35:ed:72:17:65:e3: + cd:f0:a3:a0:10:95:b8:70 +-----BEGIN CERTIFICATE----- +MIIDuzCCAaOgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMDAwMTQ1MVoXDTEw +MDMxMDAwMTQ1MVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb +rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li +sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq +j9ppRseS8rO6bJA9cQIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkq +hkiG9w0BAQUFAAOCAgEALSiCzHkwLrWOT9k79IvIo+Y7yywPlxyLfwbhXTvsr8Xe +78T6C2Puy61gf0Jvgm3y+7uaNvcabJyC6BcYQTVHcug2tBrBrll8kgdijwCaLshe +YiBfFIIN/t4EyLC2A9SqQXBP+QW6tcc8NqBogcWCkVb8Zf5zxLOR0sRRFstIMuOx +6qTc4N6b8nUizQQtLcl2qju4xhqGhh+nEeBtFvRbswkdNMEOGsghgpFzvOXFy9Pt +RtX1pvhlppF7zakNpjc+2T9vxMeq2ZV13G04nlQ9D6EmFihxaxSevmaL9HHBPjSg +oV3aMRxjn50Bf2ITnTt0orMK1STANQfAbSDBKiH7gqWc6z7OJVcC1jh3XqAqUgz3 +P/PTqgxTqRzpOdcNlii44ukc45ISHuE+RFr7JR4sdKmTJKDwAmO/4kWgxW9A5Duy +sfEKGYm5VNZhIT17S5H+2fDhSCDZC+K+3fdbb8h2ynSfpUqanB3w7EBygmf8Kp9O +8X/ktX7APyI2GMNIiH8MLSbMQMWCvSPlbM48Jxkn/nsb+ss4Cp+mREvCImNoPPqG +Ea9dBXxb/SaaeBjH9h4fabm6cTvclcE/WRdC8UgrEF9nRjI3ShqF0ACBklBsKYDh +tb9SqHnAXbk24/fVadzeVBPA0256nKjp5PZX7aq9bsHFNe1yF2XjzfCjoBCVuHA= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/08.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/08.pem new file mode 100644 index 0000000..9dba2db --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/08.pem @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 8 (0x8) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 10 08:04:09 2009 GMT + Not After : Mar 10 08:04:09 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab: + 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68: + fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41: + b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07: + 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14: + 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3: + 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd: + bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57: + 2a:e8:e8:44:0f:59:ea:e7:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:80/0001 + + Signature Algorithm: sha1WithRSAEncryption + 71:65:df:93:41:79:18:74:88:43:3b:dd:0f:b4:ac:96:16:f3: + 0c:39:28:03:3e:3a:ee:0f:ce:d8:8c:14:3d:ae:e7:f8:a5:ff: + 2f:f3:a9:17:0e:a3:6f:d0:a0:97:bb:b9:96:ba:ec:fc:3f:ef: + 86:5c:d0:1c:66:2a:ac:7a:ca:a4:c2:4b:a3:6d:5f:3e:eb:e3: + df:c7:74:d8:b8:04:ab:de:91:96:26:1b:83:78:6e:4c:37:ad: + b1:90:e8:35:b2:da:fb:ee:8b:75:02:21:a0:11:b7:52:4f:90: + 86:6c:5a:be:74:b8:cf:3b:0c:ff:08:27:f5:d9:13:62:fc:8e: + 61:35:bb:48:fa:28:d0:5d:1b:73:4b:c3:29:d0:e0:b4:9b:9f: + 59:9e:6a:5d:7a:55:4f:91:94:28:0c:76:e5:9e:83:db:f9:1e: + 44:98:5d:6c:a6:2e:a0:b2:bf:f3:f0:d8:45:46:77:26:32:32: + 2f:a2:8a:80:37:81:78:74:5f:91:e8:25:a7:bd:d2:34:cb:57: + 80:d3:cf:1d:b1:2d:fb:d1:fd:0b:84:a5:86:f1:c9:25:06:3a: + 65:06:8b:e8:b0:6b:57:35:73:30:18:a9:fe:c6:6f:8c:63:45: + 62:c3:8b:f6:d8:70:38:8a:e7:c2:63:0e:4a:4b:a7:d8:45:42: + 59:96:af:05:4c:ac:fe:d5:cc:45:7e:b6:30:39:52:f2:e8:26: + 0d:22:be:b6:bf:e9:d4:ff:f7:5a:55:b3:5c:86:95:72:01:06: + d8:58:26:21:9b:b9:02:f0:03:84:16:d3:f0:20:cb:7d:28:c8: + f5:6d:d8:8e:57:29:f8:ba:c2:f4:e5:ea:d2:f1:6e:8b:44:f1: + a0:1a:5b:e8:e1:e2:a1:6c:18:a5:06:df:d0:94:6c:20:34:c1: + 0c:5e:e5:fc:d8:74:e6:a1:6a:a5:00:ca:30:a3:6b:71:8b:3c: + 27:8b:c0:b5:2a:e0:78:10:8a:8b:ae:0b:ff:8a:f2:ef:e1:1e: + dd:2a:d5:2f:8f:98:b1:4d:db:66:6b:b1:bd:85:d6:36:bd:19: + 29:bd:40:1d:1a:b5:7f:77:a5:08:3f:98:07:38:82:e5:e3:53: + b7:cc:54:66:e0:f2:b7:4c:0c:da:3c:5b:5f:d9:9b:f6:86:e2: + e6:c8:d4:9a:81:e2:5b:e3:a7:0d:d9:4c:ac:98:b2:b7:de:56: + 2c:82:3a:a2:64:55:36:2b:d5:95:1c:ff:bd:25:1c:9e:a1:55: + d6:00:c2:ae:d3:54:63:33:ac:30:dd:52:90:78:53:9f:7c:b4: + 72:4c:1a:3e:b1:90:5e:ce:af:a0:d7:5f:3e:dd:c5:28:42:03: + ea:a7:5e:5b:ff:fa:b0:89 +-----BEGIN CERTIFICATE----- +MIID7DCCAdSgAwIBAgIBCDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMDA4MDQwOVoXDTEw +MDMxMDA4MDQwOVowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj +YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR +YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU +Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm +bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH +AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgwLzAwMDEwDQYJ +KoZIhvcNAQEFBQADggIBAHFl35NBeRh0iEM73Q+0rJYW8ww5KAM+Ou4PztiMFD2u +5/il/y/zqRcOo2/QoJe7uZa67Pw/74Zc0BxmKqx6yqTCS6NtXz7r49/HdNi4BKve +kZYmG4N4bkw3rbGQ6DWy2vvui3UCIaARt1JPkIZsWr50uM87DP8IJ/XZE2L8jmE1 +u0j6KNBdG3NLwynQ4LSbn1meal16VU+RlCgMduWeg9v5HkSYXWymLqCyv/Pw2EVG +dyYyMi+iioA3gXh0X5HoJae90jTLV4DTzx2xLfvR/QuEpYbxySUGOmUGi+iwa1c1 +czAYqf7Gb4xjRWLDi/bYcDiK58JjDkpLp9hFQlmWrwVMrP7VzEV+tjA5UvLoJg0i +vra/6dT/91pVs1yGlXIBBthYJiGbuQLwA4QW0/Agy30oyPVt2I5XKfi6wvTl6tLx +botE8aAaW+jh4qFsGKUG39CUbCA0wQxe5fzYdOahaqUAyjCja3GLPCeLwLUq4HgQ +iouuC/+K8u/hHt0q1S+PmLFN22Zrsb2F1ja9GSm9QB0atX93pQg/mAc4guXjU7fM +VGbg8rdMDNo8W1/Zm/aG4ubI1JqB4lvjpw3ZTKyYsrfeViyCOqJkVTYr1ZUc/70l +HJ6hVdYAwq7TVGMzrDDdUpB4U598tHJMGj6xkF7Or6DXXz7dxShCA+qnXlv/+rCJ +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/09.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/09.pem new file mode 100644 index 0000000..399064f --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/09.pem @@ -0,0 +1,91 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9 (0x9) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 11 10:49:52 2009 GMT + Not After : Mar 11 10:49:52 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42: + 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37: + cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be: + ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14: + 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a: + b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51: + ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3: + 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46: + c7:92:f2:b3:ba:6c:90:3d:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + CB:F2:C4:A9:D8:FB:EB:6D:99:08:AB:41:10:5D:9F:90:77:73:E5:AA + X509v3 Authority Key Identifier: + DirName:/C=KR/ST=KyungGi-Do/L=Suwon-Si/O=Samsung Elec./CN=CA + serial:F2:5B:40:5B:C2:B7:D0:64 + + Signature Algorithm: sha1WithRSAEncryption + 38:fc:55:d5:e9:ae:c2:64:71:3d:ec:7d:b3:b3:a2:3c:cc:81: + 97:19:5d:88:b1:a9:64:44:0a:74:80:80:5d:b8:c2:1f:8b:e6: + 8f:ae:03:e1:61:ba:68:ff:16:2e:8e:c4:81:44:ce:ac:06:db: + c1:57:d3:e5:a3:f6:e2:02:78:b5:a3:ef:04:57:3a:59:f4:df: + 46:d2:18:61:8b:06:fc:57:15:39:0f:22:c7:81:3c:df:51:9e: + c1:ac:b4:21:81:4b:1f:90:36:9a:dc:6b:4d:5d:7d:2a:e5:ab: + d9:fe:5c:58:17:c3:58:01:a2:3d:d5:f9:e4:d8:e8:fe:be:e1: + da:8d:30:e2:22:ef:59:48:8f:0f:ba:09:66:64:96:85:d5:b1: + 90:b6:51:cc:99:35:5b:d9:e6:c4:57:07:98:c7:f5:68:7d:e2: + 59:40:82:ae:9f:64:02:47:43:69:27:4a:9c:e4:70:b4:a9:20: + c1:4f:10:9a:50:eb:c1:52:75:a6:72:84:cc:92:b4:cd:e1:36: + e8:1a:ad:19:dc:0e:a2:49:e8:c8:0d:cd:ea:97:53:fc:a4:ea: + 0d:16:81:af:41:38:90:b2:c8:69:f4:1c:55:1c:18:84:1b:b4: + 82:c9:c0:c7:45:d8:6c:3a:b6:0e:9b:89:f1:20:c0:a9:0d:cf: + b9:ae:84:19:7f:4c:2b:be:46:4d:61:b3:bc:56:ed:a2:01:4d: + 46:a9:2d:bb:3b:73:5b:18:fc:eb:7f:60:d5:ac:60:92:f4:c0: + 73:14:54:f1:be:c5:90:e9:f0:37:69:20:cb:a7:e9:74:52:e4: + 30:38:b9:20:44:5e:9d:eb:86:ae:ed:38:8d:7d:32:59:d7:d7: + 0b:8e:78:28:a3:3b:5e:f5:a4:35:f7:fe:e9:19:4c:7a:82:c0: + 19:0f:99:bb:49:ba:38:8e:78:5c:5f:a5:7c:f7:58:aa:53:6c: + d0:bd:6a:4a:87:e7:27:f8:7a:75:cf:0d:d0:98:93:5d:8f:e2: + 85:cf:4c:93:18:34:bf:40:4c:b9:16:00:1d:ec:ce:bd:93:78: + 46:80:d9:89:a5:52:41:db:f0:8b:13:f0:07:7c:35:dc:69:69: + 16:67:31:60:ea:27:34:cb:8a:9b:d9:98:48:f6:fa:77:74:9d: + 07:a8:60:df:74:e9:e1:25:5f:83:78:0d:69:37:b4:a5:78:7d: + 0d:0f:e0:17:b9:42:7f:9e:41:33:5a:f3:b0:80:3e:f2:ed:5e: + 93:60:8a:4e:88:a2:5e:40:ae:f9:ec:11:cb:76:0d:b6:ee:54: + 31:f0:a3:37:9e:0f:22:c4:b8:c5:63:24:8c:c5:a9:24:c9:1b: + 27:c6:1b:69:21:08:8c:33 +-----BEGIN CERTIFICATE----- +MIIEdjCCAl6gAwIBAgIBCTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMTEwNDk1MloXDTEw +MDMxMTEwNDk1MlowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb +rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li +sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq +j9ppRseS8rO6bJA9cQIDAQABo4HRMIHOMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgEN +BB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTL8sSp +2PvrbZkIq0EQXZ+Qd3PlqjB0BgNVHSMEbTBroV6kXDBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBggkA8ltAW8K30GQwDQYJKoZIhvcN +AQEFBQADggIBADj8VdXprsJkcT3sfbOzojzMgZcZXYixqWRECnSAgF24wh+L5o+u +A+Fhumj/Fi6OxIFEzqwG28FX0+Wj9uICeLWj7wRXOln030bSGGGLBvxXFTkPIseB +PN9RnsGstCGBSx+QNprca01dfSrlq9n+XFgXw1gBoj3V+eTY6P6+4dqNMOIi71lI +jw+6CWZkloXVsZC2UcyZNVvZ5sRXB5jH9Wh94llAgq6fZAJHQ2knSpzkcLSpIMFP +EJpQ68FSdaZyhMyStM3hNugarRncDqJJ6MgNzeqXU/yk6g0Wga9BOJCyyGn0HFUc +GIQbtILJwMdF2Gw6tg6bifEgwKkNz7muhBl/TCu+Rk1hs7xW7aIBTUapLbs7c1sY +/Ot/YNWsYJL0wHMUVPG+xZDp8DdpIMun6XRS5DA4uSBEXp3rhq7tOI19MlnX1wuO +eCijO171pDX3/ukZTHqCwBkPmbtJujiOeFxfpXz3WKpTbNC9akqH5yf4enXPDdCY +k12P4oXPTJMYNL9ATLkWAB3szr2TeEaA2YmlUkHb8IsT8Ad8NdxpaRZnMWDqJzTL +ipvZmEj2+nd0nQeoYN906eElX4N4DWk3tKV4fQ0P4Be5Qn+eQTNa87CAPvLtXpNg +ik6Iol5ArvnsEct2DbbuVDHwozeeDyLEuMVjJIzFqSTJGyfGG2khCIwz +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/0A.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/0A.pem new file mode 100644 index 0000000..edf549c --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/0A.pem @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10 (0xa) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 13 01:19:18 2009 GMT + Not After : Mar 13 01:19:18 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab: + 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68: + fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41: + b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07: + 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14: + 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3: + 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd: + bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57: + 2a:e8:e8:44:0f:59:ea:e7:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:81/0002 + + Signature Algorithm: sha1WithRSAEncryption + c2:1a:cb:28:cf:52:fa:67:16:85:c5:cb:7b:b8:4c:75:20:06: + 62:ab:43:9f:95:f6:d8:98:ab:26:ec:89:32:d6:14:15:cb:5d: + 5c:17:a4:4f:b5:c7:0e:9c:3e:f3:f0:11:ea:db:9d:5b:29:e8: + 8d:14:1e:bb:46:1e:10:68:01:4f:3a:1b:40:4a:4c:a2:47:b4: + b5:e6:c4:97:ce:df:56:a5:29:60:f5:e2:6e:d6:29:01:b8:23: + 2a:58:89:d3:5f:6a:06:28:b6:b6:5b:0f:c7:ae:62:d2:9b:32: + 06:ac:82:c4:f0:a1:fe:89:af:99:23:e4:7c:98:76:b0:e4:64: + 6b:17:24:67:fa:f4:41:65:4e:c6:1d:cc:89:52:8c:4a:52:26: + 8a:42:5b:7f:1a:93:d0:53:93:57:65:3f:6f:23:17:1c:68:13: + 58:13:50:f7:9f:a5:32:2e:5f:20:23:9e:b4:a2:75:fb:a7:d8: + 3a:c8:6c:86:18:b8:e0:09:08:c9:ec:b2:a6:6b:43:c2:c7:af: + b6:c2:a4:97:cc:35:d5:06:38:1d:73:7f:4b:ca:54:9f:b6:94: + 2d:82:81:62:37:b8:74:8a:33:1c:ed:52:4f:8f:5b:88:fd:b4: + 61:97:2e:b9:2b:99:0b:5a:f6:2a:03:bc:e2:6f:d1:16:cc:da: + be:97:26:06:e8:50:1f:e7:01:ec:5f:d8:d7:ca:74:84:70:48: + 55:3c:6f:c8:31:ed:0c:39:7a:7f:ed:81:7a:ed:f4:3b:e1:06: + 07:1d:f1:3b:81:ae:7d:1c:c7:6a:74:d9:a0:de:3f:ce:f4:d1: + 9b:ea:43:f7:e0:46:7e:ae:a2:42:2b:58:3d:a3:c3:1c:37:2d: + b7:6b:5d:3a:64:9f:97:e1:a4:1b:7e:63:06:1c:7b:3b:fa:73: + a3:41:a9:65:bd:3f:42:38:ab:27:cc:07:b4:d2:0f:f8:04:26: + 47:17:55:a6:30:83:81:87:28:55:7f:c1:53:ba:f1:09:5a:78: + cb:05:1a:08:45:42:89:78:0e:2d:a3:ed:a3:d0:70:5c:bc:0f: + f5:ee:52:dd:04:37:25:d2:20:e9:d9:e7:08:ef:39:83:e3:71: + 4f:87:1d:1b:20:57:e1:7e:18:c8:30:1d:16:c5:5a:8b:8b:b3: + f7:28:c8:7a:7f:e1:9a:60:25:49:bc:60:c0:95:3f:8d:8a:67: + af:2d:ca:d5:e0:70:f1:07:2c:77:ea:61:72:64:cb:b5:56:fc: + 9d:42:d4:99:19:ae:75:4d:61:0b:49:42:fb:fa:25:44:de:fa: + d7:98:39:7c:32:3e:9c:57:a9:51:82:63:f5:93:dd:fd:da:a8: + 04:96:67:8e:c6:2b:5f:59 +-----BEGIN CERTIFICATE----- +MIID7DCCAdSgAwIBAgIBCjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAxMTkxOFoXDTEw +MDMxMzAxMTkxOFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj +YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR +YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU +Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm +bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH +AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgxLzAwMDIwDQYJ +KoZIhvcNAQEFBQADggIBAMIayyjPUvpnFoXFy3u4THUgBmKrQ5+V9tiYqybsiTLW +FBXLXVwXpE+1xw6cPvPwEerbnVsp6I0UHrtGHhBoAU86G0BKTKJHtLXmxJfO31al +KWD14m7WKQG4IypYidNfagYotrZbD8euYtKbMgasgsTwof6Jr5kj5HyYdrDkZGsX +JGf69EFlTsYdzIlSjEpSJopCW38ak9BTk1dlP28jFxxoE1gTUPefpTIuXyAjnrSi +dfun2DrIbIYYuOAJCMnssqZrQ8LHr7bCpJfMNdUGOB1zf0vKVJ+2lC2CgWI3uHSK +MxztUk+PW4j9tGGXLrkrmQta9ioDvOJv0RbM2r6XJgboUB/nAexf2NfKdIRwSFU8 +b8gx7Qw5en/tgXrt9DvhBgcd8TuBrn0cx2p02aDeP8700ZvqQ/fgRn6uokIrWD2j +wxw3LbdrXTpkn5fhpBt+YwYcezv6c6NBqWW9P0I4qyfMB7TSD/gEJkcXVaYwg4GH +KFV/wVO68QlaeMsFGghFQol4Di2j7aPQcFy8D/XuUt0ENyXSIOnZ5wjvOYPjcU+H +HRsgV+F+GMgwHRbFWouLs/coyHp/4ZpgJUm8YMCVP42KZ68tytXgcPEHLHfqYXJk +y7VW/J1C1JkZrnVNYQtJQvv6JUTe+teYOXwyPpxXqVGCY/WT3f3aqASWZ47GK19Z +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/0B.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/0B.pem new file mode 100644 index 0000000..b7b6b8c --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/0B.pem @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11 (0xb) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 13 02:27:03 2009 GMT + Not After : Mar 13 02:27:03 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab: + 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68: + fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41: + b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07: + 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14: + 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3: + 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd: + bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57: + 2a:e8:e8:44:0f:59:ea:e7:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:82/0003 + + Signature Algorithm: sha1WithRSAEncryption + ae:34:5f:7e:66:8f:b1:5c:eb:da:31:33:60:29:43:c6:be:d7: + 1b:4e:22:97:41:9e:7a:0f:7f:e0:3b:d0:6e:6a:50:ba:a1:1f: + f0:78:e6:b0:a6:a2:08:c1:6f:5b:db:9f:42:a0:ba:8e:6b:99: + c3:91:a1:81:16:79:65:6c:bc:ca:76:b7:06:d9:89:ba:ad:12: + 32:32:b7:c3:c3:18:e2:7d:d5:88:4c:19:ab:33:03:70:c1:b3: + 14:1e:f4:b3:93:c9:73:94:f5:38:0a:52:da:b9:ef:76:32:fd: + 6d:d3:a2:ff:13:52:da:e1:d5:d6:8e:db:35:5b:df:dd:60:aa: + 99:2d:4e:bb:d4:08:43:8e:86:3c:28:51:bc:5e:d0:bd:08:7a: + 62:c7:ae:73:f3:92:60:b6:59:19:f3:ca:8a:fe:70:1a:67:c7: + 7e:95:79:f1:79:2c:56:2c:17:28:03:86:49:86:54:e0:3b:f2: + c1:ef:0f:12:cb:f9:4c:0d:fe:b9:7a:23:13:bc:67:ce:6b:d9: + 9a:68:68:71:00:ab:aa:f7:43:1a:1c:be:35:dd:69:cc:88:50: + 41:db:5a:41:e5:a5:9a:bc:2d:2b:fd:0d:52:e8:c5:ac:13:9e: + d4:99:12:2d:6d:01:10:e6:44:87:07:b2:b9:b6:54:84:69:c9: + 76:1b:c6:a5:cc:58:7b:82:14:78:9b:f1:79:19:25:44:86:56: + e1:ce:0c:bf:7a:4e:23:d7:12:f4:b6:60:d6:1d:44:db:d6:97: + 89:a9:54:36:75:91:d6:ef:88:01:94:cd:52:d4:6d:b3:7e:6d: + 61:75:fc:e0:c8:ad:ee:0a:b2:f9:e2:33:42:08:c3:f9:d1:46: + 6f:50:47:2d:51:e3:25:c3:cc:c5:1f:a9:04:8b:90:29:8f:1f: + 94:c9:de:c2:16:1a:60:e7:a0:03:65:17:3e:45:c5:5a:66:f2: + ff:9d:1d:1f:4d:ed:f3:92:76:70:a2:7d:43:ef:6d:e8:23:b8: + 9d:ad:dd:24:0b:59:22:1a:5a:0b:25:2e:55:a1:57:5b:c9:40: + cc:60:3e:a9:73:29:94:8e:83:dc:4e:25:54:6a:79:dc:f2:71: + 28:4d:c9:ec:b4:96:ad:36:8c:cb:e0:cb:54:0e:1f:e9:86:0b: + c0:32:c2:66:3b:35:e5:45:54:a0:1d:2c:3e:c2:fb:a0:b0:b2: + d1:7a:cc:fc:1f:37:81:8a:89:af:fd:60:e8:50:95:33:4a:12: + 98:7f:f6:51:c4:de:06:d9:8c:d0:11:b7:fb:a8:07:b4:8a:70: + a2:3b:dc:5f:1b:d3:46:f9:e4:c7:46:b3:e9:38:bd:20:6f:7c: + 6b:d6:07:4d:90:c7:67:0a +-----BEGIN CERTIFICATE----- +MIID7DCCAdSgAwIBAgIBCzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAyMjcwM1oXDTEw +MDMxMzAyMjcwM1owYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj +YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR +YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU +Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm +bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH +AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgyLzAwMDMwDQYJ +KoZIhvcNAQEFBQADggIBAK40X35mj7Fc69oxM2ApQ8a+1xtOIpdBnnoPf+A70G5q +ULqhH/B45rCmogjBb1vbn0Kguo5rmcORoYEWeWVsvMp2twbZibqtEjIyt8PDGOJ9 +1YhMGaszA3DBsxQe9LOTyXOU9TgKUtq573Yy/W3Tov8TUtrh1daO2zVb391gqpkt +TrvUCEOOhjwoUbxe0L0IemLHrnPzkmC2WRnzyor+cBpnx36VefF5LFYsFygDhkmG +VOA78sHvDxLL+UwN/rl6IxO8Z85r2ZpoaHEAq6r3QxocvjXdacyIUEHbWkHlpZq8 +LSv9DVLoxawTntSZEi1tARDmRIcHsrm2VIRpyXYbxqXMWHuCFHib8XkZJUSGVuHO +DL96TiPXEvS2YNYdRNvWl4mpVDZ1kdbviAGUzVLUbbN+bWF1/ODIre4KsvniM0II +w/nRRm9QRy1R4yXDzMUfqQSLkCmPH5TJ3sIWGmDnoANlFz5FxVpm8v+dHR9N7fOS +dnCifUPvbegjuJ2t3SQLWSIaWgslLlWhV1vJQMxgPqlzKZSOg9xOJVRqedzycShN +yey0lq02jMvgy1QOH+mGC8AywmY7NeVFVKAdLD7C+6CwstF6zPwfN4GKia/9YOhQ +lTNKEph/9lHE3gbZjNARt/uoB7SKcKI73F8b00b55MdGs+k4vSBvfGvWB02Qx2cK +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/0C.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/0C.pem new file mode 100644 index 0000000..6cb947a --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/0C.pem @@ -0,0 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12 (0xc) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 13 02:37:59 2009 GMT + Not After : Mar 13 02:37:59 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42: + 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37: + cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be: + ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14: + 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a: + b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51: + ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3: + 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46: + c7:92:f2:b3:ba:6c:90:3d:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + OCSP Signing + Signature Algorithm: sha1WithRSAEncryption + 83:b5:a0:1e:ef:2c:c8:07:9b:9b:e3:cc:d4:af:39:f0:cb:88: + bd:8e:8b:e2:66:95:43:4a:a7:4d:19:9b:44:1b:99:4a:57:2d: + 1e:38:d6:06:9b:49:99:17:57:37:74:bd:fd:3f:63:2e:8f:5e: + 87:00:66:bc:29:04:0f:34:a5:85:5b:e4:85:17:6f:3e:a4:3e: + e6:97:dd:90:64:1b:00:6a:37:e0:29:7a:3d:76:d7:9b:ff:e5: + 08:8f:d1:8d:77:f8:de:44:f7:00:b8:d3:d8:e8:07:7a:28:2a: + 26:ca:63:b1:47:69:3b:c4:8c:ce:af:1e:15:53:ec:31:92:ba: + 02:f4:e5:51:d9:dd:c7:37:44:9f:d3:28:fd:fb:05:ab:db:06: + 51:2b:84:bb:7a:b7:99:1c:f6:8f:d1:37:ac:aa:38:16:f1:08: + e1:ee:a1:43:b3:d9:fb:ea:83:9a:cc:e7:75:3e:98:79:86:2c: + 60:32:08:43:a7:01:f9:75:cc:2e:77:8a:de:85:04:5a:4c:90: + 5b:64:29:33:38:14:bd:7e:e4:1e:0b:7c:47:14:23:57:94:e5: + ca:53:dd:c4:30:83:77:b7:42:e6:5f:1a:02:d4:6c:08:8a:55: + 78:1d:3f:50:0b:0e:bf:03:af:4c:f7:a6:7a:da:33:f3:a6:62: + 5e:25:89:e9:a8:f4:7c:06:16:6e:28:c5:f9:82:4b:b3:39:b0: + bb:72:d0:15:5e:dd:ba:d5:bd:b1:7d:50:22:1d:92:10:65:bf: + 99:45:01:0b:d0:a5:e0:5f:37:c3:d3:92:58:28:9b:97:c5:96: + a5:2e:27:fc:86:04:11:9a:1c:84:0a:f2:37:51:27:1d:df:e8: + 1a:c4:94:d1:53:39:7f:27:eb:16:ca:27:77:d1:f8:46:fe:d7: + e8:ab:06:94:87:66:dc:03:c4:cb:a9:9d:21:0c:f4:93:d0:d3: + d5:45:a5:56:28:37:d6:81:be:9c:18:98:b3:b1:f2:b9:1a:ad: + 98:e8:92:39:a2:eb:c5:f4:d0:2f:82:09:ce:7e:dd:0e:94:cc: + 80:8e:e5:af:04:06:67:04:c1:23:ee:4a:06:c0:5c:ac:75:b1: + ed:e2:d0:8f:8d:8b:23:3a:94:3b:41:78:48:7c:c8:f7:dc:53: + 1d:0b:fa:14:70:0c:ed:d3:8b:84:4c:81:d5:f0:d7:b2:3a:27: + e6:82:ad:12:18:4d:19:b3:65:e6:de:fa:14:11:10:c8:66:cc: + f7:b2:08:af:90:02:62:51:d1:31:aa:7e:f9:1c:b4:99:83:b8: + e3:26:18:78:f3:7f:3a:c7:b5:59:eb:cb:32:8b:39:a4:86:14: + 0a:55:3e:1d:24:56:2f:97 +-----BEGIN CERTIFICATE----- +MIIDuzCCAaOgAwIBAgIBDDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAyMzc1OVoXDTEw +MDMxMzAyMzc1OVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb +rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li +sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq +j9ppRseS8rO6bJA9cQIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkq +hkiG9w0BAQUFAAOCAgEAg7WgHu8syAebm+PM1K858MuIvY6L4maVQ0qnTRmbRBuZ +SlctHjjWBptJmRdXN3S9/T9jLo9ehwBmvCkEDzSlhVvkhRdvPqQ+5pfdkGQbAGo3 +4Cl6PXbXm//lCI/RjXf43kT3ALjT2OgHeigqJspjsUdpO8SMzq8eFVPsMZK6AvTl +UdndxzdEn9Mo/fsFq9sGUSuEu3q3mRz2j9E3rKo4FvEI4e6hQ7PZ++qDmszndT6Y +eYYsYDIIQ6cB+XXMLneK3oUEWkyQW2QpMzgUvX7kHgt8RxQjV5TlylPdxDCDd7dC +5l8aAtRsCIpVeB0/UAsOvwOvTPemetoz86ZiXiWJ6aj0fAYWbijF+YJLszmwu3LQ +FV7dutW9sX1QIh2SEGW/mUUBC9Cl4F83w9OSWCibl8WWpS4n/IYEEZochAryN1En +Hd/oGsSU0VM5fyfrFsond9H4Rv7X6KsGlIdm3APEy6mdIQz0k9DT1UWlVig31oG+ +nBiYs7HyuRqtmOiSOaLrxfTQL4IJzn7dDpTMgI7lrwQGZwTBI+5KBsBcrHWx7eLQ +j42LIzqUO0F4SHzI99xTHQv6FHAM7dOLhEyB1fDXsjon5oKtEhhNGbNl5t76FBEQ +yGbM97IIr5ACYlHRMap++Ry0mYO44yYYePN/Ose1WevLMos5pIYUClU+HSRWL5c= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/0D.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/0D.pem new file mode 100644 index 0000000..912b986 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/0D.pem @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 13 (0xd) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 13 02:39:35 2009 GMT + Not After : Mar 13 02:39:35 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab: + 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68: + fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41: + b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07: + 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14: + 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3: + 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd: + bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57: + 2a:e8:e8:44:0f:59:ea:e7:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:83/0004 + + Signature Algorithm: sha1WithRSAEncryption + 24:50:3d:65:cc:60:62:13:c0:3b:e1:01:0d:17:35:e8:7a:a8: + 05:1e:b3:70:dc:fe:d3:84:7e:71:14:c3:86:73:23:76:d9:bb: + de:41:b4:02:3b:d7:db:03:6d:1f:44:1e:65:a6:b5:79:80:7f: + 2a:8b:11:f4:71:b1:de:13:17:1c:d3:b2:51:f7:b5:ee:29:27: + ff:06:96:4f:18:f6:7a:0f:bd:ed:39:d2:ab:ff:1c:b4:21:87: + f3:fd:ed:2b:fe:19:29:bb:4b:41:d1:48:37:f7:34:fe:f1:92: + 80:85:33:d6:df:bf:d4:40:f4:5f:42:de:22:88:86:11:78:c8: + ac:9c:f2:87:95:b0:c6:d6:54:40:e3:c1:64:30:5c:46:f6:a1: + 16:64:80:50:20:f8:9c:fe:da:8e:b5:ea:c3:83:18:c8:f3:13: + 95:01:cc:fe:85:bc:be:56:bc:f2:fe:70:c1:fa:86:43:9a:e0: + 7e:cd:8d:f1:d8:d2:35:51:df:9c:46:36:3b:c0:97:75:ac:9c: + a7:90:ee:92:b9:9f:5d:cc:54:95:5f:69:38:23:cc:cf:c6:0a: + c8:55:b7:80:b8:93:98:fc:a9:4c:71:e0:dd:f9:27:d1:db:9c: + 0d:54:9a:d0:05:40:97:cc:45:d5:60:a8:c9:bb:4e:c0:c5:b4: + 01:f5:82:d5:5a:8c:28:01:b9:b3:be:bc:25:32:f1:e6:70:e7: + e4:42:45:4a:d8:06:cb:42:ed:3a:ec:97:42:97:b1:5c:cd:a0: + 99:94:24:a5:94:c6:b3:5e:c9:06:6b:c5:b8:af:26:48:52:bd: + bb:93:36:1d:01:6c:33:34:3b:a4:ba:76:0b:bc:44:20:8a:d2: + ee:1d:70:81:94:01:35:69:a5:5b:30:f1:1e:50:9a:a3:20:b0: + ae:70:f0:28:bc:48:e3:62:f2:1d:84:53:a4:e0:4f:56:6e:5f: + ba:d1:f0:38:46:5d:c8:06:ab:94:f5:f1:d6:80:55:8f:73:cb: + 64:17:70:6f:38:26:06:9f:9e:68:d4:3c:43:c0:10:fe:a9:99: + 67:8d:d4:0d:c9:d7:04:41:0e:e8:fe:09:41:29:f3:b3:ba:e0: + 3b:b1:09:67:68:82:93:24:23:a2:da:bb:d1:01:2b:28:5f:56: + 27:2b:a4:8f:fd:f3:46:e9:62:67:3b:d6:26:80:f5:06:b8:0f: + 08:dc:22:49:f3:f2:26:ef:b5:db:89:9a:b5:15:3b:45:b2:89: + 35:8b:6d:49:dd:79:d0:49:6c:c4:78:1c:46:f7:4f:34:6f:37: + 17:da:6f:7f:c2:54:5f:70:29:1b:36:c3:44:16:0d:1b:d9:f4: + ab:bb:2d:87:65:99:6a:d1 +-----BEGIN CERTIFICATE----- +MIID7DCCAdSgAwIBAgIBDTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAyMzkzNVoXDTEw +MDMxMzAyMzkzNVowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj +YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR +YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU +Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm +bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH +AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgzLzAwMDQwDQYJ +KoZIhvcNAQEFBQADggIBACRQPWXMYGITwDvhAQ0XNeh6qAUes3Dc/tOEfnEUw4Zz +I3bZu95BtAI719sDbR9EHmWmtXmAfyqLEfRxsd4TFxzTslH3te4pJ/8Glk8Y9noP +ve050qv/HLQhh/P97Sv+GSm7S0HRSDf3NP7xkoCFM9bfv9RA9F9C3iKIhhF4yKyc +8oeVsMbWVEDjwWQwXEb2oRZkgFAg+Jz+2o616sODGMjzE5UBzP6FvL5WvPL+cMH6 +hkOa4H7NjfHY0jVR35xGNjvAl3WsnKeQ7pK5n13MVJVfaTgjzM/GCshVt4C4k5j8 +qUxx4N35J9HbnA1UmtAFQJfMRdVgqMm7TsDFtAH1gtVajCgBubO+vCUy8eZw5+RC +RUrYBstC7Trsl0KXsVzNoJmUJKWUxrNeyQZrxbivJkhSvbuTNh0BbDM0O6S6dgu8 +RCCK0u4dcIGUATVppVsw8R5QmqMgsK5w8Ci8SONi8h2EU6TgT1ZuX7rR8DhGXcgG +q5T18daAVY9zy2QXcG84JgafnmjUPEPAEP6pmWeN1A3J1wRBDuj+CUEp87O64Dux +CWdogpMkI6Lau9EBKyhfVicrpI/980bpYmc71iaA9Qa4DwjcIknz8ibvtduJmrUV +O0WyiTWLbUndedBJbMR4HEb3TzRvNxfab3/CVF9wKRs2w0QWDRvZ9Ku7LYdlmWrR +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/0E.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/0E.pem new file mode 100644 index 0000000..0846e40 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/0E.pem @@ -0,0 +1,80 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 14 (0xe) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 13 03:16:42 2009 GMT + Not After : Mar 11 03:16:42 2019 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Second Responder Certificate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:aa:01:31:49:34:0e:6c:b5:25:a0:da:35:71:cf: + 9d:a7:c4:ad:27:31:ee:c2:46:fe:03:8f:4f:ed:f7: + 75:d5:b9:01:c6:a9:8f:8d:17:ca:8c:82:82:63:ed: + 08:d4:05:9e:31:3c:c9:66:59:41:72:63:8e:01:3e: + a2:39:d1:9c:51:9c:c5:9a:ad:72:0d:e6:2b:19:ba: + 45:a6:18:f6:e2:79:72:4b:5e:79:74:38:b5:86:9c: + 57:bb:2c:e8:f5:57:9b:32:34:86:2a:2f:40:2f:5d: + dd:9c:f5:63:d4:2e:ad:b1:d3:25:22:7c:86:89:84: + c9:26:70:3c:c8:11:64:ed:47 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + OCSP Signing + Signature Algorithm: sha1WithRSAEncryption + b8:56:6b:f9:21:8a:79:e8:53:38:c7:84:e0:c3:96:6c:f3:71: + 95:dc:31:9a:ef:fc:fb:b5:18:c6:35:26:3d:ee:4d:00:9c:e4: + 10:25:a9:2e:a0:41:8a:37:a9:91:02:9c:52:ec:0d:7a:bf:e9: + bb:54:6d:4a:92:5c:9d:c8:01:17:a3:8f:25:fd:32:a7:11:e4: + 77:fd:ce:7c:4b:c9:ae:32:e6:d5:25:cc:a4:97:bb:07:f3:1d: + f0:11:8a:d8:f1:37:e6:4f:3c:99:30:44:20:04:3d:82:fc:87: + 60:24:21:a9:46:e7:d8:41:2c:76:d8:a5:58:44:ca:85:71:31: + 24:f2:45:7d:fb:70:db:1b:93:42:21:85:69:5d:19:13:85:7c: + 85:6c:83:8f:bf:c1:a7:3d:49:b9:68:4e:a2:12:2e:9d:89:c3: + a7:1b:86:71:e4:cc:29:79:0e:b1:19:07:ca:2d:b8:95:87:f4: + 8d:4a:be:06:0d:d0:e1:1a:ed:ea:a2:52:f3:f2:7b:1f:3c:10: + c6:67:be:00:3a:36:ca:ad:93:d4:ee:b3:9d:e8:47:6e:bb:6f: + 12:6b:cf:3d:73:22:a3:15:e0:e1:51:88:86:e6:2a:23:ee:e1: + 32:55:0c:b8:73:35:f7:42:9e:4c:c4:ea:f5:3c:d5:20:ef:32: + 27:c2:b5:9b:ad:f0:a8:bf:72:5c:5b:fc:41:e4:a0:6d:b2:4d: + c0:69:a5:b2:dc:70:d6:90:ae:2e:81:41:f4:ec:33:c5:43:4e: + 70:eb:1c:17:4c:d9:ed:8f:97:2e:20:17:9d:40:bc:d1:ae:74: + 21:8b:ab:cc:b0:86:5a:cd:42:9c:df:13:16:59:56:27:be:26: + bb:92:5f:7a:86:9e:f5:19:45:1f:36:8a:e3:55:5d:89:3b:2f: + ed:13:9c:e7:ae:bd:eb:34:31:a2:02:70:0c:a7:32:d3:d1:be: + c0:2f:0e:10:b7:43:2d:ab:68:70:b4:a1:e1:25:c1:ae:1c:43: + 32:c0:90:81:c1:39:0b:27:e7:14:c9:28:db:40:0f:1f:9c:ce: + 1b:8b:26:ca:b8:41:01:e7:cb:92:b0:8a:14:00:f3:e0:3c:84: + d3:2c:45:19:15:01:02:ab:bd:e8:19:6b:d7:7e:c6:5a:a9:3a: + d5:00:23:15:2a:e9:93:7d:11:75:cc:c6:c3:8e:5f:3f:d3:3f: + 05:9f:40:12:a9:a8:bc:50:dc:42:02:62:7d:00:6a:ef:08:e1: + 69:87:4d:2a:9b:54:49:35:80:58:12:92:a1:33:65:20:5f:29: + cf:ab:03:8e:0b:91:08:9e:52:d6:b2:d7:ec:bb:38:9b:d5:5d: + f6:b2:89:f5:00:bb:0f:f2 +-----BEGIN CERTIFICATE----- +MIIDyTCCAbGgAwIBAgIBDjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMTY0MloXDTE5 +MDMxMTAzMTY0MlowYTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJTAjBgNVBAMTHFNlY29uZCBSZXNwb25k +ZXIgQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKoBMUk0 +Dmy1JaDaNXHPnafErScx7sJG/gOPT+33ddW5Acapj40XyoyCgmPtCNQFnjE8yWZZ +QXJjjgE+ojnRnFGcxZqtcg3mKxm6RaYY9uJ5ckteeXQ4tYacV7ss6PVXmzI0hiov +QC9d3Zz1Y9QurbHTJSJ8homEySZwPMgRZO1HAgMBAAGjFzAVMBMGA1UdJQQMMAoG +CCsGAQUFBwMJMA0GCSqGSIb3DQEBBQUAA4ICAQC4Vmv5IYp56FM4x4Tgw5Zs83GV +3DGa7/z7tRjGNSY97k0AnOQQJakuoEGKN6mRApxS7A16v+m7VG1KklydyAEXo48l +/TKnEeR3/c58S8muMubVJcykl7sH8x3wEYrY8TfmTzyZMEQgBD2C/IdgJCGpRufY +QSx22KVYRMqFcTEk8kV9+3DbG5NCIYVpXRkThXyFbIOPv8GnPUm5aE6iEi6dicOn +G4Zx5MwpeQ6xGQfKLbiVh/SNSr4GDdDhGu3qolLz8nsfPBDGZ74AOjbKrZPU7rOd +6Eduu28Sa889cyKjFeDhUYiG5ioj7uEyVQy4czX3Qp5MxOr1PNUg7zInwrWbrfCo +v3JcW/xB5KBtsk3AaaWy3HDWkK4ugUH07DPFQ05w6xwXTNntj5cuIBedQLzRrnQh +i6vMsIZazUKc3xMWWVYnvia7kl96hp71GUUfNorjVV2JOy/tE5znrr3rNDGiAnAM +pzLT0b7ALw4Qt0Mtq2hwtKHhJcGuHEMywJCBwTkLJ+cUySjbQA8fnM4biybKuEEB +58uSsIoUAPPgPITTLEUZFQECq73oGWvXfsZaqTrVACMVKumTfRF1zMbDjl8/0z8F +n0ASqai8UNxCAmJ9AGrvCOFph00qm1RJNYBYEpKhM2UgXynPqwOOC5EInlLWstfs +uzib1V32son1ALsP8g== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/0F.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/0F.pem new file mode 100644 index 0000000..c7bd523 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/0F.pem @@ -0,0 +1,92 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 15 (0xf) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 13 03:18:18 2009 GMT + Not After : Mar 11 03:18:18 2019 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First Test Certificate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:cf:0f:cf:a5:08:18:bf:8b:6c:2c:3c:55:fe:02: + 43:b7:a8:af:45:a3:4a:28:63:d1:da:26:7a:c2:0d: + f8:58:a5:73:c5:db:b8:fb:62:47:ea:17:7b:25:6b: + d1:8c:e2:74:96:f4:6b:e5:49:3b:b3:e5:6a:63:36: + 19:f8:3c:d8:4b:9c:14:9d:2b:6a:71:cc:3a:9f:b9: + d5:db:60:8e:44:40:d7:12:53:52:e5:71:41:c8:bf: + ec:0d:9c:5b:7c:8e:ac:99:47:65:50:e5:f8:95:3e: + 8a:3c:99:d9:75:47:73:51:f4:fd:36:46:ed:1a:77: + 10:ce:1d:01:0c:86:6b:23:ff + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 25:0C:EC:1F:D6:1A:A2:95:AF:C1:A3:DA:EF:B1:F3:BE:62:F3:10:6C + X509v3 Authority Key Identifier: + DirName:/C=KR/ST=KyungGi-Do/L=Suwon-Si/O=Samsung Elec./CN=CA + serial:F2:5B:40:5B:C2:B7:D0:64 + + Signature Algorithm: sha1WithRSAEncryption + 18:fe:74:f1:af:0a:d9:91:ad:b5:7c:f3:01:f8:98:1a:dc:b3: + 66:6b:f4:bc:16:9a:e6:2b:f2:1f:77:23:89:a8:68:e0:8d:e3: + 50:f3:f1:e6:38:f1:59:54:9b:44:0f:72:00:1a:61:71:9c:f0: + 4f:a3:08:9d:17:36:0c:54:82:be:24:04:cb:b5:04:e9:20:c9: + 6e:bc:8f:af:18:d8:2d:ee:cc:a8:8b:e4:1a:35:98:f6:53:72: + 89:4f:05:f8:c3:7b:50:13:ee:cf:9f:d3:eb:a7:7c:4a:e6:89: + 0f:6b:0e:d6:c7:bc:db:04:03:08:25:59:b4:06:5b:ce:a6:db: + 7b:3a:5d:80:e8:ff:66:e1:22:03:54:28:16:0e:89:c8:5b:aa: + b2:6e:1a:0f:07:53:60:bc:f4:2a:2d:a7:89:f2:b4:58:55:47: + 2e:b1:b2:3c:50:30:6b:0c:12:34:11:5f:54:2a:0a:ab:19:d9: + 36:ae:e2:16:5e:b8:8e:0d:17:d0:42:82:96:4d:fb:36:56:69: + 7b:ce:32:fb:91:a4:02:73:8c:75:7e:de:87:06:52:20:ed:26: + ff:47:72:f2:f6:01:2e:ec:38:da:0b:5b:be:ec:8e:c6:02:28: + 92:57:28:04:f5:00:87:90:34:e1:81:c5:cc:21:00:6b:4d:d5: + d5:c3:f6:f1:97:e1:5e:8c:ea:56:2e:5e:ce:9e:de:b9:a6:86: + 60:33:1d:94:76:39:e1:70:9a:d2:b3:9a:f4:47:f8:bd:83:26: + 38:a0:ab:a3:bc:81:df:6b:79:7d:f5:67:8f:5a:e1:a4:67:29: + 58:07:66:70:6a:43:dc:f7:4c:82:54:15:a0:2f:ab:c0:9f:24: + 91:e0:a7:d1:b1:58:bf:43:bf:25:1f:32:fc:98:26:b1:2f:19: + 8f:d8:69:c1:1a:bd:b0:3e:0a:dc:54:c1:27:34:b9:1b:55:93: + ff:e6:23:ac:af:33:ed:8d:6e:ee:36:18:70:9e:a2:87:b6:e2: + 1d:3a:ee:e8:e2:79:97:15:7c:83:d1:89:71:ab:87:8d:36:a7: + 7d:d8:4c:e2:b6:b7:1f:32:34:a8:75:ca:4f:00:3e:49:b0:5c: + 40:1a:9c:6e:bd:b5:5f:f4:2e:c5:0a:54:b4:89:4a:63:35:ff: + 80:8d:fe:31:e8:2e:92:77:8c:19:1a:2c:b8:95:1e:ef:d5:7d: + c6:f9:4d:05:b6:f8:dd:55:0c:10:43:6e:7d:47:c8:b0:83:db: + a3:7b:b4:5a:e3:a9:33:b2:ed:23:83:6a:e1:ce:c6:1c:89:27: + 39:2c:3d:2f:55:49:c8:c5:9d:23:46:fe:88:71:da:ef:2b:25: + e4:79:92:2b:1d:61:a6:dc +-----BEGIN CERTIFICATE----- +MIIEfjCCAmagAwIBAgIBDzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMTgxOFoXDTE5 +MDMxMTAzMTgxOFowWzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xHzAdBgNVBAMTFkZpcnN0IFRlc3QgQ2Vy +dGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM8Pz6UIGL+LbCw8 +Vf4CQ7eor0WjSihj0domesIN+Filc8XbuPtiR+oXeyVr0YzidJb0a+VJO7PlamM2 +Gfg82EucFJ0ranHMOp+51dtgjkRA1xJTUuVxQci/7A2cW3yOrJlHZVDl+JU+ijyZ +2XVHc1H0/TZG7Rp3EM4dAQyGayP/AgMBAAGjgdEwgc4wCQYDVR0TBAIwADAsBglg +hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O +BBYEFCUM7B/WGqKVr8Gj2u+x875i8xBsMHQGA1UdIwRtMGuhXqRcMFoxCzAJBgNV +BAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMREwDwYDVQQHEwhTdXdvbi1TaTEW +MBQGA1UEChMNU2Ftc3VuZyBFbGVjLjELMAkGA1UEAxMCQ0GCCQDyW0BbwrfQZDAN +BgkqhkiG9w0BAQUFAAOCAgEAGP508a8K2ZGttXzzAfiYGtyzZmv0vBaa5ivyH3cj +iaho4I3jUPPx5jjxWVSbRA9yABphcZzwT6MInRc2DFSCviQEy7UE6SDJbryPrxjY +Le7MqIvkGjWY9lNyiU8F+MN7UBPuz5/T66d8SuaJD2sO1se82wQDCCVZtAZbzqbb +ezpdgOj/ZuEiA1QoFg6JyFuqsm4aDwdTYLz0Ki2nifK0WFVHLrGyPFAwawwSNBFf +VCoKqxnZNq7iFl64jg0X0EKClk37NlZpe84y+5GkAnOMdX7ehwZSIO0m/0dy8vYB +Luw42gtbvuyOxgIoklcoBPUAh5A04YHFzCEAa03V1cP28ZfhXozqVi5ezp7euaaG +YDMdlHY54XCa0rOa9Ef4vYMmOKCro7yB32t5ffVnj1rhpGcpWAdmcGpD3PdMglQV +oC+rwJ8kkeCn0bFYv0O/JR8y/JgmsS8Zj9hpwRq9sD4K3FTBJzS5G1WT/+YjrK8z +7Y1u7jYYcJ6ih7biHTru6OJ5lxV8g9GJcauHjTanfdhM4ra3HzI0qHXKTwA+SbBc +QBqcbr21X/QuxQpUtIlKYzX/gI3+MegukneMGRosuJUe79V9xvlNBbb43VUMEENu +fUfIsIPbo3u0WuOpM7LtI4Nq4c7GHIknOSw9L1VJyMWdI0b+iHHa7ysl5HmSKx1h +ptw= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/10.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/10.pem new file mode 100644 index 0000000..0c1799a --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/10.pem @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 16 (0x10) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 13 03:23:56 2009 GMT + Not After : Mar 11 03:23:56 2019 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab: + 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68: + fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41: + b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07: + 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14: + 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3: + 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd: + bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57: + 2a:e8:e8:44:0f:59:ea:e7:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:80/0002 + + Signature Algorithm: sha1WithRSAEncryption + 75:b9:17:be:1c:06:6f:12:a9:04:1b:63:0b:0d:5c:70:55:e2: + 31:c0:88:71:d0:56:8e:e5:16:e8:3b:47:1a:08:03:93:56:b2: + 9b:a2:04:3c:a8:81:10:5a:18:7b:d2:70:ae:7c:0b:94:b6:6c: + f2:58:e7:69:82:e5:f2:aa:4e:f3:ac:85:6d:5a:ac:11:53:d2: + 8d:3d:53:ae:ab:f7:f3:c6:f0:ba:f2:e6:7b:2d:74:74:75:fd: + e0:8d:67:c9:12:d5:f2:93:44:48:66:5b:85:26:7d:95:77:48: + 4f:a4:72:65:67:38:99:47:4e:cd:47:1c:43:7a:0a:58:a6:99: + 1b:1b:01:09:f7:0b:34:8a:3a:8d:10:e2:ca:9c:48:a3:f6:39: + 42:3b:43:e6:f6:81:8b:36:5a:ed:33:98:70:24:ca:4f:18:8b: + d9:c1:0a:d9:cd:96:33:d0:e8:ac:bd:3f:34:af:86:52:d1:69: + 6e:90:8e:d0:86:bf:b1:04:3d:85:99:0f:e3:c3:e6:60:47:34: + 37:97:f2:a2:69:c4:4e:dc:62:d0:eb:c2:24:77:2e:a3:ba:c1: + 88:a9:b2:b4:fb:79:a6:d4:cf:5e:3f:03:41:25:c4:f3:29:0a: + fd:b7:78:55:b1:9a:0c:79:32:2f:2e:fe:69:ba:a0:2c:62:bc: + 11:38:c4:47:a8:b0:72:70:d1:50:9f:b9:87:64:f5:12:56:c5: + f7:ed:8e:23:08:df:d0:0e:1a:6b:25:8c:b3:6b:7c:cc:55:6d: + 90:83:a9:ef:7d:45:04:a6:dc:7c:0d:80:c1:54:22:d1:b8:e2: + 43:cc:ad:75:a2:07:eb:d3:26:da:8a:c4:fb:6f:0b:ac:11:f4: + 01:7f:b9:37:68:ec:1e:60:a2:ae:d6:b2:0b:37:cb:7e:5d:dc: + ec:14:21:69:84:ff:fc:61:85:b6:bf:7f:d2:af:3c:70:12:c6: + ba:40:e8:b5:25:56:34:ca:44:f1:ea:15:ad:79:50:ec:44:b7: + 6c:d7:4b:cc:2c:4f:45:01:85:15:76:2a:03:c2:14:9c:3e:bf: + 87:7b:59:d7:aa:2d:48:20:b6:1a:6e:6e:b0:c2:77:22:3c:ea: + 24:d0:f8:62:b0:4b:01:3a:48:be:5f:66:73:0a:46:b3:1f:83: + 41:91:f5:fd:e8:08:08:52:18:3a:8c:6a:19:2c:e3:30:d8:53: + 13:97:62:83:eb:e3:ed:3a:8e:64:25:b1:8a:01:f4:24:14:6d: + d4:61:c1:c3:8d:c3:89:2c:5f:6e:d8:1e:1d:de:b9:77:06:0b: + 31:63:e4:ce:d9:76:1b:68:48:ea:ec:64:d5:a6:a5:15:29:1d: + 79:af:21:2d:a8:e6:e6:f8 +-----BEGIN CERTIFICATE----- +MIID7DCCAdSgAwIBAgIBEDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjM1NloXDTE5 +MDMxMTAzMjM1NlowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj +YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR +YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU +Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm +bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH +AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgwLzAwMDIwDQYJ +KoZIhvcNAQEFBQADggIBAHW5F74cBm8SqQQbYwsNXHBV4jHAiHHQVo7lFug7RxoI +A5NWspuiBDyogRBaGHvScK58C5S2bPJY52mC5fKqTvOshW1arBFT0o09U66r9/PG +8Lry5nstdHR1/eCNZ8kS1fKTREhmW4UmfZV3SE+kcmVnOJlHTs1HHEN6ClimmRsb +AQn3CzSKOo0Q4sqcSKP2OUI7Q+b2gYs2Wu0zmHAkyk8Yi9nBCtnNljPQ6Ky9PzSv +hlLRaW6QjtCGv7EEPYWZD+PD5mBHNDeX8qJpxE7cYtDrwiR3LqO6wYipsrT7eabU +z14/A0ElxPMpCv23eFWxmgx5Mi8u/mm6oCxivBE4xEeosHJw0VCfuYdk9RJWxfft +jiMI39AOGmsljLNrfMxVbZCDqe99RQSm3HwNgMFUItG44kPMrXWiB+vTJtqKxPtv +C6wR9AF/uTdo7B5goq7Wsgs3y35d3OwUIWmE//xhhba/f9KvPHASxrpA6LUlVjTK +RPHqFa15UOxEt2zXS8wsT0UBhRV2KgPCFJw+v4d7WdeqLUggthpubrDCdyI86iTQ ++GKwSwE6SL5fZnMKRrMfg0GR9f3oCAhSGDqMahks4zDYUxOXYoPr4+06jmQlsYoB +9CQUbdRhwcONw4ksX27YHh3euXcGCzFj5M7ZdhtoSOrsZNWmpRUpHXmvIS2o5ub4 +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/11.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/11.pem new file mode 100644 index 0000000..177876b --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/11.pem @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 17 (0x11) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 13 03:24:10 2009 GMT + Not After : Mar 11 03:24:10 2019 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab: + 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68: + fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41: + b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07: + 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14: + 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3: + 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd: + bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57: + 2a:e8:e8:44:0f:59:ea:e7:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:81/0003 + + Signature Algorithm: sha1WithRSAEncryption + 5a:7d:5f:25:e5:5a:49:3e:e9:06:4c:f1:7f:83:7d:d4:0d:13: + 36:35:bf:32:92:69:60:1d:ae:2e:ed:89:b3:d4:1e:78:d2:85: + 35:7a:1f:65:30:78:5e:d3:30:60:3d:7d:2c:be:02:6a:f0:22: + 5e:82:86:53:01:a4:b6:1c:9f:d4:79:e9:ec:eb:d8:33:85:fb: + 21:d2:82:77:b9:6d:20:8e:af:82:ff:25:82:27:3b:d7:d9:38: + 31:a3:2b:bc:55:00:28:f6:f9:bf:01:e6:66:0b:b8:a8:ed:30: + 09:52:8d:bf:94:7b:96:d1:93:5b:a3:a4:f1:9f:aa:f4:04:54: + 0b:69:73:af:36:d7:3e:33:2c:29:38:04:9b:65:32:31:fa:17: + 2f:0a:9f:19:05:d8:01:0c:db:13:1e:55:ec:94:38:3f:83:ee: + 50:35:d1:6e:4f:32:c3:3d:d3:39:c8:c5:cc:56:b4:33:2e:8b: + 75:a0:9c:cd:28:e5:42:a1:89:e1:06:90:bd:f3:8e:b5:48:9e: + 1c:dd:56:4d:d9:ec:6e:0b:7b:72:e5:0a:be:7e:33:5a:13:25: + 13:87:4c:9a:27:49:02:6d:28:5b:e7:4d:1b:7c:11:22:10:45: + b1:57:b7:fc:12:62:69:24:69:ee:67:ce:5b:20:70:6a:22:29: + f4:a0:90:59:d3:a2:be:7b:43:3a:59:0b:23:d1:2e:ed:51:98: + 87:c5:4d:1c:64:08:f8:ca:af:36:ab:5d:00:ce:15:00:f4:ad: + 34:44:27:8b:72:c6:6d:24:4c:1a:e3:f7:4c:bc:25:a2:a8:e2: + a8:79:58:57:a7:5d:f0:20:28:d2:ef:84:ff:ee:42:0f:1e:59: + 93:4c:05:45:ff:c1:0d:cb:30:1d:bb:26:5a:4d:24:c0:44:52: + 77:33:17:dd:d1:00:63:1e:9b:4d:ca:28:8b:bb:fd:0d:0b:e3: + 72:26:94:e2:8c:5a:d7:1a:a6:e7:b7:bc:4b:bf:cc:02:2c:d8: + 9b:cb:31:7d:09:4c:15:73:5d:1a:a8:46:10:66:68:80:a9:f3: + 3d:f8:7c:9d:46:3d:ce:ae:75:6f:92:db:34:d3:d7:be:6c:4e: + 76:b6:b6:b7:a2:a8:b9:9e:a9:f1:6f:a6:e5:01:bb:82:13:bd: + 7f:24:81:c3:22:54:58:f0:7e:8d:9a:86:82:00:46:66:33:e4: + 96:98:8a:33:7b:ed:93:9b:cf:68:b5:eb:42:da:6d:50:49:f0: + 14:27:01:f6:57:09:26:7c:61:81:d0:e5:e9:ec:6d:18:eb:97: + 1a:55:cf:1f:d9:20:67:8f:71:bb:0c:98:6d:c0:4b:85:32:c9: + d3:b7:f3:d0:60:fd:64:01 +-----BEGIN CERTIFICATE----- +MIID7DCCAdSgAwIBAgIBETANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjQxMFoXDTE5 +MDMxMTAzMjQxMFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj +YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR +YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU +Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm +bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH +AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgxLzAwMDMwDQYJ +KoZIhvcNAQEFBQADggIBAFp9XyXlWkk+6QZM8X+DfdQNEzY1vzKSaWAdri7tibPU +HnjShTV6H2UweF7TMGA9fSy+AmrwIl6ChlMBpLYcn9R56ezr2DOF+yHSgne5bSCO +r4L/JYInO9fZODGjK7xVACj2+b8B5mYLuKjtMAlSjb+Ue5bRk1ujpPGfqvQEVAtp +c6821z4zLCk4BJtlMjH6Fy8KnxkF2AEM2xMeVeyUOD+D7lA10W5PMsM90znIxcxW +tDMui3WgnM0o5UKhieEGkL3zjrVInhzdVk3Z7G4Le3LlCr5+M1oTJROHTJonSQJt +KFvnTRt8ESIQRbFXt/wSYmkkae5nzlsgcGoiKfSgkFnTor57QzpZCyPRLu1RmIfF +TRxkCPjKrzarXQDOFQD0rTREJ4tyxm0kTBrj90y8JaKo4qh5WFenXfAgKNLvhP/u +Qg8eWZNMBUX/wQ3LMB27JlpNJMBEUnczF93RAGMem03KKIu7/Q0L43ImlOKMWtca +pue3vEu/zAIs2JvLMX0JTBVzXRqoRhBmaICp8z34fJ1GPc6udW+S2zTT175sTna2 +treiqLmeqfFvpuUBu4ITvX8kgcMiVFjwfo2ahoIARmYz5JaYijN77ZObz2i160La +bVBJ8BQnAfZXCSZ8YYHQ5ensbRjrlxpVzx/ZIGePcbsMmG3AS4UyydO389Bg/WQB +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/12.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/12.pem new file mode 100644 index 0000000..830592a --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/12.pem @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 18 (0x12) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 13 03:24:20 2009 GMT + Not After : Mar 11 03:24:20 2019 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab: + 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68: + fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41: + b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07: + 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14: + 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3: + 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd: + bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57: + 2a:e8:e8:44:0f:59:ea:e7:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:82/0004 + + Signature Algorithm: sha1WithRSAEncryption + 1d:80:7c:33:dd:ab:99:c7:06:f5:aa:fd:16:7d:89:d8:a9:a2: + 89:38:af:26:b7:b1:0f:69:3d:d6:09:3e:6d:dd:d2:e0:51:b8: + 97:fc:8d:96:08:0d:33:2d:75:e7:d2:9e:47:2b:fd:46:5b:c9: + f2:68:4f:26:8f:83:3d:fc:aa:d7:6a:20:77:15:3f:78:d9:75: + b3:79:10:fd:ab:ab:95:34:69:64:3c:8a:65:6d:66:bb:a9:da: + 26:79:51:59:a7:c2:97:ea:6c:7f:31:91:d3:a5:c2:65:ca:d5: + 4f:6f:c8:d9:b9:c7:03:7b:c6:2d:16:5f:fe:de:02:28:f3:e9: + 64:ad:e9:62:3c:e5:91:31:0f:c9:c9:33:1a:a5:66:d8:5b:80: + 18:6f:5f:55:34:51:43:fa:79:50:ba:17:19:2c:b9:25:b8:a3: + a0:b2:08:38:49:6d:3c:86:8c:42:2c:d8:07:bd:39:f1:3c:97: + 8f:c6:83:cd:85:8f:e9:52:63:77:4f:d6:9e:58:3e:22:f8:29: + 8e:44:92:c6:b7:ab:28:35:22:7b:b7:d0:8f:34:70:15:f2:4b: + 91:65:42:8d:d5:ce:75:4b:2f:7b:7e:7f:7e:61:09:5b:b2:1a: + 64:94:18:c9:8e:c3:ee:a4:89:d6:97:55:76:28:b0:e6:bc:7c: + f0:c9:9b:20:e3:a5:10:da:c1:9c:c4:4e:ff:e8:ca:3c:19:82: + 06:d6:aa:05:cb:05:e5:bd:36:cf:4c:3a:a7:e6:21:af:e8:5e: + 2d:ee:3b:94:24:91:37:92:95:3f:d3:f8:b8:5a:13:56:16:a7: + 20:34:f6:fd:cb:59:6d:4c:ff:04:df:ef:61:08:d9:2f:85:a8: + b1:7c:07:80:93:31:7b:bb:7f:8d:17:ba:8b:64:41:82:4a:ca: + f6:a9:f7:69:b8:cf:ed:17:c1:ca:09:5a:52:c4:ce:a0:9c:e3: + 4c:52:ab:ea:b3:4f:3c:93:1d:50:bf:60:e8:6e:d1:bf:90:0c: + 3f:1d:6b:2c:a5:c5:bf:eb:e2:da:cb:76:56:08:51:cc:87:49: + 21:16:f0:a6:85:ce:0f:c3:32:c2:50:cc:04:f5:d1:bb:de:b8: + db:9b:79:e1:d2:73:14:b2:7c:5a:cf:26:7b:24:4a:58:48:58: + 2e:b1:a1:2f:01:c2:71:40:85:c8:9b:21:10:15:1a:3e:5e:3d: + 79:53:9c:82:b2:4e:ad:91:96:9f:03:c5:f6:44:ea:d6:d6:cf: + 3b:1e:74:e6:b1:f2:f4:b3:e0:7d:91:77:ac:50:d9:66:1b:73: + 59:3e:e6:18:07:bb:e0:60:4f:1e:8d:40:2b:da:25:ac:c8:85: + d6:31:62:f3:5b:05:4a:11 +-----BEGIN CERTIFICATE----- +MIID7DCCAdSgAwIBAgIBEjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjQyMFoXDTE5 +MDMxMTAzMjQyMFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj +YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR +YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU +Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm +bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH +AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgyLzAwMDQwDQYJ +KoZIhvcNAQEFBQADggIBAB2AfDPdq5nHBvWq/RZ9idipook4rya3sQ9pPdYJPm3d +0uBRuJf8jZYIDTMtdefSnkcr/UZbyfJoTyaPgz38qtdqIHcVP3jZdbN5EP2rq5U0 +aWQ8imVtZrup2iZ5UVmnwpfqbH8xkdOlwmXK1U9vyNm5xwN7xi0WX/7eAijz6WSt +6WI85ZExD8nJMxqlZthbgBhvX1U0UUP6eVC6FxksuSW4o6CyCDhJbTyGjEIs2Ae9 +OfE8l4/Gg82Fj+lSY3dP1p5YPiL4KY5Eksa3qyg1Inu30I80cBXyS5FlQo3VznVL +L3t+f35hCVuyGmSUGMmOw+6kidaXVXYosOa8fPDJmyDjpRDawZzETv/oyjwZggbW +qgXLBeW9Ns9MOqfmIa/oXi3uO5QkkTeSlT/T+LhaE1YWpyA09v3LWW1M/wTf72EI +2S+FqLF8B4CTMXu7f40XuotkQYJKyvap92m4z+0XwcoJWlLEzqCc40xSq+qzTzyT +HVC/YOhu0b+QDD8dayylxb/r4trLdlYIUcyHSSEW8KaFzg/DMsJQzAT10bveuNub +eeHScxSyfFrPJnskSlhIWC6xoS8BwnFAhcibIRAVGj5ePXlTnIKyTq2Rlp8DxfZE +6tbWzzsedOax8vSz4H2Rd6xQ2WYbc1k+5hgHu+BgTx6NQCvaJazIhdYxYvNbBUoR +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/13.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/13.pem new file mode 100644 index 0000000..0ff43d6 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/13.pem @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 19 (0x13) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 13 03:24:30 2009 GMT + Not After : Mar 11 03:24:30 2019 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab: + 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68: + fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41: + b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07: + 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14: + 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3: + 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd: + bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57: + 2a:e8:e8:44:0f:59:ea:e7:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:83/0005 + + Signature Algorithm: sha1WithRSAEncryption + 9b:ea:5d:a3:f4:b2:04:44:31:6b:64:e4:7d:25:5d:69:1b:25: + 3d:63:d4:3f:2c:0f:c6:60:44:70:18:57:31:be:84:38:e8:53: + 29:dd:5e:f2:5c:8e:41:6d:e8:ea:a7:23:91:b9:f4:c1:20:2c: + cd:d6:b4:b4:e6:9d:c3:b4:5b:4c:48:dd:3a:cc:cd:9e:0c:93: + bb:e0:03:43:1c:ab:01:86:4e:67:44:ad:68:3d:e6:00:4d:9e: + 95:5f:86:0f:e4:18:af:3d:76:a4:1b:91:5e:e8:07:2b:aa:62: + 4e:d9:af:f8:15:e7:3c:bb:8c:f4:a9:4f:df:72:f6:b0:6a:36: + ad:eb:d2:10:02:cb:65:28:a7:4c:4f:98:e1:7b:1e:aa:af:3e: + 61:65:91:58:94:99:26:69:29:06:50:02:44:61:a6:3c:ee:8a: + 7e:db:56:5a:f5:cc:d6:58:6f:a2:40:51:e1:81:fa:3b:b8:4b: + 8d:00:64:b2:99:d3:e7:8a:52:78:b3:67:a1:64:5d:dd:a0:c5: + 54:1d:de:07:29:ef:85:01:d4:e9:24:44:8b:df:9b:f5:ae:80: + 4d:fa:4d:08:76:7c:97:6b:86:74:22:56:d1:87:6b:41:54:66: + fc:3b:d2:3e:2d:95:c1:46:06:b9:db:0e:8b:e1:be:c8:56:82: + c3:1d:df:84:b6:50:ee:b8:30:3c:54:07:49:8b:e2:d4:a7:b8: + 35:0d:b6:09:7e:04:01:bb:71:86:8c:50:87:a7:3a:2d:b8:7c: + 24:cd:b1:a6:87:b8:eb:d5:dc:8f:02:21:f9:71:06:34:c4:e5: + 6f:ff:53:4b:dd:33:96:60:8b:6d:bb:03:b1:36:31:2d:02:6c: + 7f:ba:70:0a:78:b8:fb:45:92:84:5b:1e:a7:15:39:13:33:fd: + 6f:a7:95:76:10:1f:b3:cd:11:e8:ed:ce:2c:63:cd:64:23:62: + c4:21:d6:48:bf:f7:10:b8:da:d5:72:14:ad:5a:a0:5d:4a:2b: + a0:76:5f:b8:3b:d2:6b:8a:7f:6b:6a:cc:84:eb:6a:be:d9:26: + 2c:bb:38:06:b8:f4:d4:fb:78:85:83:c8:ad:6e:56:f9:67:5f: + bc:3c:41:b6:f0:6f:d4:45:78:ed:3e:2f:c7:3a:3e:9a:98:68: + c4:64:79:29:51:19:cd:a6:70:c4:04:30:50:86:9c:f2:54:57: + b1:e1:7d:4a:d5:34:fc:93:31:6d:64:15:79:31:c0:70:d5:db: + bc:a0:be:21:22:1e:61:ac:4a:9f:a2:a6:ff:de:52:2e:31:d7: + 5e:39:66:c6:47:55:f6:64:f5:bd:ed:c0:60:b8:59:88:a1:8e: + 8c:5f:20:1b:be:41:51:f4 +-----BEGIN CERTIFICATE----- +MIID7DCCAdSgAwIBAgIBEzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjQzMFoXDTE5 +MDMxMTAzMjQzMFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj +YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR +YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU +Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm +bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH +AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjgzLzAwMDUwDQYJ +KoZIhvcNAQEFBQADggIBAJvqXaP0sgREMWtk5H0lXWkbJT1j1D8sD8ZgRHAYVzG+ +hDjoUyndXvJcjkFt6OqnI5G59MEgLM3WtLTmncO0W0xI3TrMzZ4Mk7vgA0McqwGG +TmdErWg95gBNnpVfhg/kGK89dqQbkV7oByuqYk7Zr/gV5zy7jPSpT99y9rBqNq3r +0hACy2Uop0xPmOF7HqqvPmFlkViUmSZpKQZQAkRhpjzuin7bVlr1zNZYb6JAUeGB ++ju4S40AZLKZ0+eKUnizZ6FkXd2gxVQd3gcp74UB1OkkRIvfm/WugE36TQh2fJdr +hnQiVtGHa0FUZvw70j4tlcFGBrnbDovhvshWgsMd34S2UO64MDxUB0mL4tSnuDUN +tgl+BAG7cYaMUIenOi24fCTNsaaHuOvV3I8CIflxBjTE5W//U0vdM5Zgi227A7E2 +MS0CbH+6cAp4uPtFkoRbHqcVORMz/W+nlXYQH7PNEejtzixjzWQjYsQh1ki/9xC4 +2tVyFK1aoF1KK6B2X7g70muKf2tqzITrar7ZJiy7OAa49NT7eIWDyK1uVvlnX7w8 +Qbbwb9RFeO0+L8c6PpqYaMRkeSlRGc2mcMQEMFCGnPJUV7HhfUrVNPyTMW1kFXkx +wHDV27ygviEiHmGsSp+ipv/eUi4x1145ZsZHVfZk9b3twGC4WYihjoxfIBu+QVH0 +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/14.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/14.pem new file mode 100644 index 0000000..099dd23 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/14.pem @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 20 (0x14) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 13 03:24:40 2009 GMT + Not After : Mar 11 03:24:40 2019 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab: + 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68: + fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41: + b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07: + 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14: + 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3: + 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd: + bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57: + 2a:e8:e8:44:0f:59:ea:e7:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:84/0006 + + Signature Algorithm: sha1WithRSAEncryption + 49:da:46:14:f1:5a:4a:09:cb:36:a5:fe:ab:50:f5:ea:e1:b2: + 18:79:dc:d7:79:bb:a8:b0:8d:0b:b5:e1:a9:60:db:8a:e9:3a: + b8:15:b0:eb:e4:45:bf:90:64:6b:4e:c1:dc:7e:9d:5f:47:0e: + be:7b:22:ba:c2:71:3d:5d:8b:8f:14:67:1d:19:51:54:05:5a: + 06:11:e1:1f:ca:bb:98:1a:a3:d6:16:b9:5d:8d:03:70:28:40: + ca:3a:7d:fe:a7:c3:40:ab:7a:0a:42:3a:95:f6:da:fd:bc:d9: + 09:50:70:9a:7a:b4:e9:ae:75:b7:cd:a8:56:f4:2e:7c:ef:40: + 63:6d:02:da:50:29:c8:df:2f:40:04:84:9d:60:a2:3c:21:fc: + d6:64:02:72:cb:4c:5b:e1:68:d9:0a:16:84:58:47:a5:d1:28: + 18:86:eb:07:b9:1f:db:9f:46:de:6b:2d:2e:4e:20:9a:40:3a: + 56:86:28:9f:c5:15:97:1a:3f:70:18:5f:44:1d:64:d0:76:ef: + 09:c5:23:21:03:32:9c:c4:23:af:c4:1f:85:fd:da:b8:40:33: + b6:c2:7d:2b:67:ff:88:a0:9c:a8:2e:9e:4b:40:44:6b:bc:c0: + 3b:f2:b3:a3:d5:f0:b4:04:85:cd:b4:cd:49:3d:34:64:1e:1d: + 16:a1:8f:05:74:8e:91:ee:98:6c:cc:c8:d8:c3:5e:fd:65:4a: + 15:ed:28:cb:0b:c3:b6:29:bc:d6:3d:0d:0e:a8:21:36:27:74: + 9d:f2:7c:58:1f:88:25:35:2b:7f:4c:16:38:df:0f:32:8f:db: + 22:96:ad:e8:8b:bd:d8:d5:e9:e1:b0:fe:53:03:e6:c7:67:78: + bf:a6:50:dc:2a:0a:c9:a2:df:6a:d5:c3:db:eb:20:1c:78:ed: + 69:14:d4:f5:26:62:78:f6:33:a0:ac:95:19:5d:a6:d9:30:8d: + 21:80:2d:42:dc:a5:a5:a0:42:41:e8:60:f1:4d:81:6d:e6:58: + 32:b9:e4:23:09:34:3e:7a:fb:69:4b:f3:c0:8a:00:c3:59:2b: + 02:13:fc:4e:9c:3e:8f:34:fe:b0:ca:07:df:6b:1d:97:9c:ca: + a9:b1:b6:8f:2d:92:6c:12:4b:64:23:d6:47:c1:f2:6f:79:16: + 78:7b:f8:36:b9:83:a3:a4:e7:0f:c0:99:d9:a3:09:45:ac:92: + 52:62:26:64:51:04:e9:92:6f:3e:f9:62:93:c5:2a:00:5b:d3: + 0b:66:75:ad:bb:5d:12:37:09:3c:b6:95:6d:c2:05:17:8f:d7: + 79:aa:0d:6a:6c:00:6e:94:0c:e8:e3:31:9d:8e:63:e9:f9:d2: + dc:8e:07:36:9a:e3:08:55 +-----BEGIN CERTIFICATE----- +MIID7DCCAdSgAwIBAgIBFDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMjQ0MFoXDTE5 +MDMxMTAzMjQ0MFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj +YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR +YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU +Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm +bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH +AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjg0LzAwMDYwDQYJ +KoZIhvcNAQEFBQADggIBAEnaRhTxWkoJyzal/qtQ9erhshh53Nd5u6iwjQu14alg +24rpOrgVsOvkRb+QZGtOwdx+nV9HDr57IrrCcT1di48UZx0ZUVQFWgYR4R/Ku5ga +o9YWuV2NA3AoQMo6ff6nw0CregpCOpX22v282QlQcJp6tOmudbfNqFb0LnzvQGNt +AtpQKcjfL0AEhJ1gojwh/NZkAnLLTFvhaNkKFoRYR6XRKBiG6we5H9ufRt5rLS5O +IJpAOlaGKJ/FFZcaP3AYX0QdZNB27wnFIyEDMpzEI6/EH4X92rhAM7bCfStn/4ig +nKgunktARGu8wDvys6PV8LQEhc20zUk9NGQeHRahjwV0jpHumGzMyNjDXv1lShXt +KMsLw7YpvNY9DQ6oITYndJ3yfFgfiCU1K39MFjjfDzKP2yKWreiLvdjV6eGw/lMD +5sdneL+mUNwqCsmi32rVw9vrIBx47WkU1PUmYnj2M6CslRldptkwjSGALULcpaWg +QkHoYPFNgW3mWDK55CMJND56+2lL88CKAMNZKwIT/E6cPo80/rDKB99rHZecyqmx +to8tkmwSS2Qj1kfB8m95Fnh7+Da5g6Ok5w/AmdmjCUWsklJiJmRRBOmSbz75YpPF +KgBb0wtmda27XRI3CTy2lW3CBReP13mqDWpsAG6UDOjjMZ2OY+n50tyOBzaa4whV +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/15.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/15.pem new file mode 100644 index 0000000..912e429 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/15.pem @@ -0,0 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 21 (0x15) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 14 11:35:42 2009 GMT + Not After : Mar 14 11:35:42 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42: + 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37: + cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be: + ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14: + 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a: + b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51: + ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3: + 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46: + c7:92:f2:b3:ba:6c:90:3d:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + OCSP No Check: + + Signature Algorithm: sha1WithRSAEncryption + 80:91:21:6b:30:15:99:38:e1:5c:74:82:7d:25:f0:ee:15:cb: + 44:f0:01:16:3d:17:09:7f:8e:73:bf:3b:34:52:c7:1d:0f:f6: + 8f:30:34:76:d7:c2:b9:95:14:a0:01:f8:93:de:ff:62:7e:c1: + 79:f2:de:e2:cf:0d:f8:9a:b3:6a:ab:cf:cf:68:12:9f:e2:81: + 7b:05:1f:27:34:a6:f6:68:9c:46:45:cd:d5:02:d7:7d:e0:d9: + b5:ef:7b:f6:7b:5c:d9:29:ae:f2:55:dd:10:7a:58:74:bc:ef: + a9:9b:9f:a8:e4:89:99:f0:df:3e:d4:c9:64:85:fa:fa:15:d0: + d2:20:2c:07:49:55:43:50:f4:0a:fd:dc:20:e5:cf:d5:e7:d6: + 2c:65:af:18:37:13:78:f5:dd:6e:43:a1:aa:be:93:20:be:4c: + 1f:71:47:10:cb:1c:48:62:5a:80:c6:d5:a4:23:c0:06:a0:e5: + d7:d5:b2:bb:4e:d8:fe:cf:d7:ae:93:ce:bb:ab:96:07:f8:a3: + fb:e9:4f:04:b0:96:a5:b4:3f:89:2c:d5:c9:cd:95:6c:38:cc: + 68:f3:3c:1b:0f:0e:c6:d2:b8:bc:8e:5a:97:66:eb:b7:9e:c1: + 3a:0c:17:74:e8:4c:91:5b:33:e4:3f:b5:1c:d7:91:e2:6f:5b: + 9c:27:ad:00:c6:30:49:ba:2e:a0:8d:a1:6f:c5:97:e5:b7:58: + ca:ee:8c:71:4e:3c:7a:f1:82:fc:6e:74:77:53:e5:d1:7a:02: + 35:c2:6b:91:7a:38:2c:17:42:45:2a:a6:b3:e9:e2:7e:80:a0: + b4:7d:dc:a8:4b:76:34:92:cf:87:76:b8:a8:31:b5:a7:1d:cf: + 93:10:bf:1d:bc:5a:65:1e:95:17:8c:4c:d6:5a:b4:08:a4:b7: + 9c:99:3a:a9:b4:45:c1:aa:5a:62:7f:6e:25:63:01:c3:e3:ad: + c0:1a:d7:5d:75:07:60:93:73:8e:9e:1e:7c:96:2d:39:b8:1b: + 85:4a:9e:8f:b9:2e:eb:94:c4:83:43:60:87:30:26:0b:9f:26: + a9:02:81:4a:df:20:08:e0:2c:8f:b8:c5:96:38:7e:b8:c8:88: + 32:e6:d4:ab:e4:13:4e:fe:66:fc:77:ef:e4:1c:5a:76:8d:60: + e4:f9:d7:be:ed:94:f2:92:e3:b5:5c:28:ea:a4:2d:d6:b6:76: + 64:4b:d4:f1:3a:eb:22:08:b0:f0:a9:31:1a:1d:e4:59:c3:07: + 7b:28:ed:55:ac:e6:bf:da:21:ce:44:77:79:10:a5:5c:66:b3: + a7:65:e1:15:59:81:f7:48:f4:eb:83:2a:08:1b:4f:08:0b:fd: + 2c:22:21:a7:c7:6b:87:d1 +-----BEGIN CERTIFICATE----- +MIIDtzCCAZ+gAwIBAgIBFTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNDExMzU0MloXDTEw +MDMxNDExMzU0MlowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb +rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li +sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq +j9ppRseS8rO6bJA9cQIDAQABoxMwETAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3 +DQEBBQUAA4ICAQCAkSFrMBWZOOFcdIJ9JfDuFctE8AEWPRcJf45zvzs0UscdD/aP +MDR218K5lRSgAfiT3v9ifsF58t7izw34mrNqq8/PaBKf4oF7BR8nNKb2aJxGRc3V +Atd94Nm173v2e1zZKa7yVd0Qelh0vO+pm5+o5ImZ8N8+1Mlkhfr6FdDSICwHSVVD +UPQK/dwg5c/V59YsZa8YNxN49d1uQ6GqvpMgvkwfcUcQyxxIYlqAxtWkI8AGoOXX +1bK7Ttj+z9euk867q5YH+KP76U8EsJaltD+JLNXJzZVsOMxo8zwbDw7G0ri8jlqX +Zuu3nsE6DBd06EyRWzPkP7Uc15Hib1ucJ60AxjBJui6gjaFvxZflt1jK7oxxTjx6 +8YL8bnR3U+XRegI1wmuRejgsF0JFKqaz6eJ+gKC0fdyoS3Y0ks+HdrioMbWnHc+T +EL8dvFplHpUXjEzWWrQIpLecmTqptEXBqlpif24lYwHD463AGtdddQdgk3OOnh58 +li05uBuFSp6PuS7rlMSDQ2CHMCYLnyapAoFK3yAI4CyPuMWWOH64yIgy5tSr5BNO +/mb8d+/kHFp2jWDk+de+7ZTykuO1XCjqpC3WtnZkS9TxOusiCLDwqTEaHeRZwwd7 +KO1VrOa/2iHORHd5EKVcZrOnZeEVWYH3SPTrgyoIG08IC/0sIiGnx2uH0Q== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/16.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/16.pem new file mode 100644 index 0000000..30ab2f1 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/16.pem @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 22 (0x16) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 14 13:48:12 2009 GMT + Not After : Mar 14 13:48:12 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab: + 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68: + fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41: + b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07: + 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14: + 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3: + 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd: + bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57: + 2a:e8:e8:44:0f:59:ea:e7:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:85/0007 + + Signature Algorithm: sha1WithRSAEncryption + b1:9e:ce:8d:09:9e:f9:21:6f:be:f2:a7:54:6e:24:82:e3:2b: + 88:b7:0d:e0:e2:49:33:b4:8b:ad:60:71:cc:20:23:57:cf:17: + a8:46:c0:a7:1a:5f:8e:8d:1a:cc:0b:1b:da:a4:34:b1:d7:74: + 1b:a7:e4:71:a1:2d:fd:2e:18:51:02:2c:93:ff:a9:f7:98:bd: + ed:6b:4c:55:8e:24:f6:97:8e:8a:80:56:52:7a:17:da:94:96: + fa:27:78:8c:65:40:a6:b1:d2:2a:13:fe:76:c0:0c:f2:04:3f: + d1:88:25:c3:5a:05:ca:33:d7:bb:27:e2:8b:e8:d4:00:fd:fc: + b6:a8:9d:27:c2:f9:ea:98:32:79:85:9d:a3:e7:bf:78:65:e8: + 15:ef:49:48:87:a9:b2:b4:c4:cb:ec:a7:da:90:36:d6:c5:6f: + ff:c3:85:19:13:0b:27:6a:d3:c4:e7:97:62:08:49:a3:e9:22: + 9a:3c:d1:91:8f:6e:8e:87:47:0e:38:43:8e:5a:84:f6:9c:24: + c1:9f:90:29:dc:38:73:72:7d:3f:d6:7f:dd:b3:d1:1d:cf:7b: + bc:31:a6:6b:b4:be:10:06:94:69:a0:16:ef:bd:e9:e7:a2:8b: + 18:e1:10:27:7f:9d:8a:f9:60:18:d5:93:54:d6:4e:c2:31:bf: + 37:00:db:d5:cf:85:da:e9:7b:e4:bb:48:f3:a5:6e:ba:48:1b: + 50:6a:10:99:f8:77:81:95:78:1b:d0:fe:d0:74:47:28:05:34: + 32:32:5f:1f:52:42:85:f8:7a:f1:a8:87:ff:2f:6c:ec:83:09: + 91:85:0a:43:ce:35:a2:7f:94:b6:ae:70:94:b6:0f:c9:c7:8a: + ee:7c:a7:32:8a:ee:c3:e1:ee:01:34:c1:b8:db:98:80:4c:ac: + 5f:ac:18:02:fa:f5:c1:36:df:39:57:57:81:b9:26:d0:81:0e: + 75:79:18:21:29:a6:cb:eb:97:58:f2:dd:8a:88:c1:a2:c7:54: + 9f:97:89:b1:ef:ff:11:5f:18:0a:cd:25:3e:d8:35:07:45:55: + 1e:bb:a2:54:fc:66:ac:0f:ac:2a:77:d6:1a:a4:44:cc:5a:49: + 37:45:70:5b:c9:3d:2c:6d:c1:7e:af:4d:9c:4f:2a:a2:d9:01: + 3d:e2:7f:a4:f2:4b:d7:60:b1:06:a3:b4:46:35:43:1c:be:79: + 46:a7:8a:50:ee:22:4f:b8:57:45:c9:83:8a:65:bb:7a:86:b3: + 30:3a:7c:62:d3:b7:08:34:a7:05:0a:44:a7:57:5c:2b:b6:34: + 03:ea:3a:61:06:c9:f2:65:16:f2:20:c5:32:0a:61:20:c9:f7: + 07:2e:e8:d2:f2:67:c4:64 +-----BEGIN CERTIFICATE----- +MIID7DCCAdSgAwIBAgIBFjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNDEzNDgxMloXDTEw +MDMxNDEzNDgxMlowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj +YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR +YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU +Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm +bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaM4MDYwNAYIKwYBBQUH +AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vMTI3LjAuMC4xOjg1LzAwMDcwDQYJ +KoZIhvcNAQEFBQADggIBALGezo0Jnvkhb77yp1RuJILjK4i3DeDiSTO0i61gccwg +I1fPF6hGwKcaX46NGswLG9qkNLHXdBun5HGhLf0uGFECLJP/qfeYve1rTFWOJPaX +joqAVlJ6F9qUlvoneIxlQKax0ioT/nbADPIEP9GIJcNaBcoz17sn4ovo1AD9/Lao +nSfC+eqYMnmFnaPnv3hl6BXvSUiHqbK0xMvsp9qQNtbFb//DhRkTCydq08Tnl2II +SaPpIpo80ZGPbo6HRw44Q45ahPacJMGfkCncOHNyfT/Wf92z0R3Pe7wxpmu0vhAG +lGmgFu+96eeiixjhECd/nYr5YBjVk1TWTsIxvzcA29XPhdrpe+S7SPOlbrpIG1Bq +EJn4d4GVeBvQ/tB0RygFNDIyXx9SQoX4evGoh/8vbOyDCZGFCkPONaJ/lLaucJS2 +D8nHiu58pzKK7sPh7gE0wbjbmIBMrF+sGAL69cE23zlXV4G5JtCBDnV5GCEppsvr +l1jy3YqIwaLHVJ+XibHv/xFfGArNJT7YNQdFVR67olT8ZqwPrCp31hqkRMxaSTdF +cFvJPSxtwX6vTZxPKqLZAT3if6TyS9dgsQajtEY1Qxy+eUanilDuIk+4V0XJg4pl +u3qGszA6fGLTtwg0pwUKRKdXXCu2NAPqOmEGyfJlFvIgxTIKYSDJ9wcu6NLyZ8Rk +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/17.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/17.pem new file mode 100644 index 0000000..0371f9d --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/17.pem @@ -0,0 +1,92 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 23 (0x17) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 16 05:36:43 2009 GMT + Not After : Mar 16 05:36:43 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab: + 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68: + fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41: + b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07: + 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14: + 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3: + 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd: + bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57: + 2a:e8:e8:44:0f:59:ea:e7:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 6C:00:26:BD:98:D4:60:DD:06:EA:CA:73:09:35:6A:7E:1F:92:D9:59 + X509v3 Authority Key Identifier: + DirName:/C=KR/ST=KyungGi-Do/L=Suwon-Si/O=Samsung Elec./CN=CA + serial:F2:5B:40:5B:C2:B7:D0:64 + + Signature Algorithm: sha1WithRSAEncryption + 5b:8c:6e:80:cd:e0:8f:cc:7d:a4:c1:d6:61:9a:78:93:eb:04: + 85:60:12:e1:1c:6d:0d:2e:fa:2a:1e:c9:08:ac:b5:6d:a8:00: + c8:8b:e5:1d:72:80:5a:df:d1:c9:88:10:a6:fe:35:62:11:72: + 5f:08:e7:94:f2:0a:0b:79:0e:04:9f:4f:16:d9:45:10:67:c4: + 5e:a2:34:a6:89:f9:67:3c:88:9e:82:d4:d4:28:42:ce:bd:c8: + 0a:cf:b6:9f:a9:7f:a1:5d:21:58:95:64:bd:84:24:2c:00:bf: + 29:ea:b6:f6:d2:b4:b9:03:6b:34:81:cb:5d:a8:fb:55:96:99: + 1a:71:94:cf:37:7e:83:c5:01:a6:cb:cd:38:06:27:49:99:56: + 38:06:19:f7:62:80:24:8c:4f:79:0f:2d:a4:b8:cc:6e:4b:35: + 5a:d2:8e:f1:26:b4:fb:d7:85:0d:7f:c6:a2:a3:20:e5:48:b8: + 0b:ee:a0:7d:a9:6d:e2:88:41:ee:f6:47:a6:1f:52:c2:ca:6c: + d9:d0:53:0f:a3:db:ee:12:0f:56:cf:51:75:70:9a:1a:02:c4: + ff:7e:46:77:75:1b:d6:d9:e2:7b:fb:a6:0f:11:49:9f:59:5d: + 2c:d8:0f:61:eb:c4:8f:51:1a:95:ae:dd:33:0e:da:40:90:67: + 6b:a3:7b:4d:9d:a2:53:37:c1:98:a5:c1:f5:b4:a6:dd:5e:ac: + b3:d3:ef:9d:1a:bc:15:1b:cb:8b:b7:73:ba:bd:3d:b9:6a:18: + e2:a2:ad:d8:54:5e:ea:81:71:ad:a1:e2:83:c9:89:3c:83:35: + 92:80:65:46:aa:45:45:4f:a3:c5:a4:a3:32:43:05:ec:a4:9f: + 61:5a:14:1a:0b:5b:6e:84:bf:d7:1d:fe:20:eb:c0:45:d4:92: + f2:56:09:12:dd:1a:0d:75:9d:43:0b:0b:71:0d:c7:1b:38:63: + b5:75:7b:f2:3e:d6:0d:07:21:ab:73:51:fe:e3:0f:36:b4:33: + d3:94:f2:ae:42:24:b1:2e:9d:68:69:18:d2:5a:1e:64:a6:67: + d2:40:f9:de:b5:d5:dd:15:72:de:05:a0:43:c7:b9:13:bd:e5: + 10:fd:52:f1:27:0f:95:5a:a4:cd:5a:ba:c6:7c:bd:14:4e:46: + 51:b1:b9:00:98:23:16:ce:ae:0a:6c:11:67:18:73:e7:d1:aa: + e9:6e:99:82:b7:2b:f2:e7:8c:8e:b5:2a:76:16:14:57:93:5e: + a4:7a:ec:f5:96:90:22:88:66:ca:3c:8b:92:95:2c:21:3f:a0: + 9e:56:c5:c2:27:1a:d8:9e:fa:fd:da:3b:96:52:cc:94:cf:5f: + d3:a8:b0:c0:f5:7c:58:f6 +-----BEGIN CERTIFICATE----- +MIIEhjCCAm6gAwIBAgIBFzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjA1MzY0M1oXDTEw +MDMxNjA1MzY0M1owYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj +YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR +YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU +Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm +bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaOB0TCBzjAJBgNVHRME +AjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0 +ZTAdBgNVHQ4EFgQUbAAmvZjUYN0G6spzCTVqfh+S2VkwdAYDVR0jBG0wa6FepFww +WjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xETAPBgNVBAcTCFN1 +d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMQswCQYDVQQDEwJDQYIJAPJb +QFvCt9BkMA0GCSqGSIb3DQEBBQUAA4ICAQBbjG6AzeCPzH2kwdZhmniT6wSFYBLh +HG0NLvoqHskIrLVtqADIi+UdcoBa39HJiBCm/jViEXJfCOeU8goLeQ4En08W2UUQ +Z8ReojSmiflnPIiegtTUKELOvcgKz7afqX+hXSFYlWS9hCQsAL8p6rb20rS5A2s0 +gctdqPtVlpkacZTPN36DxQGmy804BidJmVY4Bhn3YoAkjE95Dy2kuMxuSzVa0o7x +JrT714UNf8aioyDlSLgL7qB9qW3iiEHu9kemH1LCymzZ0FMPo9vuEg9Wz1F1cJoa +AsT/fkZ3dRvW2eJ7+6YPEUmfWV0s2A9h68SPURqVrt0zDtpAkGdro3tNnaJTN8GY +pcH1tKbdXqyz0++dGrwVG8uLt3O6vT25ahjioq3YVF7qgXGtoeKDyYk8gzWSgGVG +qkVFT6PFpKMyQwXspJ9hWhQaC1tuhL/XHf4g68BF1JLyVgkS3RoNdZ1DCwtxDccb +OGO1dXvyPtYNByGrc1H+4w82tDPTlPKuQiSxLp1oaRjSWh5kpmfSQPnetdXdFXLe +BaBDx7kTveUQ/VLxJw+VWqTNWrrGfL0UTkZRsbkAmCMWzq4KbBFnGHPn0arpbpmC +tyvy54yOtSp2FhRXk16keuz1lpAiiGbKPIuSlSwhP6CeVsXCJxrYnvr92juWUsyU +z1/TqLDA9XxY9g== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/18.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/18.pem new file mode 100644 index 0000000..0e189f1 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/18.pem @@ -0,0 +1,92 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 24 (0x18) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 16 05:38:34 2009 GMT + Not After : Mar 16 05:38:34 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First certificate to test OCSP + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c0:a9:51:63:19:e2:cc:f3:9d:19:d8:75:90:ab: + 13:40:a3:3f:9d:dc:ef:48:42:0d:00:36:db:ea:68: + fd:b9:15:34:a9:af:0f:52:2b:57:2e:03:74:13:41: + b4:59:69:7e:f6:e1:54:42:8d:c3:f4:85:2b:ff:07: + 97:a4:2f:5b:e4:13:be:72:ef:65:e7:59:be:ed:14: + 71:82:cc:09:03:50:99:66:08:34:1a:41:45:e6:e3: + 37:98:32:6a:15:d4:32:63:f7:26:6c:5a:ed:45:bd: + bb:aa:be:33:4b:9c:cb:b2:03:13:e3:2d:6f:61:57: + 2a:e8:e8:44:0f:59:ea:e7:bf + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 6C:00:26:BD:98:D4:60:DD:06:EA:CA:73:09:35:6A:7E:1F:92:D9:59 + X509v3 Authority Key Identifier: + DirName:/C=KR/ST=KyungGi-Do/L=Suwon-Si/O=Samsung Elec./CN=CA + serial:F2:5B:40:5B:C2:B7:D0:64 + + Signature Algorithm: sha1WithRSAEncryption + 5e:a6:39:dd:09:b5:6e:ef:1c:05:01:1b:91:7b:cc:26:66:0b: + 53:f0:69:1b:ae:7e:10:42:ef:38:c7:ce:09:0f:17:c9:28:df: + 7d:ab:e2:b6:ab:8d:56:17:38:db:e7:b0:2a:52:e0:ec:16:6a: + cf:db:8b:31:4f:bb:88:89:2e:24:1c:db:a3:b1:c9:fb:d5:9b: + e2:58:1d:6d:ca:cc:14:79:cc:e0:b1:27:8f:2a:a2:60:90:dc: + 7e:bf:52:65:1d:81:14:18:65:d4:f4:af:43:00:bc:88:50:4b: + ef:14:1a:5f:d2:7e:64:0e:fd:e0:26:cb:09:f8:b7:04:49:3e: + 6f:56:88:fa:0d:9e:23:90:06:98:ff:75:06:29:09:9b:df:21: + 69:e9:fa:53:a4:c0:9a:06:a7:e2:50:03:e8:13:32:db:a0:62: + 5f:a6:0e:3b:7f:0a:d8:f7:62:56:2e:ca:4b:f7:cb:59:00:d8: + 15:32:57:fc:67:24:8e:38:c1:7f:3a:a6:ca:ac:29:5b:b6:e6: + e5:2b:5a:f4:52:16:e3:5b:00:f1:46:c9:29:9b:75:e3:e3:28: + 69:fa:cb:52:69:5c:96:1b:2d:a2:ee:26:e3:df:10:fe:67:31: + 7f:bf:3a:7c:81:8c:87:1c:7c:ba:11:96:21:23:02:f9:ab:d8: + a7:33:ca:b2:47:12:07:c8:c7:a1:67:2a:1f:81:0d:11:f6:12: + c2:5e:b3:82:77:fb:d6:6e:a9:e5:0e:b3:5c:49:da:c5:b6:0a: + 3b:55:80:8a:b5:0d:ce:94:64:3f:68:f4:e9:4a:00:5b:1b:19: + a2:29:bc:2f:a4:7c:23:ee:30:c4:48:7e:8b:c5:65:f4:1b:cc: + 4c:5e:dc:fb:38:ed:2d:8e:2b:d8:e4:65:d4:bd:9f:9e:6f:08: + d0:35:24:86:72:f8:0d:ec:e0:15:49:ed:2a:67:43:13:88:f8: + fa:1f:03:e1:cb:14:e4:3c:5d:f9:78:b1:1c:a6:20:05:22:b1: + dc:e2:3d:d4:1c:62:a6:32:61:03:ce:2a:3c:bc:08:57:65:de: + ec:cf:26:ef:fd:1d:b8:91:f1:a7:e5:d9:2c:94:70:cb:e4:9c: + c6:78:b6:f3:ff:e4:9b:89:aa:fa:30:1d:62:0a:a7:ba:59:57: + 7b:40:f4:bb:47:1a:80:a7:f3:f4:da:ea:2f:e5:96:0b:7f:39: + f7:66:0c:bb:c3:33:c9:2d:9d:36:eb:29:6a:31:1b:b9:f6:31: + 3c:b7:fc:18:29:0f:67:a4:ca:6c:db:56:b2:fe:17:37:4d:35: + 38:c5:e8:62:b0:94:3a:ba:da:f6:4b:6c:81:22:05:90:60:ba: + 0d:0c:d8:d8:e2:c8:33:6a +-----BEGIN CERTIFICATE----- +MIIEhjCCAm6gAwIBAgIBGDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjA1MzgzNFoXDTEw +MDMxNjA1MzgzNFowYzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJzAlBgNVBAMTHkZpcnN0IGNlcnRpZmlj +YXRlIHRvIHRlc3QgT0NTUDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwKlR +YxnizPOdGdh1kKsTQKM/ndzvSEINADbb6mj9uRU0qa8PUitXLgN0E0G0WWl+9uFU +Qo3D9IUr/weXpC9b5BO+cu9l51m+7RRxgswJA1CZZgg0GkFF5uM3mDJqFdQyY/cm +bFrtRb27qr4zS5zLsgMT4y1vYVcq6OhED1nq578CAwEAAaOB0TCBzjAJBgNVHRME +AjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0 +ZTAdBgNVHQ4EFgQUbAAmvZjUYN0G6spzCTVqfh+S2VkwdAYDVR0jBG0wa6FepFww +WjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8xETAPBgNVBAcTCFN1 +d29uLVNpMRYwFAYDVQQKEw1TYW1zdW5nIEVsZWMuMQswCQYDVQQDEwJDQYIJAPJb +QFvCt9BkMA0GCSqGSIb3DQEBBQUAA4ICAQBepjndCbVu7xwFARuRe8wmZgtT8Gkb +rn4QQu84x84JDxfJKN99q+K2q41WFzjb57AqUuDsFmrP24sxT7uIiS4kHNujscn7 +1ZviWB1tyswUeczgsSePKqJgkNx+v1JlHYEUGGXU9K9DALyIUEvvFBpf0n5kDv3g +JssJ+LcEST5vVoj6DZ4jkAaY/3UGKQmb3yFp6fpTpMCaBqfiUAPoEzLboGJfpg47 +fwrY92JWLspL98tZANgVMlf8ZySOOMF/OqbKrClbtublK1r0UhbjWwDxRskpm3Xj +4yhp+stSaVyWGy2i7ibj3xD+ZzF/vzp8gYyHHHy6EZYhIwL5q9inM8qyRxIHyMeh +ZyofgQ0R9hLCXrOCd/vWbqnlDrNcSdrFtgo7VYCKtQ3OlGQ/aPTpSgBbGxmiKbwv +pHwj7jDESH6LxWX0G8xMXtz7OO0tjivY5GXUvZ+ebwjQNSSGcvgN7OAVSe0qZ0MT +iPj6HwPhyxTkPF35eLEcpiAFIrHc4j3UHGKmMmEDzio8vAhXZd7szybv/R24kfGn +5dkslHDL5JzGeLbz/+Sbiar6MB1iCqe6WVd7QPS7RxqAp/P02uov5ZYLfzn3Zgy7 +wzPJLZ026ylqMRu59jE8t/wYKQ9npMps21ay/hc3TTU4xehisJQ6utr2S2yBIgWQ +YLoNDNjY4sgzag== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/19.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/19.pem new file mode 100644 index 0000000..5e6f035 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/19.pem @@ -0,0 +1,82 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 25 (0x19) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 16 06:18:33 2009 GMT + Not After : Mar 16 06:18:33 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Second Responder Certificate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:aa:01:31:49:34:0e:6c:b5:25:a0:da:35:71:cf: + 9d:a7:c4:ad:27:31:ee:c2:46:fe:03:8f:4f:ed:f7: + 75:d5:b9:01:c6:a9:8f:8d:17:ca:8c:82:82:63:ed: + 08:d4:05:9e:31:3c:c9:66:59:41:72:63:8e:01:3e: + a2:39:d1:9c:51:9c:c5:9a:ad:72:0d:e6:2b:19:ba: + 45:a6:18:f6:e2:79:72:4b:5e:79:74:38:b5:86:9c: + 57:bb:2c:e8:f5:57:9b:32:34:86:2a:2f:40:2f:5d: + dd:9c:f5:63:d4:2e:ad:b1:d3:25:22:7c:86:89:84: + c9:26:70:3c:c8:11:64:ed:47 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + OCSP Signing + OCSP No Check: + + Signature Algorithm: sha1WithRSAEncryption + 23:9f:5b:21:e4:9f:c8:2f:37:b9:e4:84:fa:72:b5:16:b1:59: + 1d:5a:76:1a:be:ce:e2:08:d1:0e:0e:a1:ed:0a:5f:71:68:4e: + 7e:34:f2:7f:3c:2d:5a:d2:a3:2d:b1:91:a6:46:c4:13:ac:5f: + 2f:35:23:f2:d9:19:16:74:ee:1e:18:b8:43:7c:d0:7a:33:96: + 0b:ae:12:be:91:68:1b:98:7f:b3:5e:a2:c1:d8:64:e9:b6:24: + 3c:ef:f3:b7:0a:66:f9:8b:9b:9d:30:10:f5:95:97:83:41:6e: + 22:f7:1c:19:d6:da:6a:92:e1:28:79:f7:7d:60:12:f8:fe:e1: + 79:f7:8b:b5:04:a3:9d:b5:cb:a7:e6:b2:50:a4:48:ee:e6:d5: + 6e:ea:b6:3a:ca:c8:11:3a:4d:c1:20:e5:4b:d2:59:f3:af:40: + a9:4f:aa:81:1a:2d:4b:c2:99:43:fa:11:05:85:11:cf:ec:9b: + b3:96:4e:62:8e:3e:3c:64:82:df:50:ab:6a:31:e6:66:35:c0: + c5:dd:c2:a3:ba:f1:2b:66:7f:19:ba:3e:05:e8:e4:69:48:33: + 9a:89:39:2c:dc:b1:98:02:b5:18:8d:11:54:a9:40:27:2b:38: + 42:a4:fc:ea:46:80:0a:07:c7:a6:af:0a:2a:47:6d:bb:44:e8: + 3e:b7:27:ba:7b:1f:3a:00:c5:7f:de:96:88:dd:6b:bc:65:19: + 8f:39:96:53:13:78:4d:59:d8:76:5b:17:eb:57:71:2d:fb:2a: + b5:c9:d3:ea:af:9b:7c:39:88:82:c5:13:8a:d8:d5:4c:f5:90: + 25:dd:11:ef:f4:d2:5b:4f:e7:d8:d7:ee:c6:7b:2f:59:6d:55: + 54:3f:6e:ac:16:f4:3d:8a:b3:76:65:f6:13:6c:e8:6d:68:bf: + 2b:79:66:ed:9a:02:e7:4e:3b:65:cd:de:38:84:bc:7b:56:a2: + e6:bb:88:f1:54:71:eb:4d:04:e7:13:80:44:73:53:66:90:ef: + c7:c4:cf:e6:87:91:2c:cf:23:06:95:16:08:90:6a:9d:df:06: + 51:89:39:f0:61:5c:b8:79:7d:c4:ad:c4:4c:26:30:3d:13:bc: + ac:4f:bb:69:42:e1:28:89:1d:ac:1e:a7:81:86:4e:fd:4d:ba: + 06:a4:9b:33:06:e0:39:76:52:52:12:eb:c4:be:f5:e9:c9:ff: + 73:df:f2:6c:73:27:64:60:5d:1b:5f:9c:07:8e:89:10:a3:27: + 15:0e:7b:08:1e:a2:57:8c:f2:a5:e6:4c:86:4a:03:7a:45:a1: + ee:40:71:15:17:55:a3:7d:24:33:b3:57:46:11:07:c6:19:a0: + 50:aa:3a:97:7a:41:36:dc +-----BEGIN CERTIFICATE----- +MIID2jCCAcKgAwIBAgIBGTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjA2MTgzM1oXDTEw +MDMxNjA2MTgzM1owYTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJTAjBgNVBAMTHFNlY29uZCBSZXNwb25k +ZXIgQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKoBMUk0 +Dmy1JaDaNXHPnafErScx7sJG/gOPT+33ddW5Acapj40XyoyCgmPtCNQFnjE8yWZZ +QXJjjgE+ojnRnFGcxZqtcg3mKxm6RaYY9uJ5ckteeXQ4tYacV7ss6PVXmzI0hiov +QC9d3Zz1Y9QurbHTJSJ8homEySZwPMgRZO1HAgMBAAGjKDAmMBMGA1UdJQQMMAoG +CCsGAQUFBwMJMA8GCSsGAQUFBzABBQQCBQAwDQYJKoZIhvcNAQEFBQADggIBACOf +WyHkn8gvN7nkhPpytRaxWR1adhq+zuII0Q4Ooe0KX3FoTn408n88LVrSoy2xkaZG +xBOsXy81I/LZGRZ07h4YuEN80HozlguuEr6RaBuYf7NeosHYZOm2JDzv87cKZvmL +m50wEPWVl4NBbiL3HBnW2mqS4Sh5931gEvj+4Xn3i7UEo521y6fmslCkSO7m1W7q +tjrKyBE6TcEg5UvSWfOvQKlPqoEaLUvCmUP6EQWFEc/sm7OWTmKOPjxkgt9Qq2ox +5mY1wMXdwqO68Stmfxm6PgXo5GlIM5qJOSzcsZgCtRiNEVSpQCcrOEKk/OpGgAoH +x6avCipHbbtE6D63J7p7HzoAxX/elojda7xlGY85llMTeE1Z2HZbF+tXcS37KrXJ +0+qvm3w5iILFE4rY1Uz1kCXdEe/00ltP59jX7sZ7L1ltVVQ/bqwW9D2Ks3Zl9hNs +6G1ovyt5Zu2aAudOO2XN3jiEvHtWoua7iPFUcetNBOcTgERzU2aQ78fEz+aHkSzP +IwaVFgiQap3fBlGJOfBhXLh5fcStxEwmMD0TvKxPu2lC4SiJHawep4GGTv1Nugak +mzMG4Dl2UlIS68S+9enJ/3Pf8mxzJ2RgXRtfnAeOiRCjJxUOewgeoleM8qXmTIZK +A3pFoe5AcRUXVaN9JDOzV0YRB8YZoFCqOpd6QTbc +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/1A.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/1A.pem new file mode 100644 index 0000000..4279287 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/1A.pem @@ -0,0 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 26 (0x1a) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 16 11:42:26 2009 GMT + Not After : Mar 16 11:42:26 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42: + 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37: + cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be: + ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14: + 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a: + b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51: + ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3: + 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46: + c7:92:f2:b3:ba:6c:90:3d:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + OCSP No Check + Signature Algorithm: sha1WithRSAEncryption + a9:46:f1:69:d0:17:5c:84:65:ff:4e:17:ba:5a:3a:2a:f5:75: + ec:c2:2f:50:1a:fc:ce:7e:b0:9f:16:bd:51:fd:27:51:1a:8f: + 8c:d9:b1:c3:27:e9:b4:77:17:2d:d8:fc:e9:fe:e0:57:35:08: + 8f:f2:50:18:9b:e9:14:90:c2:e2:94:1b:19:18:9d:df:c1:20: + 9f:fd:4c:31:a1:b6:68:41:b6:93:66:04:74:03:d4:34:a2:cb: + bd:88:3a:36:9c:c0:a0:79:52:33:3d:c5:9f:fb:3e:32:24:cb: + 68:aa:78:d2:24:a3:44:39:55:28:3d:20:9a:c0:e9:98:cf:44: + 40:74:4c:83:83:8d:1d:2a:ce:f8:1d:b4:3c:f1:ca:60:5c:58: + 4a:7c:a9:6d:96:1c:96:16:82:7d:0c:14:26:6d:b6:e4:2f:05: + 4c:6f:0a:ed:59:aa:43:f8:e7:f5:a2:a5:01:c0:32:87:32:73: + fe:e4:b2:c0:ee:07:cf:f3:07:e4:e5:16:c2:07:91:7c:01:8c: + 5d:89:38:40:c6:43:80:ac:fb:cc:27:5a:de:9b:c7:70:c6:5b: + 2e:c8:c7:f9:08:2f:42:7e:ee:44:6e:50:29:5b:19:2f:16:fb: + 0d:16:f9:43:f3:82:c2:c0:ed:2d:a2:51:f2:1c:07:61:1b:2e: + c4:be:f4:7d:20:83:a9:0d:ff:bb:ec:86:c5:c5:5e:57:66:70: + 06:f1:0e:89:ba:a7:6b:39:dd:46:46:dc:a6:ec:fe:c8:44:4e: + bd:1d:d5:9b:2b:a2:df:04:9d:40:35:ce:35:3b:d1:b7:91:5c: + e6:5f:83:23:a2:9e:d5:be:46:9f:6a:43:4c:36:86:4c:a9:a5: + ce:05:e1:c2:65:9b:70:cd:67:63:c7:a5:1b:01:0d:3e:c3:cd: + 91:3e:65:33:72:2b:38:14:db:18:bb:f9:1a:3d:80:92:fb:66: + 86:06:29:0b:48:ef:91:35:e6:00:8f:81:22:3f:3a:36:af:9c: + 7f:9e:b1:f5:40:ab:43:8b:ff:f2:a2:0a:8d:7e:23:e3:97:3a: + 72:3d:70:fb:25:61:e0:a6:26:b3:d8:6e:62:77:ab:be:b8:16: + 88:2e:b5:0c:9a:44:e9:7f:01:96:d1:29:08:b1:a3:55:00:97: + ff:9d:2f:68:b8:bb:88:8f:03:47:4c:39:a9:62:fe:e0:fa:eb: + 4c:f2:f6:0e:23:43:ca:83:cb:54:84:79:c4:72:9d:1b:02:97: + ec:4a:50:5f:cd:10:ba:89:fb:4f:2e:df:50:06:be:55:fd:30: + c9:ca:58:94:a3:d3:e3:42:83:21:79:89:f7:dd:eb:46:f0:9a: + 88:1b:26:d9:a5:de:4b:c7 +-----BEGIN CERTIFICATE----- +MIIDvDCCAaSgAwIBAgIBGjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjExNDIyNloXDTEw +MDMxNjExNDIyNlowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb +rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li +sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq +j9ppRseS8rO6bJA9cQIDAQABoxgwFjAUBgNVHSUEDTALBgkrBgEFBQcwAQUwDQYJ +KoZIhvcNAQEFBQADggIBAKlG8WnQF1yEZf9OF7paOir1dezCL1Aa/M5+sJ8WvVH9 +J1Eaj4zZscMn6bR3Fy3Y/On+4Fc1CI/yUBib6RSQwuKUGxkYnd/BIJ/9TDGhtmhB +tpNmBHQD1DSiy72IOjacwKB5UjM9xZ/7PjIky2iqeNIko0Q5VSg9IJrA6ZjPREB0 +TIODjR0qzvgdtDzxymBcWEp8qW2WHJYWgn0MFCZttuQvBUxvCu1ZqkP45/WipQHA +Mocyc/7kssDuB8/zB+TlFsIHkXwBjF2JOEDGQ4Cs+8wnWt6bx3DGWy7Ix/kIL0J+ +7kRuUClbGS8W+w0W+UPzgsLA7S2iUfIcB2EbLsS+9H0gg6kN/7vshsXFXldmcAbx +Dom6p2s53UZG3Kbs/shETr0d1Zsrot8EnUA1zjU70beRXOZfgyOintW+Rp9qQ0w2 +hkyppc4F4cJlm3DNZ2PHpRsBDT7DzZE+ZTNyKzgU2xi7+Ro9gJL7ZoYGKQtI75E1 +5gCPgSI/OjavnH+esfVAq0OL//KiCo1+I+OXOnI9cPslYeCmJrPYbmJ3q764Fogu +tQyaROl/AZbRKQixo1UAl/+dL2i4u4iPA0dMOali/uD660zy9g4jQ8qDy1SEecRy +nRsCl+xKUF/NELqJ+08u31AGvlX9MMnKWJSj0+NCgyF5iffd60bwmogbJtml3kvH +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/1B.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/1B.pem new file mode 100644 index 0000000..7463494 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/1B.pem @@ -0,0 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 27 (0x1b) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 16 11:56:53 2009 GMT + Not After : Mar 16 11:56:53 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42: + 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37: + cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be: + ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14: + 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a: + b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51: + ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3: + 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46: + c7:92:f2:b3:ba:6c:90:3d:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + OCSP No Check: + + Signature Algorithm: sha1WithRSAEncryption + 30:ef:e6:6f:c4:15:ce:e0:09:3e:ab:07:cb:30:ca:64:77:a0: + cb:ca:9e:0e:b5:57:10:16:65:f3:f6:ff:76:c6:30:f1:28:5b: + 0f:9e:57:dd:fc:0a:b2:45:7b:ff:2a:e5:52:5c:39:62:cf:ff: + 20:06:e5:d4:50:d9:20:07:29:65:db:4a:96:b3:62:6e:3c:8e: + fc:8c:16:2f:b7:e6:82:13:e5:c9:47:ae:79:25:6c:1b:90:01: + 53:3a:d6:65:9d:3f:0d:b4:69:cc:72:e1:e1:5b:f3:bc:80:5d: + a0:a0:3a:be:99:59:e2:b4:84:eb:53:91:b7:f5:87:0c:e6:81: + 47:b2:be:28:5f:7c:26:df:18:ea:fc:7f:36:bb:3d:a3:9a:2b: + 86:04:32:26:7e:25:12:45:d0:56:6e:a7:d1:43:7d:f2:d4:85: + d3:a6:4e:9d:82:3b:15:77:5b:b5:77:7d:37:06:1c:84:ed:09: + bc:21:bb:fd:56:89:ee:f7:7d:8d:8f:ae:ab:37:5a:c0:9e:17: + 43:77:19:b3:2f:26:4b:1d:68:e3:95:0f:f9:09:6a:27:a5:26: + e0:00:cc:a4:7d:4c:89:a4:d9:54:56:5c:80:10:b2:eb:23:9d: + 53:64:ac:45:7e:85:ff:4b:34:29:56:91:8a:a6:9d:19:9f:0c: + 1a:c3:3a:82:eb:9f:0e:ab:a2:18:0a:d9:cd:20:bb:1a:33:51: + 38:c6:5b:7e:bf:fe:6f:cd:96:b9:b3:22:7e:99:b0:5b:52:e0: + a6:3b:07:87:28:83:18:12:cb:5e:d1:8e:29:52:e1:16:9e:a1: + 7e:0a:5c:2c:e2:e1:9d:2d:19:ce:c5:f3:f0:a1:99:18:5f:6d: + ea:07:8e:b5:0e:ab:e3:76:b8:f3:22:77:2b:52:70:4d:d3:9a: + 26:85:81:2c:13:70:d7:5e:da:0a:13:64:74:f4:22:98:33:c6: + 1f:99:6c:6a:55:7a:05:e6:51:7e:9b:ae:27:ff:68:4b:a9:5b: + 71:69:9f:fe:86:3f:3e:5d:47:8f:72:4b:07:2e:9a:29:07:36: + e3:2c:dd:94:72:f6:9b:04:b4:18:2a:49:c6:b6:1c:7f:e5:81: + ea:21:13:ca:50:0e:fe:b0:47:04:4d:52:b0:dc:39:50:a5:ac: + 4c:7a:72:c8:a3:c9:d3:f2:07:dc:1b:bc:83:e7:6c:9d:2a:a9: + c0:0a:5f:ff:d1:fc:d3:8f:fe:8c:b3:58:64:b5:d6:44:6a:7e: + b5:23:ea:7d:18:a5:f3:e1:7a:d1:56:cf:7d:05:b9:29:fc:28: + c1:e7:50:37:49:c7:17:69:73:d1:91:ac:d0:a3:ef:c1:99:1d: + 91:f6:55:9b:46:b6:46:4e +-----BEGIN CERTIFICATE----- +MIIDtzCCAZ+gAwIBAgIBGzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjExNTY1M1oXDTEw +MDMxNjExNTY1M1owUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb +rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li +sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq +j9ppRseS8rO6bJA9cQIDAQABoxMwETAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3 +DQEBBQUAA4ICAQAw7+ZvxBXO4Ak+qwfLMMpkd6DLyp4OtVcQFmXz9v92xjDxKFsP +nlfd/AqyRXv/KuVSXDliz/8gBuXUUNkgByll20qWs2JuPI78jBYvt+aCE+XJR655 +JWwbkAFTOtZlnT8NtGnMcuHhW/O8gF2goDq+mVnitITrU5G39YcM5oFHsr4oX3wm +3xjq/H82uz2jmiuGBDImfiUSRdBWbqfRQ33y1IXTpk6dgjsVd1u1d303BhyE7Qm8 +Ibv9Vonu932Nj66rN1rAnhdDdxmzLyZLHWjjlQ/5CWonpSbgAMykfUyJpNlUVlyA +ELLrI51TZKxFfoX/SzQpVpGKpp0ZnwwawzqC658Oq6IYCtnNILsaM1E4xlt+v/5v +zZa5syJ+mbBbUuCmOweHKIMYEste0Y4pUuEWnqF+Clws4uGdLRnOxfPwoZkYX23q +B461DqvjdrjzIncrUnBN05omhYEsE3DXXtoKE2R09CKYM8YfmWxqVXoF5lF+m64n +/2hLqVtxaZ/+hj8+XUePcksHLpopBzbjLN2UcvabBLQYKknGthx/5YHqIRPKUA7+ +sEcETVKw3DlQpaxMenLIo8nT8gfcG7yD52ydKqnACl//0fzTj/6Ms1hktdZEan61 +I+p9GKXz4XrRVs99Bbkp/CjB51A3SccXaXPRkazQo+/BmR2R9lWbRrZGTg== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/1C.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/1C.pem new file mode 100644 index 0000000..8d384fe --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/1C.pem @@ -0,0 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 28 (0x1c) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 16 12:10:50 2009 GMT + Not After : Mar 16 12:10:50 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42: + 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37: + cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be: + ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14: + 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a: + b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51: + ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3: + 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46: + c7:92:f2:b3:ba:6c:90:3d:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + OCSP No Check: + + Signature Algorithm: sha1WithRSAEncryption + 9e:15:66:51:b4:ba:c2:50:57:2f:fb:35:bd:43:53:67:26:73: + 96:30:ae:28:d3:fb:b6:d1:4c:e4:bb:1a:c6:f3:e4:40:b6:bb: + a8:85:c8:1f:e8:09:cd:5a:ec:c2:4d:21:7c:24:85:c2:78:1d: + 97:1f:65:41:50:4c:f7:c2:87:0d:5f:1b:0e:30:b1:66:97:9b: + 4d:d3:32:27:e2:a5:50:17:80:55:0b:d7:4e:ae:9d:94:c1:4f: + c3:98:f4:d7:64:9c:e5:c9:16:e0:2a:11:8e:27:8d:00:d8:5d: + 3d:61:15:8b:0d:16:39:f1:71:a1:d4:0c:28:fe:d8:47:09:d7: + be:00:95:39:3b:c0:1c:b2:fd:c4:74:e0:97:df:61:4d:90:db: + 7f:bf:85:21:72:91:90:fa:19:67:6e:cf:ef:61:86:0d:6d:60: + c6:9b:83:5a:44:fb:d6:d2:1f:f1:2b:5e:0f:3d:6c:a3:07:c3: + e6:99:13:73:53:71:b5:29:97:d9:43:73:f7:f5:47:41:08:92: + 59:22:95:3e:8d:5e:ff:3f:ad:17:2f:b4:2d:da:b8:5e:09:5a: + 23:c7:b4:eb:cb:3b:b8:83:e9:1c:5c:72:df:65:52:36:54:2f: + 73:0c:57:89:32:80:a4:3e:80:5b:d4:cf:84:73:63:62:27:86: + 0a:61:51:63:1a:58:e8:ed:09:5b:a7:99:97:a3:e6:00:ee:46: + e5:b7:c6:2f:2f:1a:57:8c:8b:e4:ff:19:f1:eb:3d:8a:ef:a6: + ea:3b:7e:d8:82:d6:cf:ff:fc:56:b9:85:4d:9a:21:a4:05:d3: + 3a:9a:84:b6:cc:2a:d5:7b:08:2b:00:fe:de:aa:55:53:4f:5c: + d1:a3:61:8e:44:d3:85:22:ab:88:a6:79:dc:8d:b4:39:e7:28: + 5a:30:68:10:bc:94:19:95:5f:6c:58:94:a4:05:da:5e:d9:1e: + ae:7b:50:cc:33:e8:db:b6:8f:ee:2e:28:da:fe:31:18:c1:a8: + 50:d9:2b:5c:b1:f8:1b:f5:ab:35:28:31:ca:85:3e:2b:14:0f: + 5a:49:94:6e:1b:3e:d7:ee:8b:ee:51:f2:24:7e:a6:d7:fd:b3: + 48:7e:e1:39:d9:e5:fa:4a:72:2c:4e:6f:64:39:48:88:23:3b: + 23:b3:7f:b1:aa:07:76:37:49:e1:81:fa:57:e5:58:d6:b8:bd: + e1:84:e4:47:7e:02:23:3c:21:3e:51:42:c5:ad:dd:41:1c:e5: + 27:17:c0:2c:cf:11:f0:19:ab:96:92:f3:d8:88:df:11:bc:7f: + 05:aa:14:03:7f:4b:31:2a:8f:1b:00:79:4e:bd:1e:71:24:3f: + c8:27:5a:e6:a7:8a:87:3e +-----BEGIN CERTIFICATE----- +MIIDtzCCAZ+gAwIBAgIBHDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyMTA1MFoXDTEw +MDMxNjEyMTA1MFowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb +rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li +sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq +j9ppRseS8rO6bJA9cQIDAQABoxMwETAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3 +DQEBBQUAA4ICAQCeFWZRtLrCUFcv+zW9Q1NnJnOWMK4o0/u20UzkuxrG8+RAtruo +hcgf6AnNWuzCTSF8JIXCeB2XH2VBUEz3wocNXxsOMLFml5tN0zIn4qVQF4BVC9dO +rp2UwU/DmPTXZJzlyRbgKhGOJ40A2F09YRWLDRY58XGh1Awo/thHCde+AJU5O8Ac +sv3EdOCX32FNkNt/v4UhcpGQ+hlnbs/vYYYNbWDGm4NaRPvW0h/xK14PPWyjB8Pm +mRNzU3G1KZfZQ3P39UdBCJJZIpU+jV7/P60XL7Qt2rheCVojx7Tryzu4g+kcXHLf +ZVI2VC9zDFeJMoCkPoBb1M+Ec2NiJ4YKYVFjGljo7Qlbp5mXo+YA7kblt8YvLxpX +jIvk/xnx6z2K76bqO37YgtbP//xWuYVNmiGkBdM6moS2zCrVewgrAP7eqlVTT1zR +o2GORNOFIquIpnncjbQ55yhaMGgQvJQZlV9sWJSkBdpe2R6ue1DMM+jbto/uLija +/jEYwahQ2Stcsfgb9as1KDHKhT4rFA9aSZRuGz7X7ovuUfIkfqbX/bNIfuE52eX6 +SnIsTm9kOUiIIzsjs3+xqgd2N0nhgfpX5VjWuL3hhORHfgIjPCE+UULFrd1BHOUn +F8AszxHwGauWkvPYiN8RvH8FqhQDf0sxKo8bAHlOvR5xJD/IJ1rmp4qHPg== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/1D.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/1D.pem new file mode 100644 index 0000000..ccb3cdb --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/1D.pem @@ -0,0 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 29 (0x1d) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 16 12:12:56 2009 GMT + Not After : Mar 16 12:12:56 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42: + 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37: + cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be: + ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14: + 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a: + b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51: + ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3: + 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46: + c7:92:f2:b3:ba:6c:90:3d:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + OCSP No Check: + + Signature Algorithm: sha1WithRSAEncryption + 08:72:72:7b:9c:62:fb:4d:ed:66:dc:d9:f2:db:a0:89:0e:ff: + 04:54:3a:16:60:e4:d9:c8:68:44:54:ee:27:a9:8a:45:ff:26: + 7e:05:1e:c9:61:cd:f3:54:25:d8:72:6e:6f:87:a1:65:ad:cd: + f4:8b:86:8f:5e:20:ab:82:4f:ac:1e:ec:a7:fd:66:2b:33:73: + 64:44:36:8a:a8:3e:fa:9c:48:ce:ec:52:a9:23:51:94:4b:61: + 55:d5:ea:83:95:30:a2:af:ef:69:ac:bc:48:47:bd:5f:18:5a: + 64:71:6c:65:a9:e7:fd:d2:c1:5f:56:68:6c:90:74:f9:a3:35: + 92:7d:aa:d9:d7:64:20:6d:84:d1:53:a8:b8:06:05:83:5f:e2: + e4:94:81:55:09:df:3d:88:fb:76:f1:ee:59:67:75:41:70:77: + fe:7c:c2:b6:d3:7a:13:a0:ab:99:62:7a:fc:5e:d2:ea:d0:99: + 91:3a:57:8b:01:99:3a:78:3b:6c:b6:8d:1b:9d:21:69:90:28: + 34:c6:f3:14:81:94:d3:9d:5c:d2:0b:44:78:29:f9:fb:c2:e8: + 30:47:eb:27:ab:8b:b5:d4:28:a3:6d:fa:83:5d:13:76:da:d2: + da:77:c3:d0:e0:d3:8b:c1:6e:e4:e0:94:b3:6a:4d:60:9b:84: + 24:02:75:ca:89:4b:60:83:51:3a:7a:b1:c7:e7:d4:55:40:fa: + ac:7e:1b:c4:f4:d9:01:e2:84:e7:16:20:92:68:6f:dd:2f:a5: + 5a:c5:40:24:9f:89:e9:53:43:02:76:ea:a2:be:17:de:c8:da: + fa:0e:2a:b8:98:25:0f:c9:2e:31:6f:a9:bf:ec:54:09:bf:e0: + 74:af:23:bd:ee:b1:c4:2b:91:8a:dc:c4:14:e5:52:c9:c8:fd: + ae:c0:87:e1:8e:a9:b5:25:2b:ce:43:fa:3a:2a:02:fb:2f:9a: + 04:7a:39:e1:8f:84:99:4c:61:6a:24:7c:a3:66:bc:93:80:4e: + 14:22:bc:fb:eb:a0:2f:e2:5a:be:01:c5:3d:76:72:ce:d6:be: + e7:e0:01:27:ca:22:35:1b:81:84:c4:d6:ee:24:8d:f0:be:cd: + 0e:a8:85:29:f2:23:20:23:52:14:4a:c0:8a:ac:9a:d6:14:63: + 01:1f:41:f7:8c:c5:18:4e:39:64:05:f6:da:44:a3:18:1a:6f: + 77:62:40:f2:e5:d6:ab:4d:55:8b:ed:76:f6:73:80:de:1c:b9: + 69:84:11:aa:e2:56:07:e6:0a:a1:41:4b:a5:b4:92:f4:30:48: + 4d:df:e6:a6:52:97:84:8d:7e:04:24:99:d1:93:a4:55:8b:d7: + c9:82:44:63:74:f3:1f:d5 +-----BEGIN CERTIFICATE----- +MIIDtzCCAZ+gAwIBAgIBHTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyMTI1NloXDTEw +MDMxNjEyMTI1NlowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb +rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li +sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq +j9ppRseS8rO6bJA9cQIDAQABoxMwETAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3 +DQEBBQUAA4ICAQAIcnJ7nGL7Te1m3Nny26CJDv8EVDoWYOTZyGhEVO4nqYpF/yZ+ +BR7JYc3zVCXYcm5vh6Flrc30i4aPXiCrgk+sHuyn/WYrM3NkRDaKqD76nEjO7FKp +I1GUS2FV1eqDlTCir+9prLxIR71fGFpkcWxlqef90sFfVmhskHT5ozWSfarZ12Qg +bYTRU6i4BgWDX+LklIFVCd89iPt28e5ZZ3VBcHf+fMK203oToKuZYnr8XtLq0JmR +OleLAZk6eDtsto0bnSFpkCg0xvMUgZTTnVzSC0R4Kfn7wugwR+snq4u11CijbfqD +XRN22tLad8PQ4NOLwW7k4JSzak1gm4QkAnXKiUtgg1E6erHH59RVQPqsfhvE9NkB +4oTnFiCSaG/dL6VaxUAkn4npU0MCduqivhfeyNr6Diq4mCUPyS4xb6m/7FQJv+B0 +ryO97rHEK5GK3MQU5VLJyP2uwIfhjqm1JSvOQ/o6KgL7L5oEejnhj4SZTGFqJHyj +ZryTgE4UIrz766Av4lq+AcU9dnLO1r7n4AEnyiI1G4GExNbuJI3wvs0OqIUp8iMg +I1IUSsCKrJrWFGMBH0H3jMUYTjlkBfbaRKMYGm93YkDy5darTVWL7Xb2c4DeHLlp +hBGq4lYH5gqhQUultJL0MEhN3+amUpeEjX4EJJnRk6RVi9fJgkRjdPMf1Q== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/1E.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/1E.pem new file mode 100644 index 0000000..a3648ae --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/1E.pem @@ -0,0 +1,82 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 30 (0x1e) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 16 12:13:11 2009 GMT + Not After : Mar 16 12:13:11 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42: + 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37: + cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be: + ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14: + 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a: + b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51: + ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3: + 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46: + c7:92:f2:b3:ba:6c:90:3d:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + OCSP No Check: + + X509v3 Extended Key Usage: + OCSP Signing + Signature Algorithm: sha1WithRSAEncryption + 8f:da:fe:f8:bb:53:ba:a5:4a:ed:09:6e:4e:5e:10:3f:aa:ce: + b4:49:9e:53:d9:66:ff:3c:1e:d6:b4:7b:b5:ca:74:7e:11:12: + 2e:da:a5:9b:2d:81:40:aa:f6:06:4a:df:43:59:63:cd:31:05: + 8b:20:4b:1d:c0:66:e7:02:c5:6f:b3:a6:5e:ad:73:fc:88:61: + e7:b4:fe:59:c7:3b:85:4c:06:97:87:5f:c3:80:fc:28:29:b4: + 2d:c6:3b:ea:ac:4d:ce:d8:f3:f7:ca:45:9c:23:33:80:23:da: + 83:39:a7:d6:51:a0:a2:79:56:48:f3:2b:ca:c4:31:56:09:ab: + 2e:c8:50:0a:24:c1:36:3e:11:5d:cd:1b:9b:d7:38:59:70:a1: + ea:de:50:fa:44:37:33:1a:b3:24:b7:a6:29:3c:21:1e:66:cf: + 23:65:12:90:01:20:1a:b4:be:39:ff:7e:bf:55:17:5f:bd:fc: + 77:67:12:15:c9:9c:42:7f:49:f5:6f:96:15:68:ba:e9:b1:16: + dc:ac:92:b0:26:55:2e:1f:90:62:1c:da:29:94:1c:17:d3:92: + 6b:1d:83:bc:ac:cb:3f:b9:d1:e4:e2:a4:67:f4:c0:a1:21:ff: + 3f:92:ab:9a:d2:6f:8b:0b:f9:a0:75:b2:da:20:38:08:b6:b9: + 1c:b8:8a:af:c8:67:63:f2:53:fa:9e:0c:8f:3d:fa:5d:07:0d: + af:96:10:e6:fa:6f:76:c4:7e:ac:82:e7:2c:04:c4:7b:66:be: + 25:69:f9:cb:10:1d:8f:29:6a:f1:0b:50:b3:00:d6:47:75:03: + b6:34:96:60:f8:32:e2:9b:a0:b2:71:e4:6f:31:4f:d3:64:48: + d3:01:27:ba:e8:11:76:36:86:7e:74:9d:44:cd:25:bc:7f:90: + f7:64:a1:10:ae:75:82:f9:5d:b6:65:83:5b:71:19:89:9d:0e: + 70:01:46:bf:86:d2:82:cf:ca:c5:c6:34:54:67:ea:e4:9c:32: + db:12:ad:d2:8d:78:9b:07:cb:06:f1:f0:3c:0a:56:70:11:9b: + 71:2d:41:1c:b5:81:cf:a1:6f:2e:17:f5:54:99:ea:c0:79:e5: + d0:0c:df:50:2a:aa:ff:e3:8b:a3:66:2a:9f:f0:84:b6:8f:e6: + 8e:fd:d9:91:e5:8c:8b:5b:d1:77:d7:1d:b1:06:b6:1e:48:32: + 82:d5:28:f2:24:40:2e:71:5c:e1:16:1e:14:2d:77:22:d3:ab: + 84:b6:c0:ad:67:3d:b2:a6:15:f8:00:f9:95:f7:32:05:3b:e7: + a7:41:62:16:3f:f6:55:f1:c0:9e:6a:c5:00:a1:9c:78:27:58: + ea:80:17:5f:80:fa:9d:b0 +-----BEGIN CERTIFICATE----- +MIIDzDCCAbSgAwIBAgIBHjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyMTMxMVoXDTEw +MDMxNjEyMTMxMVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb +rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li +sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq +j9ppRseS8rO6bJA9cQIDAQABoygwJjAPBgkrBgEFBQcwAQUEAgUAMBMGA1UdJQQM +MAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBBQUAA4ICAQCP2v74u1O6pUrtCW5OXhA/ +qs60SZ5T2Wb/PB7WtHu1ynR+ERIu2qWbLYFAqvYGSt9DWWPNMQWLIEsdwGbnAsVv +s6ZerXP8iGHntP5ZxzuFTAaXh1/DgPwoKbQtxjvqrE3O2PP3ykWcIzOAI9qDOafW +UaCieVZI8yvKxDFWCasuyFAKJME2PhFdzRub1zhZcKHq3lD6RDczGrMkt6YpPCEe +Zs8jZRKQASAatL45/36/VRdfvfx3ZxIVyZxCf0n1b5YVaLrpsRbcrJKwJlUuH5Bi +HNoplBwX05JrHYO8rMs/udHk4qRn9MChIf8/kqua0m+LC/mgdbLaIDgItrkcuIqv +yGdj8lP6ngyPPfpdBw2vlhDm+m92xH6sgucsBMR7Zr4lafnLEB2PKWrxC1CzANZH +dQO2NJZg+DLim6CyceRvMU/TZEjTASe66BF2NoZ+dJ1EzSW8f5D3ZKEQrnWC+V22 +ZYNbcRmJnQ5wAUa/htKCz8rFxjRUZ+rknDLbEq3SjXibB8sG8fA8ClZwEZtxLUEc +tYHPoW8uF/VUmerAeeXQDN9QKqr/44ujZiqf8IS2j+aO/dmR5YyLW9F31x2xBrYe +SDKC1SjyJEAucVzhFh4ULXci06uEtsCtZz2yphX4APmV9zIFO+enQWIWP/ZV8cCe +asUAoZx4J1jqgBdfgPqdsA== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/1F.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/1F.pem new file mode 100644 index 0000000..826fbd4 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/1F.pem @@ -0,0 +1,82 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 31 (0x1f) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 16 12:18:09 2009 GMT + Not After : Mar 16 12:18:09 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42: + 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37: + cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be: + ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14: + 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a: + b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51: + ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3: + 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46: + c7:92:f2:b3:ba:6c:90:3d:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + OCSP No Check: + + X509v3 Extended Key Usage: + OCSP Signing + Signature Algorithm: sha1WithRSAEncryption + 79:52:2d:07:c5:c3:28:24:6e:4e:fa:96:bc:67:29:f8:1c:1d: + b0:c9:ea:1a:5a:1b:6c:a6:c8:c2:05:3f:3c:2c:8d:23:6c:5e: + 04:09:ae:80:d5:a6:0b:72:6b:58:29:45:4f:38:f6:01:14:0e: + fd:6a:c3:80:8d:a6:1c:05:e9:9f:a5:a9:93:0a:f3:2a:6b:47: + dd:b9:77:4f:89:e9:e8:15:ae:46:d1:55:0e:79:d2:63:df:0a: + 28:c6:c3:6b:d9:b8:66:6a:b1:28:15:68:ec:33:2d:51:9e:eb: + 08:12:61:5c:6d:17:b9:6c:db:33:b6:e4:99:4f:7c:3e:3c:31: + 28:04:8a:d9:a8:dd:43:b4:80:4c:3d:8f:43:a8:d4:8b:da:f5: + 04:7d:0c:c3:f7:c3:75:ab:b1:a9:a3:7e:f1:d0:44:46:99:c0: + 7f:00:ce:3d:82:b4:07:4b:37:5f:68:49:99:d9:9d:c9:b0:ab: + 8b:45:2b:cd:b0:19:33:3a:81:8e:25:1e:e8:ad:b7:1c:8b:0a: + 18:96:e2:78:cc:53:ef:fc:b4:90:46:55:7b:d6:3b:8f:cf:e0: + 7f:f9:0e:41:04:a4:06:3e:9c:86:6e:c8:2c:11:de:6a:8b:82: + a5:49:70:d2:ac:3a:45:4a:c9:fb:1e:a5:4c:0e:1d:88:b5:86: + ac:08:a6:57:61:6c:1c:7f:63:7a:44:ad:50:16:f8:f9:2f:22: + 4b:ba:ae:22:fc:b9:58:fe:9d:b4:31:a8:7d:f5:86:18:03:01: + 7b:51:c1:57:7f:62:77:1d:e6:98:06:1c:da:7f:cd:f0:e8:12: + 9c:7e:70:c3:bc:bd:db:18:de:57:f3:4c:1a:6a:b6:e1:24:3f: + 2c:2d:3e:ee:7f:01:45:84:09:5f:cf:ff:a6:26:a9:36:8e:13: + d8:f5:72:85:4a:0e:55:a5:6c:27:ef:91:e4:1c:93:f4:93:75: + c4:b5:22:16:b3:af:ec:81:72:dd:f2:4c:a4:f5:99:00:f7:e8: + f1:9e:a1:e3:a1:dd:ea:e3:5e:47:d1:ea:72:cb:6d:b6:60:cc: + de:3c:f4:cf:7e:c1:3d:bf:c1:34:88:cb:ee:a2:23:2e:72:ca: + 56:f2:ec:9b:16:3b:5e:8e:02:0f:d5:7e:d2:8a:49:26:fb:59: + 3f:6c:15:1c:b3:cf:a0:6e:70:b6:81:31:44:cf:9a:70:1d:86: + a6:9a:7e:7e:88:85:34:72:9d:da:3e:3f:65:ad:ad:d2:67:2a: + 22:62:4d:c2:9a:dd:f4:23:45:be:e2:e2:26:cb:f4:7b:f4:5f: + 45:d2:6a:71:a9:9c:69:cd:c5:c1:f3:96:44:f5:d2:95:77:bc: + 1c:aa:79:cc:a1:d5:3c:32 +-----BEGIN CERTIFICATE----- +MIIDzDCCAbSgAwIBAgIBHzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyMTgwOVoXDTEw +MDMxNjEyMTgwOVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb +rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li +sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq +j9ppRseS8rO6bJA9cQIDAQABoygwJjAPBgkrBgEFBQcwAQUEAgUAMBMGA1UdJQQM +MAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBBQUAA4ICAQB5Ui0HxcMoJG5O+pa8Zyn4 +HB2wyeoaWhtspsjCBT88LI0jbF4ECa6A1aYLcmtYKUVPOPYBFA79asOAjaYcBemf +pamTCvMqa0fduXdPienoFa5G0VUOedJj3wooxsNr2bhmarEoFWjsMy1RnusIEmFc +bRe5bNsztuSZT3w+PDEoBIrZqN1DtIBMPY9DqNSL2vUEfQzD98N1q7Gpo37x0ERG +mcB/AM49grQHSzdfaEmZ2Z3JsKuLRSvNsBkzOoGOJR7orbcciwoYluJ4zFPv/LSQ +RlV71juPz+B/+Q5BBKQGPpyGbsgsEd5qi4KlSXDSrDpFSsn7HqVMDh2ItYasCKZX +YWwcf2N6RK1QFvj5LyJLuq4i/LlY/p20Mah99YYYAwF7UcFXf2J3HeaYBhzaf83w +6BKcfnDDvL3bGN5X80waarbhJD8sLT7ufwFFhAlfz/+mJqk2jhPY9XKFSg5VpWwn +75HkHJP0k3XEtSIWs6/sgXLd8kyk9ZkA9+jxnqHjod3q415H0epyy222YMzePPTP +fsE9v8E0iMvuoiMucspW8uybFjtejgIP1X7Sikkm+1k/bBUcs8+gbnC2gTFEz5pw +HYammn5+iIU0cp3aPj9lra3SZyoiYk3Cmt30I0W+4uImy/R79F9F0mpxqZxpzcXB +85ZE9dKVd7wcqnnModU8Mg== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/20.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/20.pem new file mode 100644 index 0000000..67dbfb4 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/20.pem @@ -0,0 +1,82 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 32 (0x20) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 16 12:29:16 2009 GMT + Not After : Mar 16 12:29:16 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42: + 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37: + cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be: + ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14: + 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a: + b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51: + ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3: + 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46: + c7:92:f2:b3:ba:6c:90:3d:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + OCSP Signing + OCSP No Check: + + Signature Algorithm: sha1WithRSAEncryption + 22:63:3c:cd:27:23:8b:bf:c2:f1:d9:e8:f8:62:0b:58:a6:7d: + d7:f1:1f:d8:a2:0e:02:1f:51:30:a9:fd:b6:2a:e0:f3:55:f4: + a6:a4:d5:f2:3b:b1:2d:09:66:67:ab:f3:12:07:4f:98:96:7d: + 7a:95:64:99:df:b0:75:b1:5a:51:76:bc:70:82:80:5f:14:0c: + d6:f3:4a:0c:26:87:d2:ad:ed:8a:fe:94:73:6b:37:c6:3e:b5: + 70:a4:06:a8:48:af:fc:45:6c:d8:71:ae:9d:a1:05:14:26:bc: + 3c:76:1e:f0:d4:00:08:b3:5d:9e:0b:da:c4:51:c2:3f:da:25: + e5:ff:9f:20:9a:30:c1:03:cb:62:64:2d:de:20:a0:c4:53:d9: + a8:b2:36:4d:db:2f:1d:f6:31:48:b1:8a:32:9d:4a:5d:b2:8d: + e1:57:e7:47:c8:c6:58:e2:91:5f:de:dd:6c:e1:36:57:12:7d: + 54:75:5b:d8:11:15:75:53:70:79:4e:46:ce:5d:b5:4d:62:ac: + 79:14:0a:0b:57:aa:ef:43:aa:5c:7f:97:df:cf:51:7c:08:98: + db:36:f2:9d:66:7f:98:c2:9e:2b:70:85:f0:9c:41:19:32:c2: + 5c:27:08:7e:b9:d1:f1:fb:a6:05:55:ad:6e:73:04:dd:14:fb: + d6:e5:17:f6:3b:bc:30:93:e8:0f:66:0f:90:2b:c4:60:f7:2c: + de:35:e1:33:da:a0:67:54:00:d8:2a:2f:e1:8c:0b:a3:33:94: + 32:cc:94:fe:d6:d8:96:0c:58:92:ee:89:a8:8e:c8:75:e5:a3: + 2a:94:8a:b8:bb:c2:c3:1c:1d:4d:af:c9:4a:5b:6a:83:34:34: + ed:f8:f4:fc:23:d5:93:85:39:ad:12:d6:86:48:e4:9c:23:b2: + 84:9e:77:8f:3f:17:c2:91:b8:95:a8:69:4d:43:be:a1:13:9c: + d8:30:cb:e1:ce:91:92:11:eb:b3:e3:83:2c:ab:f1:2b:3e:7d: + 5d:dc:6b:69:64:28:a5:cc:06:8e:39:9f:f6:11:ec:f9:b3:86: + bb:c6:26:2f:a9:dd:70:39:34:e3:7a:97:4e:f2:cd:fd:8f:29: + d7:e7:37:15:53:ab:98:3c:51:65:0c:c4:d1:0e:cb:33:17:4f: + 1c:b3:81:e5:90:f0:43:86:74:a3:40:c4:4a:0d:bb:65:0b:c2: + de:b7:ec:e8:99:e4:92:d1:16:31:0a:2b:6a:d9:e5:8c:13:3f: + ec:e6:cf:c0:08:6b:92:37:ae:e2:a9:9c:c6:3b:0f:2d:e4:82: + d6:b5:92:be:db:65:53:95:7f:fe:09:cd:79:bd:23:ac:3b:5c: + ec:3b:98:90:76:90:c4:c5 +-----BEGIN CERTIFICATE----- +MIIDzDCCAbSgAwIBAgIBIDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyMjkxNloXDTEw +MDMxNjEyMjkxNlowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb +rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li +sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq +j9ppRseS8rO6bJA9cQIDAQABoygwJjATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkr +BgEFBQcwAQUEAgUAMA0GCSqGSIb3DQEBBQUAA4ICAQAiYzzNJyOLv8Lx2ej4YgtY +pn3X8R/Yog4CH1Ewqf22KuDzVfSmpNXyO7EtCWZnq/MSB0+Yln16lWSZ37B1sVpR +drxwgoBfFAzW80oMJofSre2K/pRzazfGPrVwpAaoSK/8RWzYca6doQUUJrw8dh7w +1AAIs12eC9rEUcI/2iXl/58gmjDBA8tiZC3eIKDEU9mosjZN2y8d9jFIsYoynUpd +so3hV+dHyMZY4pFf3t1s4TZXEn1UdVvYERV1U3B5TkbOXbVNYqx5FAoLV6rvQ6pc +f5ffz1F8CJjbNvKdZn+Ywp4rcIXwnEEZMsJcJwh+udHx+6YFVa1ucwTdFPvW5Rf2 +O7wwk+gPZg+QK8Rg9yzeNeEz2qBnVADYKi/hjAujM5QyzJT+1tiWDFiS7omojsh1 +5aMqlIq4u8LDHB1Nr8lKW2qDNDTt+PT8I9WThTmtEtaGSOScI7KEnnePPxfCkbiV +qGlNQ76hE5zYMMvhzpGSEeuz44Msq/ErPn1d3GtpZCilzAaOOZ/2Eez5s4a7xiYv +qd1wOTTjepdO8s39jynX5zcVU6uYPFFlDMTRDsszF08cs4HlkPBDhnSjQMRKDbtl +C8Let+zomeSS0RYxCitq2eWMEz/s5s/ACGuSN67iqZzGOw8t5ILWtZK+22VTlX/+ +Cc15vSOsO1zsO5iQdpDExQ== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/21.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/21.pem new file mode 100644 index 0000000..ba1c080 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/21.pem @@ -0,0 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 33 (0x21) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 16 12:33:25 2009 GMT + Not After : Mar 16 12:33:25 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42: + 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37: + cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be: + ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14: + 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a: + b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51: + ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3: + 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46: + c7:92:f2:b3:ba:6c:90:3d:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + OCSP No Check: + + Signature Algorithm: sha1WithRSAEncryption + 82:41:0d:08:56:89:0d:b0:bc:15:6e:8a:aa:b9:85:55:2c:61: + 4f:78:7c:41:3d:d3:06:00:3a:de:69:19:4f:b2:44:bd:fd:ca: + 42:aa:ed:12:76:bb:6e:e7:fa:29:ab:ec:7b:d5:cb:48:8a:e8: + 3b:ef:30:a4:b1:94:73:83:43:21:f9:1f:7c:38:cc:a9:9b:a1: + 7b:ba:af:96:9e:c4:e2:96:39:6f:d5:ec:b2:5a:95:a2:ee:4a: + b2:c4:45:df:54:12:69:fa:2f:b6:e3:42:8f:da:e9:eb:8b:0a: + 14:fd:c2:da:97:07:fd:31:6f:74:8a:cc:18:43:4c:e6:e3:de: + 91:4b:72:d4:1d:17:51:18:d8:6c:b7:51:e4:ad:e0:f3:45:70: + 98:e7:1a:e5:e6:bc:54:7a:b6:e4:a3:66:0a:e0:7e:2f:71:64: + f9:b8:f6:b9:eb:ca:e4:a9:14:b2:b2:82:39:19:e4:57:76:68: + 66:92:a3:15:e8:83:cb:d7:2c:fb:5e:e7:c3:50:9d:df:a5:dc: + c6:f7:a0:93:e6:ab:bb:f8:8e:85:4c:a2:3a:bd:8c:c7:e8:0d: + 13:df:e8:cb:8c:4a:ef:d6:8c:42:e6:e0:9c:45:60:e3:45:ad: + ad:d9:fb:56:7a:ca:73:2d:87:33:c8:37:b9:f3:9a:a6:c3:c2: + 79:76:29:aa:c7:75:b7:12:fb:14:07:e0:13:48:c1:69:ad:a3: + bd:9f:94:83:46:aa:b3:44:0a:f2:62:bb:55:9a:80:46:fb:86: + af:0d:60:39:7a:ee:dc:ac:15:a2:1f:2b:c2:43:0f:cd:d2:c0: + 49:a9:7f:1e:28:ca:69:91:e0:06:1d:b2:ed:71:02:0a:1f:7b: + 2f:19:8b:fe:5d:b3:b8:dd:a0:ad:0d:c6:75:47:ae:15:8e:d1: + 4f:f3:1c:f3:ee:fe:eb:34:c2:ea:9d:7d:6d:33:00:8a:55:e8: + ef:26:68:a4:91:90:d5:f9:e4:1c:5f:77:14:c8:17:b1:fd:41: + f2:28:74:ca:1a:e4:be:01:26:cf:3d:3b:46:98:6e:25:ee:ab: + 66:75:3d:a5:cf:06:5a:5f:ff:a9:3a:58:de:3d:2f:22:0a:13: + 5a:94:6a:f2:fd:f0:1a:c2:06:c9:96:f1:3a:59:87:50:83:5c: + 57:c3:e4:36:df:7a:0d:02:c3:20:c2:cb:2c:cc:df:46:6c:51: + df:04:11:51:11:ae:81:a3:2a:2e:35:a8:77:1b:37:35:37:54: + ea:3b:c1:46:a7:48:e3:78:40:c3:a2:3a:f7:3e:94:ff:48:4c: + 55:79:ff:84:e5:38:4c:f3:16:82:27:7f:e1:c2:61:96:d3:d3: + c1:94:92:94:8c:3d:3e:34 +-----BEGIN CERTIFICATE----- +MIIDtzCCAZ+gAwIBAgIBITANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyMzMyNVoXDTEw +MDMxNjEyMzMyNVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb +rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li +sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq +j9ppRseS8rO6bJA9cQIDAQABoxMwETAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3 +DQEBBQUAA4ICAQCCQQ0IVokNsLwVboqquYVVLGFPeHxBPdMGADreaRlPskS9/cpC +qu0Sdrtu5/opq+x71ctIiug77zCksZRzg0Mh+R98OMypm6F7uq+WnsTiljlv1eyy +WpWi7kqyxEXfVBJp+i+240KP2unriwoU/cLalwf9MW90iswYQ0zm496RS3LUHRdR +GNhst1HkreDzRXCY5xrl5rxUerbko2YK4H4vcWT5uPa568rkqRSysoI5GeRXdmhm +kqMV6IPL1yz7XufDUJ3fpdzG96CT5qu7+I6FTKI6vYzH6A0T3+jLjErv1oxC5uCc +RWDjRa2t2ftWespzLYczyDe585qmw8J5dimqx3W3EvsUB+ATSMFpraO9n5SDRqqz +RAryYrtVmoBG+4avDWA5eu7crBWiHyvCQw/N0sBJqX8eKMppkeAGHbLtcQIKH3sv +GYv+XbO43aCtDcZ1R64VjtFP8xzz7v7rNMLqnX1tMwCKVejvJmikkZDV+eQcX3cU +yBex/UHyKHTKGuS+ASbPPTtGmG4l7qtmdT2lzwZaX/+pOljePS8iChNalGry/fAa +wgbJlvE6WYdQg1xXw+Q233oNAsMgwssszN9GbFHfBBFREa6BoyouNah3Gzc1N1Tq +O8FGp0jjeEDDojr3PpT/SExVef+E5ThM8xaCJ3/hwmGW09PBlJKUjD0+NA== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/22.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/22.pem new file mode 100644 index 0000000..6ade2c8 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/22.pem @@ -0,0 +1,82 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 34 (0x22) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 16 12:50:36 2009 GMT + Not After : Mar 16 12:50:36 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42: + 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37: + cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be: + ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14: + 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a: + b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51: + ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3: + 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46: + c7:92:f2:b3:ba:6c:90:3d:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + OCSP No Check: + + X509v3 Extended Key Usage: + OCSP Signing + Signature Algorithm: sha1WithRSAEncryption + 01:64:cf:9d:45:b8:8f:e5:96:d2:fe:3f:dc:bc:58:cb:db:6b: + 26:ec:33:9b:84:6a:f8:a9:3e:5a:8a:3b:97:63:db:c8:d1:0c: + 3e:c1:8d:1f:6f:16:20:9a:d9:97:78:2f:7a:4f:d1:49:fa:e0: + 0d:fe:aa:20:d4:97:71:ed:44:63:2d:eb:91:86:83:70:0e:44: + 1d:7c:91:3d:31:11:a8:bb:60:7c:65:71:73:1c:b1:5e:d2:f2: + 11:78:be:3a:90:2d:a4:79:a0:b6:53:33:8e:cb:f4:ee:5e:ce: + 4b:41:19:c5:27:13:f5:fa:09:4c:5d:af:52:59:95:4c:2f:2b: + 3b:24:2c:54:8f:72:2f:86:c7:57:a4:3a:f3:f2:bf:29:60:f5: + f6:31:73:8a:62:2e:83:c5:8c:91:ba:85:ab:e1:b6:5a:fb:50: + fd:e5:3e:96:f7:dd:9b:1d:91:ac:2d:1b:b7:ca:62:c8:f7:a4: + 17:6d:2d:ab:87:4b:69:9e:0f:cc:6a:e4:40:3b:82:64:c7:0d: + 7b:81:56:20:5d:cd:1b:99:2e:35:31:78:4a:e6:d8:aa:8e:42: + 6c:c5:e5:bf:a0:f1:5a:1e:21:6a:c0:cb:85:f1:90:6c:93:53: + 66:a8:62:1e:a7:77:15:1f:de:09:23:13:5f:b8:12:33:31:c1: + 4b:44:3b:e1:c4:3f:6a:f5:98:72:d1:ab:e7:9f:0e:f1:46:19: + 0b:09:f6:bd:f4:fe:e0:1f:9f:ff:5c:3b:69:42:5e:ec:a5:ab: + 85:11:29:23:24:fc:37:ab:4f:b0:9c:a3:2c:5d:84:4d:b3:d9: + fc:a0:87:36:15:22:30:b5:de:f8:27:4e:12:41:11:81:3b:8b: + 2d:d8:34:d5:79:0b:fa:47:54:5b:46:2e:2c:6d:f4:e1:7e:78: + 2d:86:ec:17:5e:29:3a:97:af:7e:0e:df:9a:d2:7d:f0:10:0d: + c0:ac:ce:5c:ae:fe:b4:01:82:cf:5f:f9:be:ba:b2:15:5d:04: + 5a:58:06:92:2a:5f:e3:98:6a:10:da:51:60:30:66:17:cb:ba: + 5b:79:e8:17:63:16:e8:67:40:07:c6:ea:b9:8f:12:d4:31:de: + 95:b8:dd:e6:04:5b:3f:b6:c6:25:7b:23:51:2f:62:c5:5f:f9: + d5:2e:9b:7f:ba:d9:fc:72:6f:3a:2c:b6:1f:98:87:ea:48:df: + 07:97:90:6d:21:48:6b:6a:92:d5:d0:2e:6b:37:56:3e:2a:74: + fa:84:02:57:9c:81:eb:e0:2d:3a:e4:2c:94:15:69:75:65:e0: + d7:b2:d5:a8:94:39:da:21:85:b2:51:bc:c3:b0:da:16:a5:06: + 98:bc:9f:e6:ea:4a:2c:ab +-----BEGIN CERTIFICATE----- +MIIDzDCCAbSgAwIBAgIBIjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyNTAzNloXDTEw +MDMxNjEyNTAzNlowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb +rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li +sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq +j9ppRseS8rO6bJA9cQIDAQABoygwJjAPBgkrBgEFBQcwAQUEAgUAMBMGA1UdJQQM +MAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEBBQUAA4ICAQABZM+dRbiP5ZbS/j/cvFjL +22sm7DObhGr4qT5aijuXY9vI0Qw+wY0fbxYgmtmXeC96T9FJ+uAN/qog1Jdx7URj +LeuRhoNwDkQdfJE9MRGou2B8ZXFzHLFe0vIReL46kC2keaC2UzOOy/TuXs5LQRnF +JxP1+glMXa9SWZVMLys7JCxUj3IvhsdXpDrz8r8pYPX2MXOKYi6DxYyRuoWr4bZa ++1D95T6W992bHZGsLRu3ymLI96QXbS2rh0tpng/MauRAO4Jkxw17gVYgXc0bmS41 +MXhK5tiqjkJsxeW/oPFaHiFqwMuF8ZBsk1NmqGIep3cVH94JIxNfuBIzMcFLRDvh +xD9q9Zhy0avnnw7xRhkLCfa99P7gH5//XDtpQl7spauFESkjJPw3q0+wnKMsXYRN +s9n8oIc2FSIwtd74J04SQRGBO4st2DTVeQv6R1RbRi4sbfThfngthuwXXik6l69+ +Dt+a0n3wEA3ArM5crv60AYLPX/m+urIVXQRaWAaSKl/jmGoQ2lFgMGYXy7pbeegX +YxboZ0AHxuq5jxLUMd6VuN3mBFs/tsYleyNRL2LFX/nVLpt/utn8cm86LLYfmIfq +SN8Hl5BtIUhrapLV0C5rN1Y+KnT6hAJXnIHr4C065CyUFWl1ZeDXstWolDnaIYWy +UbzDsNoWpQaYvJ/m6kosqw== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/23.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/23.pem new file mode 100644 index 0000000..b0f45ad --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/23.pem @@ -0,0 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 35 (0x23) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 16 12:59:02 2009 GMT + Not After : Mar 16 12:59:02 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42: + 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37: + cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be: + ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14: + 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a: + b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51: + ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3: + 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46: + c7:92:f2:b3:ba:6c:90:3d:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + OCSP No Check: + + Signature Algorithm: sha1WithRSAEncryption + 56:3b:b8:5c:63:eb:9d:db:55:cc:00:8e:5b:2b:2b:b1:17:d4: + f0:a4:ca:f7:b9:02:37:ea:2a:ff:df:34:a0:ba:af:a2:47:a5: + 8e:1a:f9:eb:97:51:16:a5:6a:35:20:3f:5a:8a:25:98:00:73: + 3e:b1:c9:1c:9c:a2:12:72:be:3f:ce:e3:7e:09:c0:8c:4a:eb: + 33:4c:77:7c:5c:7c:d7:20:07:a0:9f:48:1d:f9:9a:24:e1:50: + f6:63:c4:6e:70:65:12:51:47:79:c5:0e:d9:c2:c5:f5:69:67: + 34:a5:b9:64:6e:31:ed:76:5b:66:74:41:10:35:58:48:43:e1: + 29:72:25:dd:64:9b:80:03:31:96:a2:d0:75:58:06:66:37:c2: + 86:fb:42:a6:50:3b:8c:22:e0:b9:a7:b5:7d:35:df:5d:58:ca: + f1:e9:be:60:6d:cc:2d:72:d7:c6:c1:8e:48:6f:ed:54:06:fa: + 31:92:c7:34:8a:64:32:82:4b:a9:20:9f:8c:1d:2d:c1:f1:35: + 77:5b:0f:7d:f0:2a:0c:a8:b2:cb:86:ac:cd:9c:5d:91:df:78: + b1:e1:cc:1e:f7:da:7e:3d:01:4a:86:07:86:9f:50:3b:69:91: + cf:3e:22:ec:7a:e3:c8:8f:f8:69:d2:f0:16:de:b6:5c:e4:fa: + 89:1a:de:74:d3:fb:df:16:1d:46:d4:7d:b6:74:8a:eb:fc:bf: + c0:82:3b:1d:c3:af:6f:b5:12:f2:c6:cc:05:47:12:cb:4e:f6: + 48:b9:da:bd:da:b0:dc:3c:a5:83:29:11:7e:66:7f:1e:08:5f: + 7e:90:13:a5:63:c9:76:5e:91:b2:37:3b:ff:e7:8d:07:ab:0c: + 34:57:17:8d:09:92:86:1b:63:68:c1:e3:c8:f1:56:19:46:5b: + a9:1a:13:a2:23:9b:57:2d:92:25:cc:b7:fe:62:1c:80:bb:08: + e4:23:1d:9f:ad:5c:41:6d:27:b2:9d:d6:03:96:c6:22:f1:cb: + 87:04:c7:55:22:4b:88:6c:07:11:e6:d1:ca:0e:2a:5a:a4:9b: + ea:e4:90:ef:e5:ea:ae:a5:db:dd:dd:85:da:a3:80:1a:fb:91: + df:f3:8a:65:35:8f:a8:d4:65:51:b7:f7:f9:fb:b4:97:d8:a2: + 4d:04:4d:f5:89:d2:ed:ee:f4:2e:b4:ba:45:8f:36:1d:20:0a: + 89:c6:aa:be:39:1c:cb:e4:07:a1:d0:0e:c7:8c:b0:70:25:10: + 7e:cb:64:0d:1f:32:5e:b5:7b:c0:d9:15:e4:aa:a5:b3:5f:4a: + 91:0f:b5:b8:9e:a2:6b:f7:d7:73:35:dc:bc:e2:88:6e:b1:79: + 0c:f6:dd:e9:9a:fb:1a:45 +-----BEGIN CERTIFICATE----- +MIIDtzCCAZ+gAwIBAgIBIzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyNTkwMloXDTEw +MDMxNjEyNTkwMlowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb +rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li +sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq +j9ppRseS8rO6bJA9cQIDAQABoxMwETAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3 +DQEBBQUAA4ICAQBWO7hcY+ud21XMAI5bKyuxF9TwpMr3uQI36ir/3zSguq+iR6WO +Gvnrl1EWpWo1ID9aiiWYAHM+sckcnKIScr4/zuN+CcCMSuszTHd8XHzXIAegn0gd ++Zok4VD2Y8RucGUSUUd5xQ7ZwsX1aWc0pblkbjHtdltmdEEQNVhIQ+EpciXdZJuA +AzGWotB1WAZmN8KG+0KmUDuMIuC5p7V9Nd9dWMrx6b5gbcwtctfGwY5Ib+1UBvox +ksc0imQygkupIJ+MHS3B8TV3Ww998CoMqLLLhqzNnF2R33ix4cwe99p+PQFKhgeG +n1A7aZHPPiLseuPIj/hp0vAW3rZc5PqJGt500/vfFh1G1H22dIrr/L/Agjsdw69v +tRLyxswFRxLLTvZIudq92rDcPKWDKRF+Zn8eCF9+kBOlY8l2XpGyNzv/540Hqww0 +VxeNCZKGG2NowePI8VYZRlupGhOiI5tXLZIlzLf+YhyAuwjkIx2frVxBbSeyndYD +lsYi8cuHBMdVIkuIbAcR5tHKDipapJvq5JDv5equpdvd3YXao4Aa+5Hf84plNY+o +1GVRt/f5+7SX2KJNBE31idLt7vQutLpFjzYdIAqJxqq+ORzL5Aeh0A7HjLBwJRB+ +y2QNHzJetXvA2RXkqqWzX0qRD7W4nqJr99dzNdy84ohusXkM9t3pmvsaRQ== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/24.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/24.pem new file mode 100644 index 0000000..74acea7 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/24.pem @@ -0,0 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 36 (0x24) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 16 12:59:24 2009 GMT + Not After : Mar 16 12:59:24 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42: + 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37: + cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be: + ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14: + 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a: + b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51: + ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3: + 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46: + c7:92:f2:b3:ba:6c:90:3d:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + OCSP No Check: + + Signature Algorithm: sha1WithRSAEncryption + 5c:26:43:01:d9:b4:43:ff:e0:3f:49:67:cd:a3:ea:1c:b3:75: + f9:12:d8:c8:0b:96:65:a5:bd:db:15:3c:d6:18:2c:00:59:2d: + 1c:17:a6:74:8d:48:03:70:9c:c9:70:00:74:81:0b:b6:5d:c3: + cf:41:ed:1b:1a:06:89:f7:e3:b0:61:33:bf:b9:9b:11:68:bb: + 30:50:c2:f5:13:40:84:42:b8:7d:9e:cb:03:03:8f:5c:7b:44: + 23:dc:e3:ed:dc:09:c6:d4:aa:23:19:50:bc:6c:2a:a9:f9:3b: + 55:e7:3d:34:aa:6e:96:7a:a5:72:95:9e:42:21:05:ca:98:1d: + 06:80:55:8e:b8:eb:d7:56:12:f9:84:c3:c9:2e:73:eb:fa:5b: + 15:f4:11:a5:95:b5:52:90:52:c7:0e:8c:7a:5d:30:34:2e:4b: + ca:98:91:19:cc:3b:88:5f:18:85:8f:0d:31:97:ee:2d:7c:d4: + 95:ea:b1:03:15:7d:f6:0a:64:bd:8f:b4:fd:7e:51:91:c2:6d: + 13:51:7c:0f:d8:6d:6e:a8:56:3a:73:a2:d9:9a:37:19:ce:31: + 8f:a2:b7:39:c9:5e:f0:8b:7d:fe:e4:19:9d:49:11:86:1c:d6: + 04:00:84:53:62:ee:94:f9:7c:b3:2d:db:5a:3c:3d:ce:e9:5f: + 76:52:c5:b8:b6:2b:02:52:8a:b2:5f:99:00:9b:12:36:77:d4: + 38:ad:8f:34:b3:7e:2b:6d:cf:34:7b:f3:62:79:4b:da:8f:54: + bd:cb:f9:d8:10:71:d7:dc:37:34:f9:2c:33:b9:33:b0:38:f8: + ec:6c:70:61:ad:37:92:28:71:a5:fe:08:54:9f:1d:6f:ba:28: + 1d:6b:a8:35:a4:09:06:73:b8:38:a4:32:48:a9:4b:a9:7c:32: + 0c:18:bd:4b:8f:e0:b6:d7:83:30:89:df:d2:da:5a:f6:5b:fa: + 84:5c:32:bf:1d:6d:1d:9e:d5:a9:a2:75:88:3d:4a:15:d8:cb: + 41:7d:ec:94:f1:18:f6:9f:7f:c6:75:1f:77:02:2f:7b:30:1e: + 56:b6:bd:b1:c6:d9:e9:44:71:bb:1c:74:a0:17:1a:da:10:4e: + 22:f1:e0:13:6e:ec:56:61:18:72:fe:81:a6:2d:47:c3:90:9a: + 3a:4d:06:97:9a:22:ef:f4:7c:37:d9:64:3b:6c:15:9f:fd:77: + cc:a9:77:ff:6a:7e:dd:06:0d:43:c5:a6:37:39:df:4d:a5:80: + ac:5d:f8:d5:7c:ca:90:a3:58:2b:b6:ea:ed:f1:c3:91:15:28: + e3:5e:c0:fb:f9:6e:18:de:63:df:43:a5:d3:8f:ae:4e:44:3c: + 4c:6c:92:40:1f:bd:d1:6a +-----BEGIN CERTIFICATE----- +MIIDtzCCAZ+gAwIBAgIBJDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyNTkyNFoXDTEw +MDMxNjEyNTkyNFowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb +rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li +sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq +j9ppRseS8rO6bJA9cQIDAQABoxMwETAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3 +DQEBBQUAA4ICAQBcJkMB2bRD/+A/SWfNo+ocs3X5EtjIC5Zlpb3bFTzWGCwAWS0c +F6Z0jUgDcJzJcAB0gQu2XcPPQe0bGgaJ9+OwYTO/uZsRaLswUML1E0CEQrh9nssD +A49ce0Qj3OPt3AnG1KojGVC8bCqp+TtV5z00qm6WeqVylZ5CIQXKmB0GgFWOuOvX +VhL5hMPJLnPr+lsV9BGllbVSkFLHDox6XTA0LkvKmJEZzDuIXxiFjw0xl+4tfNSV +6rEDFX32CmS9j7T9flGRwm0TUXwP2G1uqFY6c6LZmjcZzjGPorc5yV7wi33+5Bmd +SRGGHNYEAIRTYu6U+XyzLdtaPD3O6V92UsW4tisCUoqyX5kAmxI2d9Q4rY80s34r +bc80e/NieUvaj1S9y/nYEHHX3Dc0+SwzuTOwOPjsbHBhrTeSKHGl/ghUnx1vuigd +a6g1pAkGc7g4pDJIqUupfDIMGL1Lj+C214Mwid/S2lr2W/qEXDK/HW0dntWponWI +PUoV2MtBfeyU8Rj2n3/GdR93Ai97MB5Wtr2xxtnpRHG7HHSgFxraEE4i8eATbuxW +YRhy/oGmLUfDkJo6TQaXmiLv9Hw32WQ7bBWf/XfMqXf/an7dBg1DxaY3Od9NpYCs +XfjVfMqQo1grturt8cORFSjjXsD7+W4Y3mPfQ6XTj65ORDxMbJJAH73Rag== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/25.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/25.pem new file mode 100644 index 0000000..3b5a187 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/25.pem @@ -0,0 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 37 (0x25) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 16 12:59:41 2009 GMT + Not After : Mar 16 12:59:41 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42: + 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37: + cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be: + ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14: + 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a: + b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51: + ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3: + 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46: + c7:92:f2:b3:ba:6c:90:3d:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + OCSP No Check: + + Signature Algorithm: sha1WithRSAEncryption + 26:92:48:59:3d:33:df:db:c5:57:57:5a:6e:1d:b0:33:bc:83: + c5:27:d8:97:dc:a7:96:24:19:d8:58:8b:7d:9b:e7:80:89:6a: + e2:7c:fe:68:6e:11:3d:83:40:65:01:f1:44:58:20:9a:3b:14: + c6:66:ed:1b:e4:86:46:fb:81:6b:b1:9d:0c:4a:0b:5d:90:c6: + d0:08:0a:3d:b2:45:31:a1:aa:0f:e9:be:f2:5f:03:31:70:10: + 55:c8:6e:d8:df:ca:9b:3e:77:f5:c5:c0:87:e0:8e:f2:16:c2: + d5:35:a9:e6:c6:e7:15:e7:4d:db:f2:bd:01:8f:23:59:2b:36: + 5e:97:80:ec:02:47:60:a6:9f:a3:57:b8:d4:ef:81:9f:6b:c8: + 58:65:43:8a:47:c1:8d:1c:20:e5:1e:e1:ce:89:72:60:ec:63: + c2:96:11:0e:be:98:d3:8f:85:b7:33:28:fb:d5:57:4e:96:3f: + 2b:1c:d6:65:e7:ad:82:67:d8:ca:82:be:a7:74:7b:87:02:8b: + de:70:aa:d3:77:e7:6d:e4:97:02:24:07:ea:03:40:de:16:de: + 94:0c:7e:d9:f3:cc:37:ac:b9:39:ee:ea:b5:4b:ee:21:00:9c: + 0a:54:cf:bd:35:dd:92:71:8b:98:4d:9b:f9:4e:40:b1:d2:bb: + 9c:5c:98:53:dc:7f:13:e5:c6:21:b8:c5:42:81:f0:10:bc:a6: + 0d:b7:53:9b:38:67:82:85:2d:bd:87:20:f6:e0:4c:06:a0:b8: + 30:a6:74:b2:ee:43:31:95:53:02:ad:c0:88:83:d0:70:d1:af: + b4:97:66:d1:00:c9:c5:d2:a7:d1:be:b1:fb:1b:75:86:a1:ef: + 0d:c2:78:77:ae:d5:aa:e9:2c:66:80:f7:04:7c:b9:f5:cd:32: + cf:c2:a2:11:9f:34:39:ec:ee:e0:fe:80:c4:34:24:c3:1c:43: + 3b:44:d2:55:44:55:28:ef:38:bd:07:37:ad:fd:92:2e:1b:96: + 0d:0a:08:84:a6:74:4c:c3:99:0b:11:36:4e:04:47:6a:82:b3: + 45:c7:73:7c:9e:9f:a3:46:c2:b5:26:21:21:8d:04:31:79:db: + b6:71:b0:1b:7f:3c:9b:eb:07:cc:0d:c2:44:20:48:91:1d:b3: + 2a:34:4f:b9:f3:4e:6f:86:46:83:3c:56:ab:87:8f:bf:e6:15: + 60:4d:d3:d9:56:0e:9c:eb:86:ea:df:2d:1c:5e:9b:c7:38:ec: + c5:db:22:b7:92:55:2b:ba:3e:3f:da:09:5e:82:ab:9a:fe:bb: + 2b:ac:11:f3:b9:d8:8f:aa:35:66:d3:cd:bc:5b:69:11:e6:06: + 31:92:07:a2:3f:86:26:43 +-----BEGIN CERTIFICATE----- +MIIDtzCCAZ+gAwIBAgIBJTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjEyNTk0MVoXDTEw +MDMxNjEyNTk0MVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb +rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li +sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq +j9ppRseS8rO6bJA9cQIDAQABoxMwETAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3 +DQEBBQUAA4ICAQAmkkhZPTPf28VXV1puHbAzvIPFJ9iX3KeWJBnYWIt9m+eAiWri +fP5obhE9g0BlAfFEWCCaOxTGZu0b5IZG+4FrsZ0MSgtdkMbQCAo9skUxoaoP6b7y +XwMxcBBVyG7Y38qbPnf1xcCH4I7yFsLVNanmxucV503b8r0BjyNZKzZel4DsAkdg +pp+jV7jU74Gfa8hYZUOKR8GNHCDlHuHOiXJg7GPClhEOvpjTj4W3Myj71VdOlj8r +HNZl562CZ9jKgr6ndHuHAovecKrTd+dt5JcCJAfqA0DeFt6UDH7Z88w3rLk57uq1 +S+4hAJwKVM+9Nd2ScYuYTZv5TkCx0rucXJhT3H8T5cYhuMVCgfAQvKYNt1ObOGeC +hS29hyD24EwGoLgwpnSy7kMxlVMCrcCIg9Bw0a+0l2bRAMnF0qfRvrH7G3WGoe8N +wnh3rtWq6SxmgPcEfLn1zTLPwqIRnzQ57O7g/oDENCTDHEM7RNJVRFUo7zi9Bzet +/ZIuG5YNCgiEpnRMw5kLETZOBEdqgrNFx3N8np+jRsK1JiEhjQQxedu2cbAbfzyb +6wfMDcJEIEiRHbMqNE+5805vhkaDPFarh4+/5hVgTdPZVg6c64bq3y0cXpvHOOzF +2yK3klUruj4/2glegqua/rsrrBHzudiPqjVm0828W2kR5gYxkgeiP4YmQw== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/26.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/26.pem new file mode 100644 index 0000000..b0ec9fc --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/26.pem @@ -0,0 +1,80 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 38 (0x26) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 16 14:04:29 2009 GMT + Not After : Mar 16 14:04:29 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Responder certificate with nocheck ext. field + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c3:69:f4:12:34:1b:04:51:33:26:84:9e:5a:fe: + 2b:d7:d8:eb:6a:14:af:e5:58:68:a5:71:e4:5e:8a: + 55:dc:69:71:14:3f:16:48:b1:52:ee:22:05:fd:2a: + e7:6e:ce:f1:24:49:f0:06:3d:f5:ed:6c:ed:26:11: + 93:93:4e:08:05:91:26:b9:22:e8:77:8b:6f:50:a5: + db:14:28:2c:c2:94:86:d2:64:11:0e:8a:51:eb:54: + 3b:5a:1f:70:0a:b2:5c:e2:b2:62:99:30:7c:8c:71: + f6:08:28:4f:d9:38:38:38:f3:82:cd:3a:ed:57:5c: + c9:d2:bc:47:fa:96:24:2e:d5 + Exponent: 65537 (0x10001) + X509v3 extensions: + OCSP No Check: + + Signature Algorithm: sha1WithRSAEncryption + 41:77:99:bc:20:b3:78:98:b9:5c:ce:5b:21:0c:27:40:77:3c: + 98:1e:f0:b6:2e:5f:70:f1:80:b1:bc:7b:fb:02:4d:86:a8:e9: + 0c:fb:d9:ec:f4:f6:bb:33:8b:f4:f4:6d:21:f7:08:5a:aa:5c: + ab:bf:05:c6:7f:4f:65:b7:c9:85:77:35:67:37:f9:a3:78:d8: + 7c:40:ca:2d:f6:17:f0:14:47:78:82:3b:ed:58:0b:b1:2d:69: + 47:ee:39:35:17:04:94:2a:d6:57:d7:85:4b:76:a7:bc:38:31: + 7f:a2:65:fe:e5:f5:7c:de:61:ee:ef:58:06:a1:3f:c1:49:cf: + e6:83:94:6a:42:d3:c4:f8:d7:51:2d:7c:1c:1e:3c:43:77:6b: + c9:64:aa:ca:30:94:ec:05:84:0e:54:6d:1d:95:74:82:88:90: + 45:f9:25:83:23:2c:51:98:2e:91:6d:06:77:19:97:58:88:54: + 5c:99:e3:71:c2:97:93:b5:5d:d2:c7:58:a7:f7:ec:b2:18:b1: + d5:b7:13:59:9f:d9:cf:5c:b2:48:a9:55:ec:25:2c:67:e2:f4: + b1:12:7f:18:a7:35:28:c3:fd:29:d2:84:f5:91:4e:57:a4:27: + 42:37:a2:2d:ea:ae:a1:c8:c3:0a:b5:ee:60:b0:c3:6e:df:e3: + 0c:33:65:06:21:89:51:83:7a:24:4a:e8:79:48:1d:a5:d4:35: + dd:3f:c8:46:9b:77:8f:3e:28:26:a2:08:aa:72:9d:a4:12:05: + ae:5b:2c:e9:28:3d:6d:87:0c:ed:c1:74:19:c9:c5:67:34:bf: + 6e:cb:9f:3c:2e:12:b2:57:80:b3:bd:97:8d:16:ba:2a:7f:28: + 9d:66:6f:78:c4:a3:26:81:07:68:3f:8c:ca:08:cc:3a:0e:de: + 0d:6d:c6:c8:c9:9e:b0:a0:aa:89:b9:a3:96:a8:31:65:2b:bf: + fe:01:b9:26:9e:27:31:b6:c9:28:a9:f3:0c:bd:26:c5:b2:8d: + 35:9b:50:6e:e0:38:76:2f:7a:44:a2:7d:54:c5:fa:bf:0b:d8: + 0c:ae:97:ed:64:b9:0d:42:07:87:4b:e7:f2:bb:77:1e:19:61: + 47:3d:7b:bc:a7:9b:b7:d1:d9:2a:de:ec:f8:6d:f2:0b:1e:21: + 2f:8b:9b:6e:67:07:06:df:fb:30:83:4f:67:7d:d2:b0:9a:2c: + 0d:06:d0:9e:08:51:f2:e4:3f:56:ff:ec:32:d6:08:52:3e:00: + 16:b1:8c:8a:8d:01:3f:12:6b:df:53:e8:2d:1d:4c:e5:72:86: + 96:cf:2b:40:d7:2f:d0:e7:9f:ce:19:a1:65:30:cd:1a:82:fa: + 5a:c5:2d:a0:0a:5f:18:2a +-----BEGIN CERTIFICATE----- +MIID1jCCAb6gAwIBAgIBJjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjE0MDQyOVoXDTEw +MDMxNjE0MDQyOVowcjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xNjA0BgNVBAMTLVJlc3BvbmRlciBjZXJ0 +aWZpY2F0ZSB3aXRoIG5vY2hlY2sgZXh0LiBmaWVsZDCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAw2n0EjQbBFEzJoSeWv4r19jrahSv5VhopXHkXopV3GlxFD8W +SLFS7iIF/Srnbs7xJEnwBj317WztJhGTk04IBZEmuSLod4tvUKXbFCgswpSG0mQR +DopR61Q7Wh9wCrJc4rJimTB8jHH2CChP2Tg4OPOCzTrtV1zJ0rxH+pYkLtUCAwEA +AaMTMBEwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQUFAAOCAgEAQXeZvCCz +eJi5XM5bIQwnQHc8mB7wti5fcPGAsbx7+wJNhqjpDPvZ7PT2uzOL9PRtIfcIWqpc +q78Fxn9PZbfJhXc1Zzf5o3jYfEDKLfYX8BRHeII77VgLsS1pR+45NRcElCrWV9eF +S3anvDgxf6Jl/uX1fN5h7u9YBqE/wUnP5oOUakLTxPjXUS18HB48Q3dryWSqyjCU +7AWEDlRtHZV0goiQRfklgyMsUZgukW0GdxmXWIhUXJnjccKXk7Vd0sdYp/fsshix +1bcTWZ/Zz1yySKlV7CUsZ+L0sRJ/GKc1KMP9KdKE9ZFOV6QnQjeiLequocjDCrXu +YLDDbt/jDDNlBiGJUYN6JEroeUgdpdQ13T/IRpt3jz4oJqIIqnKdpBIFrlss6Sg9 +bYcM7cF0GcnFZzS/bsufPC4SsleAs72XjRa6Kn8onWZveMSjJoEHaD+MygjMOg7e +DW3GyMmesKCqibmjlqgxZSu//gG5Jp4nMbbJKKnzDL0mxbKNNZtQbuA4di96RKJ9 +VMX6vwvYDK6X7WS5DUIHh0vn8rt3HhlhRz17vKebt9HZKt7s+G3yCx4hL4ubbmcH +Bt/7MINPZ33SsJosDQbQnghR8uQ/Vv/sMtYIUj4AFrGMio0BPxJr31PoLR1M5XKG +ls8rQNcv0OefzhmhZTDNGoL6WsUtoApfGCo= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/27.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/27.pem new file mode 100644 index 0000000..6b31eed --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/27.pem @@ -0,0 +1,80 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 39 (0x27) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 16 23:06:11 2009 GMT + Not After : Mar 14 23:06:11 2019 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Responder certificate with nocheck ext. field + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c3:69:f4:12:34:1b:04:51:33:26:84:9e:5a:fe: + 2b:d7:d8:eb:6a:14:af:e5:58:68:a5:71:e4:5e:8a: + 55:dc:69:71:14:3f:16:48:b1:52:ee:22:05:fd:2a: + e7:6e:ce:f1:24:49:f0:06:3d:f5:ed:6c:ed:26:11: + 93:93:4e:08:05:91:26:b9:22:e8:77:8b:6f:50:a5: + db:14:28:2c:c2:94:86:d2:64:11:0e:8a:51:eb:54: + 3b:5a:1f:70:0a:b2:5c:e2:b2:62:99:30:7c:8c:71: + f6:08:28:4f:d9:38:38:38:f3:82:cd:3a:ed:57:5c: + c9:d2:bc:47:fa:96:24:2e:d5 + Exponent: 65537 (0x10001) + X509v3 extensions: + OCSP No Check: + + Signature Algorithm: sha1WithRSAEncryption + 69:71:40:12:af:e4:be:42:52:ff:7a:a8:bf:e3:41:f2:2b:75: + 0d:22:10:e8:d6:1e:d3:c0:bb:90:7f:76:46:92:a9:63:2b:50: + 74:c8:73:c4:7b:0e:a0:b7:ed:5c:20:06:18:64:1b:7b:82:21: + a7:82:bc:c0:33:53:8b:5f:68:c7:de:5f:95:31:52:93:5d:0f: + 78:4c:ff:50:2f:e0:57:ba:f5:49:cb:94:ba:34:85:e9:f1:10: + 76:27:66:6d:d6:46:f6:9d:51:2d:04:96:b5:78:f7:c6:1b:25: + b4:0a:e7:89:f4:9f:a5:33:92:51:00:86:97:0f:47:cc:3a:8d: + 5e:3a:c2:ad:51:48:7e:7a:03:7a:d1:a7:6d:14:8a:64:f9:5a: + e1:1c:cb:82:e1:42:f3:8c:dc:87:8e:9b:c8:e4:68:3c:26:eb: + 0a:19:c8:1c:71:88:7e:c9:66:f7:fe:1a:ee:3a:52:1b:54:60: + 95:e8:37:e6:0d:b3:8b:bf:02:07:e7:f8:16:64:f9:34:50:8c: + bd:54:e5:d1:0b:a8:5f:59:79:de:2a:ea:44:92:be:3e:b2:0d: + cd:fa:df:d3:93:10:c9:ef:40:d3:31:a7:06:e3:39:15:68:5d: + d7:94:4f:96:69:8e:13:8d:f3:fb:79:eb:33:50:1e:af:fa:c3: + d8:81:47:1b:89:05:39:62:ea:c4:ef:f7:15:29:e2:43:f2:66: + 93:51:20:12:10:17:c9:c7:f3:7c:e0:fd:59:dc:38:ca:b2:f5: + fd:fe:5d:f8:9a:83:70:72:b9:e1:6b:a6:60:db:9d:a3:58:3e: + 5e:73:a4:ce:18:12:ba:dc:56:72:f8:b4:d8:4c:e8:d9:9c:5e: + cf:d1:76:56:7e:2e:33:9d:1a:80:eb:dd:7c:69:c0:9c:d3:5c: + 5c:d3:a2:89:7c:44:87:66:10:6e:f9:90:b6:72:58:90:77:48: + ea:56:25:52:e3:c6:bd:3c:95:99:ae:fd:2a:f7:b2:1f:87:bc: + af:93:ba:2d:0f:1a:ff:7e:90:3b:ae:63:96:9e:68:97:32:16: + ed:b8:ce:7d:48:f2:b9:83:fc:24:dc:34:1a:34:a4:19:80:78: + ec:b2:6c:a0:e8:15:37:1e:8d:fa:b9:62:a2:25:5d:d3:14:50: + f6:68:4b:09:b3:12:ac:cc:63:bb:2b:e6:2a:33:ee:c7:1c:c6: + 64:14:47:e2:c3:29:26:ba:f9:e8:2e:34:c1:cc:9e:3b:2d:57: + cd:f7:fe:fb:d8:13:65:5c:42:a8:71:61:df:d7:ae:16:71:7f: + fd:fb:66:d6:a2:92:52:e9:cb:65:03:7d:13:8c:bc:d4:5a:1a: + c0:55:0d:5f:1c:85:a0:1e +-----BEGIN CERTIFICATE----- +MIID1jCCAb6gAwIBAgIBJzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjIzMDYxMVoXDTE5 +MDMxNDIzMDYxMVowcjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xNjA0BgNVBAMTLVJlc3BvbmRlciBjZXJ0 +aWZpY2F0ZSB3aXRoIG5vY2hlY2sgZXh0LiBmaWVsZDCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAw2n0EjQbBFEzJoSeWv4r19jrahSv5VhopXHkXopV3GlxFD8W +SLFS7iIF/Srnbs7xJEnwBj317WztJhGTk04IBZEmuSLod4tvUKXbFCgswpSG0mQR +DopR61Q7Wh9wCrJc4rJimTB8jHH2CChP2Tg4OPOCzTrtV1zJ0rxH+pYkLtUCAwEA +AaMTMBEwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQUFAAOCAgEAaXFAEq/k +vkJS/3qov+NB8it1DSIQ6NYe08C7kH92RpKpYytQdMhzxHsOoLftXCAGGGQbe4Ih +p4K8wDNTi19ox95flTFSk10PeEz/UC/gV7r1ScuUujSF6fEQdidmbdZG9p1RLQSW +tXj3xhsltArnifSfpTOSUQCGlw9HzDqNXjrCrVFIfnoDetGnbRSKZPla4RzLguFC +84zch46byORoPCbrChnIHHGIfslm9/4a7jpSG1Rgleg35g2zi78CB+f4FmT5NFCM +vVTl0QuoX1l53irqRJK+PrINzfrf05MQye9A0zGnBuM5FWhd15RPlmmOE43z+3nr +M1Aer/rD2IFHG4kFOWLqxO/3FSniQ/Jmk1EgEhAXycfzfOD9Wdw4yrL1/f5d+JqD +cHK54WumYNudo1g+XnOkzhgSutxWcvi02Ezo2Zxez9F2Vn4uM50agOvdfGnAnNNc +XNOiiXxEh2YQbvmQtnJYkHdI6lYlUuPGvTyVma79KveyH4e8r5O6LQ8a/36QO65j +lp5olzIW7bjOfUjyuYP8JNw0GjSkGYB47LJsoOgVNx6N+rlioiVd0xRQ9mhLCbMS +rMxjuyvmKjPuxxzGZBRH4sMpJrr56C40wcyeOy1Xzff++9gTZVxCqHFh39euFnF/ +/ftm1qKSUunLZQN9E4y81FoawFUNXxyFoB4= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/28.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/28.pem new file mode 100644 index 0000000..892ac97 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/28.pem @@ -0,0 +1,82 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 40 (0x28) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 16 23:08:54 2009 GMT + Not After : Mar 14 23:08:54 2019 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder's certificate with delegation + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:d0:8a:8e:73:c5:57:a8:03:b0:2c:1f:05:05:36: + 1b:90:89:db:48:b2:cd:e8:ea:02:95:d8:30:c3:c6: + 3e:6a:8c:19:70:0c:a7:cb:a6:07:df:ec:42:c9:dc: + 18:cf:ef:73:cd:d1:eb:51:c0:bd:0e:51:63:6f:a3: + ce:26:a0:02:da:32:a3:65:36:ad:42:02:85:9b:df: + 9e:0a:51:41:93:f9:02:ff:f0:63:be:38:2e:b9:d9: + 07:db:3c:81:23:4f:2a:0d:24:50:6e:e2:ef:59:f4: + 91:3a:fb:fd:55:19:4b:49:71:08:bd:f9:2d:ea:64: + 82:f6:1a:ca:46:60:ac:de:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + OCSP Signing + OCSP No Check: + + Signature Algorithm: sha1WithRSAEncryption + 05:a1:04:c7:55:71:a8:52:04:d6:60:f3:37:08:15:50:86:71: + bf:8e:9e:9b:60:50:6e:57:1e:b1:30:3a:e0:8a:e0:74:90:c0: + be:97:78:f1:8b:52:f3:6b:e6:45:38:a5:7b:e2:47:2d:5c:80: + 15:e7:74:b2:b1:66:db:eb:96:67:7c:01:8b:5e:c1:c2:59:33: + 2e:62:a9:a3:7f:c7:b8:07:ee:27:22:83:11:e3:e9:b9:59:a5: + 1f:27:1f:6f:b9:34:c5:c2:ae:d5:cd:59:59:28:05:78:ff:0f: + 18:6a:c8:22:5b:40:06:0b:a9:ee:8c:e5:44:04:59:a0:f2:42: + e8:52:a4:ec:45:78:1e:b4:cf:02:e5:b5:31:d2:f4:93:15:58: + bc:02:a6:b0:01:5a:d9:72:eb:80:64:e9:f1:d5:38:69:f4:1a: + 4d:7c:78:d7:ba:9e:ca:41:22:a6:09:c2:7e:fe:90:20:7f:72: + ae:ca:76:30:39:e5:1e:70:63:bc:68:e4:ee:0f:e7:7a:b0:cf: + c4:70:26:b8:dd:4e:9f:9f:75:11:05:be:d8:17:95:c1:75:ac: + e6:91:f7:b8:8e:93:f3:45:c1:9d:10:10:71:69:92:6d:f1:b8: + 73:18:ed:02:84:6d:ab:6c:cc:91:be:ac:3c:61:39:48:74:e2: + 27:b9:16:5e:02:6c:c4:1b:35:a2:68:24:44:5c:4e:37:58:6d: + f3:a4:e9:6a:d9:56:92:6d:05:6e:e1:f3:f5:7b:11:40:4b:2b: + 13:32:e5:18:5b:62:64:1a:17:9f:91:fd:0c:95:54:02:09:6f: + 48:ea:c8:ae:7e:24:bb:a8:b1:33:c8:98:50:90:8d:b2:5b:21: + 1e:af:d2:78:ae:87:a7:32:82:3d:aa:9d:66:0d:92:59:02:8c: + 3f:73:43:76:74:58:f9:95:fd:5c:90:31:d7:c7:7a:2a:fb:e0: + bb:b8:50:62:3c:44:09:34:dd:68:10:11:be:c6:c3:65:a4:e8: + e3:9d:0f:59:a2:a7:e5:d5:97:8b:48:a0:d4:30:31:aa:9e:4b: + e2:30:ed:06:72:c8:97:0d:6a:70:a8:c9:ca:9c:d4:f1:57:0b: + bf:24:43:7e:b7:a1:a5:91:af:ac:ae:f5:c6:8b:ef:aa:61:e5: + c4:7d:37:31:a0:5f:e9:45:9d:d8:08:b9:15:da:16:2a:16:77: + c7:82:0e:02:6e:9b:ec:25:f3:8f:8d:11:41:0b:56:a9:7b:1d: + 0f:f3:be:fa:46:ee:cb:80:3b:09:1f:85:90:70:ed:1d:e3:65: + f4:81:3f:ef:86:32:6c:9c:b0:35:e2:73:41:fb:0c:0c:2d:2d: + cb:45:0e:73:d3:39:98:36 +-----BEGIN CERTIFICATE----- +MIID6jCCAdKgAwIBAgIBKDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjIzMDg1NFoXDTE5 +MDMxNDIzMDg1NFowcTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xNTAzBgNVBAMTLE9DU1AgUmVzcG9uZGVy +J3MgY2VydGlmaWNhdGUgd2l0aCBkZWxlZ2F0aW9uMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDQio5zxVeoA7AsHwUFNhuQidtIss3o6gKV2DDDxj5qjBlwDKfL +pgff7ELJ3BjP73PN0etRwL0OUWNvo84moALaMqNlNq1CAoWb354KUUGT+QL/8GO+ +OC652QfbPIEjTyoNJFBu4u9Z9JE6+/1VGUtJcQi9+S3qZIL2GspGYKze5QIDAQAB +oygwJjATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcwAQUEAgUAMA0GCSqG +SIb3DQEBBQUAA4ICAQAFoQTHVXGoUgTWYPM3CBVQhnG/jp6bYFBuVx6xMDrgiuB0 +kMC+l3jxi1Lza+ZFOKV74kctXIAV53SysWbb65ZnfAGLXsHCWTMuYqmjf8e4B+4n +IoMR4+m5WaUfJx9vuTTFwq7VzVlZKAV4/w8YasgiW0AGC6nujOVEBFmg8kLoUqTs +RXgetM8C5bUx0vSTFVi8AqawAVrZcuuAZOnx1Thp9BpNfHjXup7KQSKmCcJ+/pAg +f3KuynYwOeUecGO8aOTuD+d6sM/EcCa43U6fn3URBb7YF5XBdazmkfe4jpPzRcGd +EBBxaZJt8bhzGO0ChG2rbMyRvqw8YTlIdOInuRZeAmzEGzWiaCREXE43WG3zpOlq +2VaSbQVu4fP1exFASysTMuUYW2JkGhefkf0MlVQCCW9I6siufiS7qLEzyJhQkI2y +WyEer9J4roenMoI9qp1mDZJZAow/c0N2dFj5lf1ckDHXx3oq++C7uFBiPEQJNN1o +EBG+xsNlpOjjnQ9Zoqfl1ZeLSKDUMDGqnkviMO0GcsiXDWpwqMnKnNTxVwu/JEN+ +t6Glka+srvXGi++qYeXEfTcxoF/pRZ3YCLkV2hYqFnfHgg4CbpvsJfOPjRFBC1ap +ex0P8776Ru7LgDsJH4WQcO0d42X0gT/vhjJsnLA14nNB+wwMLS3LRQ5z0zmYNg== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/29.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/29.pem new file mode 100644 index 0000000..d3d25a0 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/29.pem @@ -0,0 +1,82 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 41 (0x29) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 16 23:32:11 2009 GMT + Not After : Mar 14 23:32:11 2019 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Seventh OCSP Client certificate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:ab:f9:60:ff:9d:55:0f:31:12:2c:f2:df:64:22: + fb:c0:97:1d:e4:13:fb:d7:15:37:5d:b9:2d:97:37: + c4:e8:34:cb:00:85:22:4d:8a:85:80:a1:ae:90:5e: + 71:bf:6d:0d:a3:c3:8d:ce:47:58:60:25:bb:9c:95: + 0a:0b:cd:23:01:ae:18:be:d5:65:bd:8b:55:bf:ee: + 59:8a:db:20:bd:f9:f3:ac:53:2e:09:99:fb:27:7d: + 23:8b:f6:96:d9:41:37:0a:43:16:1f:f9:5d:84:b3: + 3b:79:45:ff:dd:b2:35:99:c0:db:85:24:22:a8:7e: + ff:e0:8b:f2:d8:ca:3e:ae:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + Authority Information Access: + OCSP - URI:http://127.0.0.1:86/0008 + + Signature Algorithm: sha1WithRSAEncryption + 08:02:c2:09:8a:f6:f1:d7:9e:d3:30:dc:ce:97:fc:84:bd:5b: + ae:60:39:82:0a:06:38:43:1e:55:de:83:11:d3:12:e0:81:76: + fd:5c:6e:9e:30:73:6d:8f:b2:32:a6:60:24:24:ee:e3:fd:73: + 10:12:e6:c7:23:6b:1f:4e:b5:52:e3:12:09:ee:dd:19:d2:b4: + a6:34:e6:14:3c:79:58:95:4b:25:e3:f6:97:d2:cc:20:93:48: + 1f:d5:2f:37:db:15:bf:f4:71:ad:04:bd:95:80:57:a5:49:bb: + aa:ca:f3:ff:af:62:dd:f9:94:75:38:59:6c:74:ef:ac:1e:19: + 60:6d:4b:be:f7:62:2f:c6:68:b9:c4:fc:8a:fd:9f:b2:4d:44: + 87:12:51:6e:7d:5f:41:2c:ea:e6:9c:3c:bd:cf:dc:aa:14:b2: + 34:16:e0:38:b3:8c:f4:d7:68:1f:6c:cc:3c:da:30:32:8e:58: + 5b:9a:bf:75:7a:38:a3:cf:60:6f:74:cc:a6:c1:55:f6:96:84: + 98:04:db:b1:07:d6:f6:06:11:af:c2:fb:81:a4:77:04:4d:55: + 9d:c4:28:d4:3c:d0:97:a0:f8:d4:18:59:cc:23:3a:b3:c0:82: + ad:1d:e2:4c:e4:da:24:73:cd:77:ab:db:22:07:94:d1:16:26: + 27:82:e2:d5:82:f9:e1:29:fb:8f:9e:88:a2:1b:5c:8b:31:3c: + c6:1c:ae:16:31:28:f8:e2:5c:9d:e9:e8:d7:d9:fe:0a:39:3f: + fa:65:20:53:5e:20:32:4b:b8:a8:4b:a8:b8:e8:f1:3f:0a:80: + 7d:b4:8c:1b:e6:54:d3:02:d6:56:a3:a6:4e:87:9a:51:ed:0d: + 52:9b:e1:66:c8:64:c8:95:55:08:aa:f9:c0:9d:5a:89:03:21: + 6b:29:96:f8:42:64:6a:3f:d5:92:d5:13:00:6c:89:38:ea:01: + 0d:28:3b:a0:12:e1:cf:cf:fd:10:5e:a3:9b:67:0b:3e:a7:17: + 7a:de:76:25:26:54:db:0f:a8:f9:e9:50:f0:1e:9a:0d:ad:d6: + ad:63:32:be:c0:bb:7a:66:be:c9:d3:f2:1e:48:c3:f5:2b:15: + 4d:39:cc:88:32:65:97:99:01:41:12:07:4e:d7:1d:af:fa:46: + 29:93:02:70:ed:df:89:a3:d5:50:1c:07:ed:df:f8:5c:d6:11: + c6:1a:32:e6:2b:e7:49:d8:82:16:dd:41:5d:13:9c:a0:00:68: + 82:54:f8:5e:2a:81:3e:fe:0b:bf:6e:de:e2:b4:4f:09:31:74: + 4d:6a:2d:b7:a9:0a:54:f4:a7:1f:63:8a:6e:73:bc:e3:38:9e: + b8:26:e5:f6:8a:dd:ad:14 +-----BEGIN CERTIFICATE----- +MIID7TCCAdWgAwIBAgIBKTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjIzMzIxMVoXDTE5 +MDMxNDIzMzIxMVowZDELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xKDAmBgNVBAMTH1NldmVudGggT0NTUCBD +bGllbnQgY2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKv5 +YP+dVQ8xEizy32Qi+8CXHeQT+9cVN125LZc3xOg0ywCFIk2KhYChrpBecb9tDaPD +jc5HWGAlu5yVCgvNIwGuGL7VZb2LVb/uWYrbIL3586xTLgmZ+yd9I4v2ltlBNwpD +Fh/5XYSzO3lF/92yNZnA24UkIqh+/+CL8tjKPq7lAgMBAAGjODA2MDQGCCsGAQUF +BwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovLzEyNy4wLjAuMTo4Ni8wMDA4MA0G +CSqGSIb3DQEBBQUAA4ICAQAIAsIJivbx157TMNzOl/yEvVuuYDmCCgY4Qx5V3oMR +0xLggXb9XG6eMHNtj7IypmAkJO7j/XMQEubHI2sfTrVS4xIJ7t0Z0rSmNOYUPHlY +lUsl4/aX0swgk0gf1S832xW/9HGtBL2VgFelSbuqyvP/r2Ld+ZR1OFlsdO+sHhlg +bUu+92Ivxmi5xPyK/Z+yTUSHElFufV9BLOrmnDy9z9yqFLI0FuA4s4z012gfbMw8 +2jAyjlhbmr91ejijz2BvdMymwVX2loSYBNuxB9b2BhGvwvuBpHcETVWdxCjUPNCX +oPjUGFnMIzqzwIKtHeJM5Nokc813q9siB5TRFiYnguLVgvnhKfuPnoiiG1yLMTzG +HK4WMSj44lyd6ejX2f4KOT/6ZSBTXiAyS7ioS6i46PE/CoB9tIwb5lTTAtZWo6ZO +h5pR7Q1Sm+FmyGTIlVUIqvnAnVqJAyFrKZb4QmRqP9WS1RMAbIk46gENKDugEuHP +z/0QXqObZws+pxd63nYlJlTbD6j56VDwHpoNrdatYzK+wLt6Zr7J0/IeSMP1KxVN +OcyIMmWXmQFBEgdO1x2v+kYpkwJw7d+Jo9VQHAft3/hc1hHGGjLmK+dJ2IIW3UFd +E5ygAGiCVPheKoE+/gu/bt7itE8JMXRNai23qQpU9KcfY4puc7zjOJ64JuX2it2t +FA== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/2A.pem b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/2A.pem new file mode 100644 index 0000000..f3fd8ed --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/newcerts/2A.pem @@ -0,0 +1,92 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 42 (0x2a) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Jun 20 08:21:47 2009 GMT + Not After : Jun 18 08:21:47 2019 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First Test Certificate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:cf:0f:cf:a5:08:18:bf:8b:6c:2c:3c:55:fe:02: + 43:b7:a8:af:45:a3:4a:28:63:d1:da:26:7a:c2:0d: + f8:58:a5:73:c5:db:b8:fb:62:47:ea:17:7b:25:6b: + d1:8c:e2:74:96:f4:6b:e5:49:3b:b3:e5:6a:63:36: + 19:f8:3c:d8:4b:9c:14:9d:2b:6a:71:cc:3a:9f:b9: + d5:db:60:8e:44:40:d7:12:53:52:e5:71:41:c8:bf: + ec:0d:9c:5b:7c:8e:ac:99:47:65:50:e5:f8:95:3e: + 8a:3c:99:d9:75:47:73:51:f4:fd:36:46:ed:1a:77: + 10:ce:1d:01:0c:86:6b:23:ff + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 25:0C:EC:1F:D6:1A:A2:95:AF:C1:A3:DA:EF:B1:F3:BE:62:F3:10:6C + X509v3 Authority Key Identifier: + DirName:/C=KR/ST=KyungGi-Do/L=Suwon-Si/O=Samsung Elec./CN=CA + serial:F2:5B:40:5B:C2:B7:D0:64 + + Signature Algorithm: sha256WithRSAEncryption + b1:3e:50:ff:5f:32:b2:09:6b:52:98:07:5a:78:7f:fe:12:6f: + 87:25:d4:bc:96:45:07:31:e0:ae:52:d1:9e:04:d8:05:84:cf: + e2:e5:82:01:b5:46:ce:4e:47:d6:ef:87:7c:37:d6:67:99:ab: + ad:4d:70:eb:98:fe:31:f1:f8:e9:a2:c5:40:4f:a6:c4:79:15: + 64:d3:64:d2:3f:05:b5:08:16:88:46:22:72:86:a1:8e:ef:df: + 67:25:d7:74:bd:01:04:b8:70:00:0d:9d:36:d0:9e:3a:4b:7e: + 0d:3d:9e:3d:ce:fb:47:ee:7d:5b:b9:c1:65:2b:4c:ef:26:89: + ed:1b:bc:17:4a:63:41:b3:99:e7:c5:4d:d5:31:af:d7:4b:3b: + 37:ce:99:da:8f:53:20:40:14:95:14:09:61:ba:9c:c0:1b:66: + 7c:e7:e3:4c:28:c6:48:e8:6c:02:55:3c:44:18:d1:29:88:7b: + ff:30:e5:be:ee:8e:da:95:fe:04:c2:c8:a1:ce:81:46:b9:bb: + b2:3d:ad:af:a9:e3:a8:c1:8f:d8:51:48:d1:c6:e9:c8:c8:94: + 6f:7c:b0:fc:92:04:d0:8f:30:30:f1:a3:d0:f8:dc:aa:52:2c: + 1f:bd:f3:67:ac:97:6e:0d:1a:82:c1:a2:30:9e:d3:95:74:47: + b5:49:c8:73:7a:c6:73:20:18:7a:98:8f:c1:3e:5f:1a:04:33: + 9b:ff:e0:ab:9e:f8:ca:92:bc:e8:94:b8:ce:87:89:75:e6:49: + bd:d5:7f:1f:44:b6:48:fc:02:4f:b5:25:f4:ff:53:98:5f:0f: + 95:52:d2:00:2a:41:85:cb:8d:f4:a1:a6:ef:68:ac:b5:fa:a7: + 94:91:cc:64:5c:30:43:01:90:84:eb:8f:66:3b:98:4c:42:43: + 3d:31:47:28:da:49:eb:e9:14:67:c5:81:f6:13:a3:c3:a5:ee: + c4:28:0e:52:ee:c7:b2:e6:f8:c3:79:63:12:45:c1:06:5b:94: + 48:f1:4c:32:c7:69:9d:6d:b3:0b:c5:98:93:f4:4b:c7:64:35: + 23:22:56:c7:fa:e3:0c:3b:39:cf:b4:ca:cf:d2:10:97:b3:95: + e4:f7:53:d3:cb:5e:43:82:d4:7c:e5:83:a4:cf:4e:0b:c8:16: + 35:5e:8a:2b:47:8a:6e:2f:98:02:d4:cc:9d:28:a9:95:ff:ab: + 73:df:01:c6:ff:df:7b:33:21:e0:db:81:8d:59:11:f0:f3:92: + f7:c5:8c:83:2e:22:55:dd:1f:78:5c:f7:a3:fc:de:99:8f:46: + 50:ff:75:db:bb:58:07:fa:01:c1:67:8c:18:c4:3f:2f:b7:41: + f7:ec:56:e7:1a:4b:e4:78 +-----BEGIN CERTIFICATE----- +MIIEfjCCAmagAwIBAgIBKjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDYyMDA4MjE0N1oXDTE5 +MDYxODA4MjE0N1owWzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xHzAdBgNVBAMTFkZpcnN0IFRlc3QgQ2Vy +dGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM8Pz6UIGL+LbCw8 +Vf4CQ7eor0WjSihj0domesIN+Filc8XbuPtiR+oXeyVr0YzidJb0a+VJO7PlamM2 +Gfg82EucFJ0ranHMOp+51dtgjkRA1xJTUuVxQci/7A2cW3yOrJlHZVDl+JU+ijyZ +2XVHc1H0/TZG7Rp3EM4dAQyGayP/AgMBAAGjgdEwgc4wCQYDVR0TBAIwADAsBglg +hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O +BBYEFCUM7B/WGqKVr8Gj2u+x875i8xBsMHQGA1UdIwRtMGuhXqRcMFoxCzAJBgNV +BAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMREwDwYDVQQHEwhTdXdvbi1TaTEW +MBQGA1UEChMNU2Ftc3VuZyBFbGVjLjELMAkGA1UEAxMCQ0GCCQDyW0BbwrfQZDAN +BgkqhkiG9w0BAQsFAAOCAgEAsT5Q/18ysglrUpgHWnh//hJvhyXUvJZFBzHgrlLR +ngTYBYTP4uWCAbVGzk5H1u+HfDfWZ5mrrU1w65j+MfH46aLFQE+mxHkVZNNk0j8F +tQgWiEYicoahju/fZyXXdL0BBLhwAA2dNtCeOkt+DT2ePc77R+59W7nBZStM7yaJ +7Ru8F0pjQbOZ58VN1TGv10s7N86Z2o9TIEAUlRQJYbqcwBtmfOfjTCjGSOhsAlU8 +RBjRKYh7/zDlvu6O2pX+BMLIoc6BRrm7sj2tr6njqMGP2FFI0cbpyMiUb3yw/JIE +0I8wMPGj0PjcqlIsH73zZ6yXbg0agsGiMJ7TlXRHtUnIc3rGcyAYepiPwT5fGgQz +m//gq574ypK86JS4zoeJdeZJvdV/H0S2SPwCT7Ul9P9TmF8PlVLSACpBhcuN9KGm +72istfqnlJHMZFwwQwGQhOuPZjuYTEJDPTFHKNpJ6+kUZ8WB9hOjw6XuxCgOUu7H +sub4w3ljEkXBBluUSPFMMsdpnW2zC8WYk/RLx2Q1IyJWx/rjDDs5z7TKz9IQl7OV +5PdT08teQ4LUfOWDpM9OC8gWNV6KK0eKbi+YAtTMnSiplf+rc98Bxv/fezMh4NuB +jVkR8POS98WMgy4iVd0feFz3o/zemY9GUP9127tYB/oBwWeMGMQ/L7dB9+xW5xpL +5Hg= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/private/cakey.pem b/tests/cert-svc/data/TestData/ssl/demoCA/private/cakey.pem new file mode 100644 index 0000000..3b74363 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/private/cakey.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAxeGHrxpZR44wOoWcabXK6qAonmAvtoteQu9qim1mdlyFOL4t +vMMQiEDIctVmHNblNNqVj0iy+ogH69rHqRhImXW/MiqFrt0Gwdx+0KomqUPCXfmk +8458MkFwyN3bXVqtV7/tccix1OY5oakFUX/tYYwaCVr0cgUuev8ShxJ3Gr+3JTzZ +M8cGlN+M6eRfG5kuS9xMF2bZ7dlrqIuhdkFTCoARtt9NCewEKVwGBTJpVHVvHAuM +RuOaDw31G+kdI0OFUFCSNGDzTOevLGiMgIcHcmmV80EUYn4+3KZFdASi6/NlGLLS +0tEfJ29Qs7WGxU7+Ya1orKEUgtSSfbjTDW7xqLIz/trVUTL6FhLiUs6JCdsKxkjq +BZ3OauhrW0E45XeaNNvS2OfEgZsa7Z+cRAysqFEE3WXTiEQsGVNSoaC9epYGBgHT +e5oe3rVSXgeMA+otaSZa78JmUQ7p7CgKgkcI9HRnz2AZ2twzMkFoXZ2xx66shxgv +6tKUAtOSmjdKJCJGWpw1JBBRSEVwT5+xCrTnSBfGToAyNmLcRkL8uPZn+hhx/mGL +C3uCfMy7HkDQzGhvyDiBEYiE47EPFmDndf1+t1NbrGcxMYeraaqZW1Ceq6/Pow1w +PDtyckFRCRRYeSrjC8vfLrNuEEVRexfuAEqjHQkxjc8d4f66e0s2hZ2L0X0CAwEA +AQKCAgBEQ968QLnGHr5yof9o1IdxU9lPcd1j+0aEjvXRVZaAhMCM58b9lMnSR48f +VpFIp7Yg+ruX17uvBFi/PBWfNzpsfpt8IgFGZwfav0eckuaNhEu8gdAvGdustrjD +Aw6XcR3V5Od0VolK6jW9mIK2MAzjlyKwUYl9AF6dnft1T6B5QORc21YPL70MhOan +FdrduYWoNBKoDBponJYwaiNEmZqdR7tUvEpmft6cqhuFlXOS6IRxR2aYWhKe2PDT +NSORM8z8/R7DJSMqR8894b9+45ZlGRna9nui0uy60D2rnaHbBne9AowKoIw/3X4Y +0SnyTaMibWFsFJHv5Ie5CZb9zmVdcqAKZniikngDOLkxdqTr1U4T4hAP4ICahKjl +/mugIlg67Oua6Opd2LBpDsw4/5nXM2XyWwb6OFdDVCvnsV9v1pdRu2m8qZIQkWwC +2eEkuN3aW0DYOalWldjLggMGFrByZKp6H2+upvygJdInRIOlNA4e+aOmFFLWnCQ3 +HgXlLXvT8FJsAs/52eYTi3QFaYSb+WgagROw7FBZHXwyfV7f2Lrty9o/lh4AwAqv +4KtPfhQ0eVtB/3L7Pa+QuW5IBjjUbrrNCH3uo+NuJ+mOVzVZ/eVF4WlEDhapTyCh +YL/hMMIijRhf4VNkNch84Ly2lzvMxTnO/yFgomgMBf7vdYJBnQKCAQEA8LNvx3U2 +rNQqa342Uep15k3RBUTDtN8d6s06CpiRz+d/qKl/8MteENl0SQAOGmbmVfa4QUD9 +jFCD18D0sM0qERLB63Jwr62y1sRi2m47QEzWHzx81OxjKHZZw2K6YmHXE9JzurX5 +2+ifdUiU2uOmqS1IVrIFOZuQef0xqVq7PSSjbL3DwPefWQakRnmhpL1iTzgnswTu +7PPoqZaV9QmgjCGgMhNZlvQINXM8dYsAgfUlVZwKqkzAip9FpJLdmOUhyF2I+p6b +zjSwsA0MslyBqc/mkZBxAjMR7j4KeshwCosGpf12Ax/7eWIsBZBI2+GktPsUwiS0 +FsCX7b5s/Xk1SwKCAQEA0nVZUelZKUg+aoaQmAoJ1h83XaqOqV+uN7jjxYag9+Ts +Ay4mfhkMra6p7xfEz0lWiOVXDfq7jOSiefsvIAaVlr+EPBzyGpFN46S0A00EKloZ +ysP2R3bqI46VlqPcqaSZoj8dGWVN+gmz7zuu0usv0uzZx9wJ8cbxkC9LnD9Ka7dG +ea8al5FoC2eJHQGMfIj+RlRWdSZ2dkRWPb9oLpaTtQW7iLnFQDheZcK8lTcBxTc5 +gkGqv4Ab/ItNg6ukCd75lgHdxgNE5GNfBofu/68zn1qJjpP4YwJ9B8+4JPHmfl2f +F4OGvD9jq439/z8M4ymM4TjQbi0qYDfGPfgeja//VwKCAQAutcOlY1u+4lVxEscb +0nIaxVMgwJ1yBjJaFIWE9OKnA/fEFVCcu/p/LpPgbsBN41YjrINJNoF9r0pGnk1d +2hKlyYwUUtsHXJ/uCaJdXTLmYYLUAPsAnvcHLSBySEB/Qxln4VlQDGx2fogjTHiG +mdMH1Z/KIzXcXhIFelse0FqxnOCSA6lvUx57Oky62HPD8nSXhwA9P2HWXebysiRb +rwiW6RebYCHsp2LIbJp4/QaWMaqTGHsBXW+n9wyeyVlziFOr/GrOp+T4eUUohP/H +xSfsekn2SZ+Em8CJCUUjWq5TfXNG1w8FwDke7yw30C4zbXB3Jpp6qoDAQZO6MVAZ +SGJNAoIBAE1B2sog+SQYayE7yLSnarj5uJ9fzwMKJrA55RNLuqeFl8YLGQJNO8Q+ +TA+DEDJv355dYjm1g0fTXnmc5c3B3QP7xhUzIwTxtkAM5DAaA59wd+thSHUviAAJ +hYxJFuYHkIZo2MvLznYtPapipGi1AVdSrxeZBOWGfILLedwft7gXDX35868UJ7eY +CFNnkCTfPUigCST0O6RqraX5L8t6Zzqaoh8s4uYSS0Tb2dKE4Nd+0FOqu32VD7ED +ii79wTgGbGTOxpS7+nxEpkuFdwzRSggDel+mnhXqge9uJ1EYo95bi91b4QgV1QbT +FxyuDpMNW7QJ4Smw1s9/afyxqrWkl/0CggEBAO5OYdCU/EQCmz2cNcYTbUQRffh9 +cpILgXA8RI7Ravn7x9AyjoO9mhBwQRernPX/YQdL1homYhOC/NW7xCyr8qpOhmLh +bplV/TBOl74w114EZxvv0w4M9gxP666x3Kx7FzFs4gLNcHXh3eA8jzjiEJQQafwy +/LPDjVf1mQjmVKVj8keqsB2pJi/NgJuCl7qBdJbNvzcw/bhAT1HhQwuZ+2Z9+lO0 +5mcaxOgbvEv1MBQ5J/m0Afx5fYcNQbrS8S43b3Z3aiqd0ljybs3eDg3JEuRLMYc4 +EDiEvtDqv0nq/VK1yTYG1DhZRDPaVxWUplVl/sH57FzpbY4nVyUvAt5tSUo= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/serial b/tests/cert-svc/data/TestData/ssl/demoCA/serial new file mode 100644 index 0000000..6a38d8b --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/serial @@ -0,0 +1 @@ +2B diff --git a/tests/cert-svc/data/TestData/ssl/demoCA/serial.old b/tests/cert-svc/data/TestData/ssl/demoCA/serial.old new file mode 100644 index 0000000..8676c24 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/demoCA/serial.old @@ -0,0 +1 @@ +2A diff --git a/tests/cert-svc/data/TestData/ssl/ocsp_client1_uri.txt b/tests/cert-svc/data/TestData/ssl/ocsp_client1_uri.txt new file mode 100644 index 0000000..87ead05 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/ocsp_client1_uri.txt @@ -0,0 +1 @@ +authorityInfoAccess = OCSP;URI:http://127.0.0.1:80/0002 diff --git a/tests/cert-svc/data/TestData/ssl/ocsp_client2_uri.txt b/tests/cert-svc/data/TestData/ssl/ocsp_client2_uri.txt new file mode 100644 index 0000000..4469fa2 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/ocsp_client2_uri.txt @@ -0,0 +1 @@ +authorityInfoAccess = OCSP;URI:http://127.0.0.1:81/0003 diff --git a/tests/cert-svc/data/TestData/ssl/ocsp_client3_uri.txt b/tests/cert-svc/data/TestData/ssl/ocsp_client3_uri.txt new file mode 100644 index 0000000..a9d8864 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/ocsp_client3_uri.txt @@ -0,0 +1 @@ +authorityInfoAccess = OCSP;URI:http://127.0.0.1:82/0004 diff --git a/tests/cert-svc/data/TestData/ssl/ocsp_client4_uri.txt b/tests/cert-svc/data/TestData/ssl/ocsp_client4_uri.txt new file mode 100644 index 0000000..15f96c1 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/ocsp_client4_uri.txt @@ -0,0 +1 @@ +authorityInfoAccess = OCSP;URI:http://127.0.0.1:83/0005 diff --git a/tests/cert-svc/data/TestData/ssl/ocsp_client5_uri.txt b/tests/cert-svc/data/TestData/ssl/ocsp_client5_uri.txt new file mode 100644 index 0000000..0ac72c9 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/ocsp_client5_uri.txt @@ -0,0 +1 @@ +authorityInfoAccess = OCSP;URI:http://127.0.0.1:84/0006 diff --git a/tests/cert-svc/data/TestData/ssl/ocsp_client6_uri.txt b/tests/cert-svc/data/TestData/ssl/ocsp_client6_uri.txt new file mode 100644 index 0000000..00da98a --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/ocsp_client6_uri.txt @@ -0,0 +1 @@ +authorityInfoAccess = OCSP;URI:http://127.0.0.1:85/0007 diff --git a/tests/cert-svc/data/TestData/ssl/ocsp_client7_uri.txt b/tests/cert-svc/data/TestData/ssl/ocsp_client7_uri.txt new file mode 100644 index 0000000..71d3327 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/ocsp_client7_uri.txt @@ -0,0 +1 @@ +authorityInfoAccess = OCSP;URI:http://127.0.0.1:86/0008 diff --git a/tests/cert-svc/data/TestData/ssl/ocsp_client_chain.txt b/tests/cert-svc/data/TestData/ssl/ocsp_client_chain.txt new file mode 100644 index 0000000..e733920 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/ocsp_client_chain.txt @@ -0,0 +1 @@ +authorityInfoAccess = OCSP;URI:http://127.0.0.1:89/0002 diff --git a/tests/cert-svc/data/TestData/ssl/ocsp_client_chain_no_aia.txt b/tests/cert-svc/data/TestData/ssl/ocsp_client_chain_no_aia.txt new file mode 100644 index 0000000..e216ba3 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/ocsp_client_chain_no_aia.txt @@ -0,0 +1 @@ +authorityInfoAccess = OCSP;URI:http://127.0.0.1:90/0003 diff --git a/tests/cert-svc/data/TestData/ssl/ocsp_responder.txt b/tests/cert-svc/data/TestData/ssl/ocsp_responder.txt new file mode 100644 index 0000000..584b480 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/ocsp_responder.txt @@ -0,0 +1 @@ +extendedKeyUsage=OCSPSigning diff --git a/tests/cert-svc/data/TestData/ssl/ocsp_responder_nocheck.txt b/tests/cert-svc/data/TestData/ssl/ocsp_responder_nocheck.txt new file mode 100644 index 0000000..7b2a41b --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/ocsp_responder_nocheck.txt @@ -0,0 +1 @@ +noCheck= diff --git a/tests/cert-svc/data/TestData/ssl/ocsp_responder_nocheck_and_ocsp_signing.txt b/tests/cert-svc/data/TestData/ssl/ocsp_responder_nocheck_and_ocsp_signing.txt new file mode 100644 index 0000000..5c939ed --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/ocsp_responder_nocheck_and_ocsp_signing.txt @@ -0,0 +1,2 @@ +extendedKeyUsage=OCSPSigning +noCheck= diff --git a/tests/cert-svc/data/TestData/ssl/ocsp_svr.crt b/tests/cert-svc/data/TestData/ssl/ocsp_svr.crt new file mode 100644 index 0000000..5550456 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/ocsp_svr.crt @@ -0,0 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 7 (0x7) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 10 00:14:51 2009 GMT + Not After : Mar 10 00:14:51 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42: + 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37: + cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be: + ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14: + 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a: + b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51: + ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3: + 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46: + c7:92:f2:b3:ba:6c:90:3d:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + OCSP Signing + Signature Algorithm: sha1WithRSAEncryption + 2d:28:82:cc:79:30:2e:b5:8e:4f:d9:3b:f4:8b:c8:a3:e6:3b: + cb:2c:0f:97:1c:8b:7f:06:e1:5d:3b:ec:af:c5:de:ef:c4:fa: + 0b:63:ee:cb:ad:60:7f:42:6f:82:6d:f2:fb:bb:9a:36:f7:1a: + 6c:9c:82:e8:17:18:41:35:47:72:e8:36:b4:1a:c1:ae:59:7c: + 92:07:62:8f:00:9a:2e:c8:5e:62:20:5f:14:82:0d:fe:de:04: + c8:b0:b6:03:d4:aa:41:70:4f:f9:05:ba:b5:c7:3c:36:a0:68: + 81:c5:82:91:56:fc:65:fe:73:c4:b3:91:d2:c4:51:16:cb:48: + 32:e3:b1:ea:a4:dc:e0:de:9b:f2:75:22:cd:04:2d:2d:c9:76: + aa:3b:b8:c6:1a:86:86:1f:a7:11:e0:6d:16:f4:5b:b3:09:1d: + 34:c1:0e:1a:c8:21:82:91:73:bc:e5:c5:cb:d3:ed:46:d5:f5: + a6:f8:65:a6:91:7b:cd:a9:0d:a6:37:3e:d9:3f:6f:c4:c7:aa: + d9:95:75:dc:6d:38:9e:54:3d:0f:a1:26:16:28:71:6b:14:9e: + be:66:8b:f4:71:c1:3e:34:a0:a1:5d:da:31:1c:63:9f:9d:01: + 7f:62:13:9d:3b:74:a2:b3:0a:d5:24:c0:35:07:c0:6d:20:c1: + 2a:21:fb:82:a5:9c:eb:3e:ce:25:57:02:d6:38:77:5e:a0:2a: + 52:0c:f7:3f:f3:d3:aa:0c:53:a9:1c:e9:39:d7:0d:96:28:b8: + e2:e9:1c:e3:92:12:1e:e1:3e:44:5a:fb:25:1e:2c:74:a9:93: + 24:a0:f0:02:63:bf:e2:45:a0:c5:6f:40:e4:3b:b2:b1:f1:0a: + 19:89:b9:54:d6:61:21:3d:7b:4b:91:fe:d9:f0:e1:48:20:d9: + 0b:e2:be:dd:f7:5b:6f:c8:76:ca:74:9f:a5:4a:9a:9c:1d:f0: + ec:40:72:82:67:fc:2a:9f:4e:f1:7f:e4:b5:7e:c0:3f:22:36: + 18:c3:48:88:7f:0c:2d:26:cc:40:c5:82:bd:23:e5:6c:ce:3c: + 27:19:27:fe:7b:1b:fa:cb:38:0a:9f:a6:44:4b:c2:22:63:68: + 3c:fa:86:11:af:5d:05:7c:5b:fd:26:9a:78:18:c7:f6:1e:1f: + 69:b9:ba:71:3b:dc:95:c1:3f:59:17:42:f1:48:2b:10:5f:67: + 46:32:37:4a:1a:85:d0:00:81:92:50:6c:29:80:e1:b5:bf:52: + a8:79:c0:5d:b9:36:e3:f7:d5:69:dc:de:54:13:c0:d3:6e:7a: + 9c:a8:e9:e4:f6:57:ed:aa:bd:6e:c1:c5:35:ed:72:17:65:e3: + cd:f0:a3:a0:10:95:b8:70 +-----BEGIN CERTIFICATE----- +MIIDuzCCAaOgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMDAwMTQ1MVoXDTEw +MDMxMDAwMTQ1MVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb +rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li +sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq +j9ppRseS8rO6bJA9cQIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkq +hkiG9w0BAQUFAAOCAgEALSiCzHkwLrWOT9k79IvIo+Y7yywPlxyLfwbhXTvsr8Xe +78T6C2Puy61gf0Jvgm3y+7uaNvcabJyC6BcYQTVHcug2tBrBrll8kgdijwCaLshe +YiBfFIIN/t4EyLC2A9SqQXBP+QW6tcc8NqBogcWCkVb8Zf5zxLOR0sRRFstIMuOx +6qTc4N6b8nUizQQtLcl2qju4xhqGhh+nEeBtFvRbswkdNMEOGsghgpFzvOXFy9Pt +RtX1pvhlppF7zakNpjc+2T9vxMeq2ZV13G04nlQ9D6EmFihxaxSevmaL9HHBPjSg +oV3aMRxjn50Bf2ITnTt0orMK1STANQfAbSDBKiH7gqWc6z7OJVcC1jh3XqAqUgz3 +P/PTqgxTqRzpOdcNlii44ukc45ISHuE+RFr7JR4sdKmTJKDwAmO/4kWgxW9A5Duy +sfEKGYm5VNZhIT17S5H+2fDhSCDZC+K+3fdbb8h2ynSfpUqanB3w7EBygmf8Kp9O +8X/ktX7APyI2GMNIiH8MLSbMQMWCvSPlbM48Jxkn/nsb+ss4Cp+mREvCImNoPPqG +Ea9dBXxb/SaaeBjH9h4fabm6cTvclcE/WRdC8UgrEF9nRjI3ShqF0ACBklBsKYDh +tb9SqHnAXbk24/fVadzeVBPA0256nKjp5PZX7aq9bsHFNe1yF2XjzfCjoBCVuHA= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/ocsp_svr.key b/tests/cert-svc/data/TestData/ssl/ocsp_svr.key new file mode 100644 index 0000000..055435e --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/ocsp_svr.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQC5DoAg/HRJCMuDh3bkQgNCblYbrnNDm6bPXTMdN8+1Irx5Xmpp +Aj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47LisOggn6nnirjtP+Rvhtjl1Tv+ +R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttqj9ppRseS8rO6bJA9cQIDAQAB +AoGAfBn7VyO2IBxjzssTsjOK2AwCdwHgjqBdl4aa9qctBf5LguEMX2uAHDlh+FGZ +Dwgk3eqMJ9M5315fukg4m9D/SSJB5KzmdUB9OQaVe5zhteWOyFUFmMPWOwckKbHj +EZ+VLpab1PcQQm7VPPAGkF2p2J5UTR/JXt3ZPPj25+orKXkCQQDtnKJ0KtowUUjM +84+EV9nb7MdJJSAYBr0FKwqSyXsE/WdjqIGh5n/DtJcx6j44IaTn77EIOWHjztQa +e7/uuZ63AkEAx2CvuyGE4gijAZSQl7gLdgd5JbaJ4dXsFYb5WZK9TuoglsFoUFjC +aWP9ozPQQGCdTjt4LM5Ln3SuShIopBndFwJBAK0CuwsI1LwPw4lv4tUDPp8y5dxt +itPTvDgSIe3FhKyacniPDmy7L9ZpHRn8LHekj7VNwsJxPcSpKalq59LEFzsCQCAT +vjItQmPbX95xOJIwWiezLBqVM7nR4RnVjWiL40k/Ad8/XrkOjrjGDZikTW0OHkDn +8H3E8wXEkAX6xe8g+iECQEq02B0Je95yRzhFU2OfcZFz9B5YdNXkWAORNGNHV8nO +m4hVtlawDFWvhHhB/o6JG3QlN3UWy0TRgqZssfb+pNA= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/ocsp_svr/ocsp_svr.crt b/tests/cert-svc/data/TestData/ssl/ocsp_svr/ocsp_svr.crt new file mode 100644 index 0000000..5550456 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/ocsp_svr/ocsp_svr.crt @@ -0,0 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 7 (0x7) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 10 00:14:51 2009 GMT + Not After : Mar 10 00:14:51 2010 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b9:0e:80:20:fc:74:49:08:cb:83:87:76:e4:42: + 03:42:6e:56:1b:ae:73:43:9b:a6:cf:5d:33:1d:37: + cf:b5:22:bc:79:5e:6a:69:02:3e:e2:08:c5:f5:be: + ee:ef:df:4f:85:41:a2:5f:d3:76:39:3f:61:56:14: + 1f:c1:cc:ec:45:e3:b2:e2:b0:e8:20:9f:a9:e7:8a: + b8:ed:3f:e4:6f:86:d8:e5:d5:3b:fe:47:e8:8f:51: + ee:dd:b6:7f:36:6b:c7:75:f7:78:04:df:ac:51:b3: + 25:65:04:ab:0d:ce:db:5e:3a:db:6a:8f:da:69:46: + c7:92:f2:b3:ba:6c:90:3d:71 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + OCSP Signing + Signature Algorithm: sha1WithRSAEncryption + 2d:28:82:cc:79:30:2e:b5:8e:4f:d9:3b:f4:8b:c8:a3:e6:3b: + cb:2c:0f:97:1c:8b:7f:06:e1:5d:3b:ec:af:c5:de:ef:c4:fa: + 0b:63:ee:cb:ad:60:7f:42:6f:82:6d:f2:fb:bb:9a:36:f7:1a: + 6c:9c:82:e8:17:18:41:35:47:72:e8:36:b4:1a:c1:ae:59:7c: + 92:07:62:8f:00:9a:2e:c8:5e:62:20:5f:14:82:0d:fe:de:04: + c8:b0:b6:03:d4:aa:41:70:4f:f9:05:ba:b5:c7:3c:36:a0:68: + 81:c5:82:91:56:fc:65:fe:73:c4:b3:91:d2:c4:51:16:cb:48: + 32:e3:b1:ea:a4:dc:e0:de:9b:f2:75:22:cd:04:2d:2d:c9:76: + aa:3b:b8:c6:1a:86:86:1f:a7:11:e0:6d:16:f4:5b:b3:09:1d: + 34:c1:0e:1a:c8:21:82:91:73:bc:e5:c5:cb:d3:ed:46:d5:f5: + a6:f8:65:a6:91:7b:cd:a9:0d:a6:37:3e:d9:3f:6f:c4:c7:aa: + d9:95:75:dc:6d:38:9e:54:3d:0f:a1:26:16:28:71:6b:14:9e: + be:66:8b:f4:71:c1:3e:34:a0:a1:5d:da:31:1c:63:9f:9d:01: + 7f:62:13:9d:3b:74:a2:b3:0a:d5:24:c0:35:07:c0:6d:20:c1: + 2a:21:fb:82:a5:9c:eb:3e:ce:25:57:02:d6:38:77:5e:a0:2a: + 52:0c:f7:3f:f3:d3:aa:0c:53:a9:1c:e9:39:d7:0d:96:28:b8: + e2:e9:1c:e3:92:12:1e:e1:3e:44:5a:fb:25:1e:2c:74:a9:93: + 24:a0:f0:02:63:bf:e2:45:a0:c5:6f:40:e4:3b:b2:b1:f1:0a: + 19:89:b9:54:d6:61:21:3d:7b:4b:91:fe:d9:f0:e1:48:20:d9: + 0b:e2:be:dd:f7:5b:6f:c8:76:ca:74:9f:a5:4a:9a:9c:1d:f0: + ec:40:72:82:67:fc:2a:9f:4e:f1:7f:e4:b5:7e:c0:3f:22:36: + 18:c3:48:88:7f:0c:2d:26:cc:40:c5:82:bd:23:e5:6c:ce:3c: + 27:19:27:fe:7b:1b:fa:cb:38:0a:9f:a6:44:4b:c2:22:63:68: + 3c:fa:86:11:af:5d:05:7c:5b:fd:26:9a:78:18:c7:f6:1e:1f: + 69:b9:ba:71:3b:dc:95:c1:3f:59:17:42:f1:48:2b:10:5f:67: + 46:32:37:4a:1a:85:d0:00:81:92:50:6c:29:80:e1:b5:bf:52: + a8:79:c0:5d:b9:36:e3:f7:d5:69:dc:de:54:13:c0:d3:6e:7a: + 9c:a8:e9:e4:f6:57:ed:aa:bd:6e:c1:c5:35:ed:72:17:65:e3: + cd:f0:a3:a0:10:95:b8:70 +-----BEGIN CERTIFICATE----- +MIIDuzCCAaOgAwIBAgIBBzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMDAwMTQ1MVoXDTEw +MDMxMDAwMTQ1MVowUzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xFzAVBgNVBAMTDk9DU1AgUmVzcG9uZGVy +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5DoAg/HRJCMuDh3bkQgNCblYb +rnNDm6bPXTMdN8+1Irx5XmppAj7iCMX1vu7v30+FQaJf03Y5P2FWFB/BzOxF47Li +sOggn6nnirjtP+Rvhtjl1Tv+R+iPUe7dtn82a8d193gE36xRsyVlBKsNztteOttq +j9ppRseS8rO6bJA9cQIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTANBgkq +hkiG9w0BAQUFAAOCAgEALSiCzHkwLrWOT9k79IvIo+Y7yywPlxyLfwbhXTvsr8Xe +78T6C2Puy61gf0Jvgm3y+7uaNvcabJyC6BcYQTVHcug2tBrBrll8kgdijwCaLshe +YiBfFIIN/t4EyLC2A9SqQXBP+QW6tcc8NqBogcWCkVb8Zf5zxLOR0sRRFstIMuOx +6qTc4N6b8nUizQQtLcl2qju4xhqGhh+nEeBtFvRbswkdNMEOGsghgpFzvOXFy9Pt +RtX1pvhlppF7zakNpjc+2T9vxMeq2ZV13G04nlQ9D6EmFihxaxSevmaL9HHBPjSg +oV3aMRxjn50Bf2ITnTt0orMK1STANQfAbSDBKiH7gqWc6z7OJVcC1jh3XqAqUgz3 +P/PTqgxTqRzpOdcNlii44ukc45ISHuE+RFr7JR4sdKmTJKDwAmO/4kWgxW9A5Duy +sfEKGYm5VNZhIT17S5H+2fDhSCDZC+K+3fdbb8h2ynSfpUqanB3w7EBygmf8Kp9O +8X/ktX7APyI2GMNIiH8MLSbMQMWCvSPlbM48Jxkn/nsb+ss4Cp+mREvCImNoPPqG +Ea9dBXxb/SaaeBjH9h4fabm6cTvclcE/WRdC8UgrEF9nRjI3ShqF0ACBklBsKYDh +tb9SqHnAXbk24/fVadzeVBPA0256nKjp5PZX7aq9bsHFNe1yF2XjzfCjoBCVuHA= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/ocsp_svr_nocheck.crt b/tests/cert-svc/data/TestData/ssl/ocsp_svr_nocheck.crt new file mode 100644 index 0000000..6b31eed --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/ocsp_svr_nocheck.crt @@ -0,0 +1,80 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 39 (0x27) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 16 23:06:11 2009 GMT + Not After : Mar 14 23:06:11 2019 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Responder certificate with nocheck ext. field + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c3:69:f4:12:34:1b:04:51:33:26:84:9e:5a:fe: + 2b:d7:d8:eb:6a:14:af:e5:58:68:a5:71:e4:5e:8a: + 55:dc:69:71:14:3f:16:48:b1:52:ee:22:05:fd:2a: + e7:6e:ce:f1:24:49:f0:06:3d:f5:ed:6c:ed:26:11: + 93:93:4e:08:05:91:26:b9:22:e8:77:8b:6f:50:a5: + db:14:28:2c:c2:94:86:d2:64:11:0e:8a:51:eb:54: + 3b:5a:1f:70:0a:b2:5c:e2:b2:62:99:30:7c:8c:71: + f6:08:28:4f:d9:38:38:38:f3:82:cd:3a:ed:57:5c: + c9:d2:bc:47:fa:96:24:2e:d5 + Exponent: 65537 (0x10001) + X509v3 extensions: + OCSP No Check: + + Signature Algorithm: sha1WithRSAEncryption + 69:71:40:12:af:e4:be:42:52:ff:7a:a8:bf:e3:41:f2:2b:75: + 0d:22:10:e8:d6:1e:d3:c0:bb:90:7f:76:46:92:a9:63:2b:50: + 74:c8:73:c4:7b:0e:a0:b7:ed:5c:20:06:18:64:1b:7b:82:21: + a7:82:bc:c0:33:53:8b:5f:68:c7:de:5f:95:31:52:93:5d:0f: + 78:4c:ff:50:2f:e0:57:ba:f5:49:cb:94:ba:34:85:e9:f1:10: + 76:27:66:6d:d6:46:f6:9d:51:2d:04:96:b5:78:f7:c6:1b:25: + b4:0a:e7:89:f4:9f:a5:33:92:51:00:86:97:0f:47:cc:3a:8d: + 5e:3a:c2:ad:51:48:7e:7a:03:7a:d1:a7:6d:14:8a:64:f9:5a: + e1:1c:cb:82:e1:42:f3:8c:dc:87:8e:9b:c8:e4:68:3c:26:eb: + 0a:19:c8:1c:71:88:7e:c9:66:f7:fe:1a:ee:3a:52:1b:54:60: + 95:e8:37:e6:0d:b3:8b:bf:02:07:e7:f8:16:64:f9:34:50:8c: + bd:54:e5:d1:0b:a8:5f:59:79:de:2a:ea:44:92:be:3e:b2:0d: + cd:fa:df:d3:93:10:c9:ef:40:d3:31:a7:06:e3:39:15:68:5d: + d7:94:4f:96:69:8e:13:8d:f3:fb:79:eb:33:50:1e:af:fa:c3: + d8:81:47:1b:89:05:39:62:ea:c4:ef:f7:15:29:e2:43:f2:66: + 93:51:20:12:10:17:c9:c7:f3:7c:e0:fd:59:dc:38:ca:b2:f5: + fd:fe:5d:f8:9a:83:70:72:b9:e1:6b:a6:60:db:9d:a3:58:3e: + 5e:73:a4:ce:18:12:ba:dc:56:72:f8:b4:d8:4c:e8:d9:9c:5e: + cf:d1:76:56:7e:2e:33:9d:1a:80:eb:dd:7c:69:c0:9c:d3:5c: + 5c:d3:a2:89:7c:44:87:66:10:6e:f9:90:b6:72:58:90:77:48: + ea:56:25:52:e3:c6:bd:3c:95:99:ae:fd:2a:f7:b2:1f:87:bc: + af:93:ba:2d:0f:1a:ff:7e:90:3b:ae:63:96:9e:68:97:32:16: + ed:b8:ce:7d:48:f2:b9:83:fc:24:dc:34:1a:34:a4:19:80:78: + ec:b2:6c:a0:e8:15:37:1e:8d:fa:b9:62:a2:25:5d:d3:14:50: + f6:68:4b:09:b3:12:ac:cc:63:bb:2b:e6:2a:33:ee:c7:1c:c6: + 64:14:47:e2:c3:29:26:ba:f9:e8:2e:34:c1:cc:9e:3b:2d:57: + cd:f7:fe:fb:d8:13:65:5c:42:a8:71:61:df:d7:ae:16:71:7f: + fd:fb:66:d6:a2:92:52:e9:cb:65:03:7d:13:8c:bc:d4:5a:1a: + c0:55:0d:5f:1c:85:a0:1e +-----BEGIN CERTIFICATE----- +MIID1jCCAb6gAwIBAgIBJzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjIzMDYxMVoXDTE5 +MDMxNDIzMDYxMVowcjELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xNjA0BgNVBAMTLVJlc3BvbmRlciBjZXJ0 +aWZpY2F0ZSB3aXRoIG5vY2hlY2sgZXh0LiBmaWVsZDCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAw2n0EjQbBFEzJoSeWv4r19jrahSv5VhopXHkXopV3GlxFD8W +SLFS7iIF/Srnbs7xJEnwBj317WztJhGTk04IBZEmuSLod4tvUKXbFCgswpSG0mQR +DopR61Q7Wh9wCrJc4rJimTB8jHH2CChP2Tg4OPOCzTrtV1zJ0rxH+pYkLtUCAwEA +AaMTMBEwDwYJKwYBBQUHMAEFBAIFADANBgkqhkiG9w0BAQUFAAOCAgEAaXFAEq/k +vkJS/3qov+NB8it1DSIQ6NYe08C7kH92RpKpYytQdMhzxHsOoLftXCAGGGQbe4Ih +p4K8wDNTi19ox95flTFSk10PeEz/UC/gV7r1ScuUujSF6fEQdidmbdZG9p1RLQSW +tXj3xhsltArnifSfpTOSUQCGlw9HzDqNXjrCrVFIfnoDetGnbRSKZPla4RzLguFC +84zch46byORoPCbrChnIHHGIfslm9/4a7jpSG1Rgleg35g2zi78CB+f4FmT5NFCM +vVTl0QuoX1l53irqRJK+PrINzfrf05MQye9A0zGnBuM5FWhd15RPlmmOE43z+3nr +M1Aer/rD2IFHG4kFOWLqxO/3FSniQ/Jmk1EgEhAXycfzfOD9Wdw4yrL1/f5d+JqD +cHK54WumYNudo1g+XnOkzhgSutxWcvi02Ezo2Zxez9F2Vn4uM50agOvdfGnAnNNc +XNOiiXxEh2YQbvmQtnJYkHdI6lYlUuPGvTyVma79KveyH4e8r5O6LQ8a/36QO65j +lp5olzIW7bjOfUjyuYP8JNw0GjSkGYB47LJsoOgVNx6N+rlioiVd0xRQ9mhLCbMS +rMxjuyvmKjPuxxzGZBRH4sMpJrr56C40wcyeOy1Xzff++9gTZVxCqHFh39euFnF/ +/ftm1qKSUunLZQN9E4y81FoawFUNXxyFoB4= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/ocsp_svr_nocheck.key b/tests/cert-svc/data/TestData/ssl/ocsp_svr_nocheck.key new file mode 100644 index 0000000..4946d6b --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/ocsp_svr_nocheck.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDDafQSNBsEUTMmhJ5a/ivX2OtqFK/lWGilceReilXcaXEUPxZI +sVLuIgX9KuduzvEkSfAGPfXtbO0mEZOTTggFkSa5Iuh3i29QpdsUKCzClIbSZBEO +ilHrVDtaH3AKslzismKZMHyMcfYIKE/ZODg484LNOu1XXMnSvEf6liQu1QIDAQAB +AoGADsM3XBSxoc7clWFZcThYaZMKndX4P9RA+5ayEO5UdDVHBKeLcGxs/m51k12l +ZDqf/wTS7DXMGWasN78GLg+sDVXKhzmGIcI7Lql8bVbeXIn8CQaCG+Ol7VmUwDw4 +LAoguwyyKZbeWTzsdRdumhHyLnjVXDnBw3oUYGDtVvIMgXUCQQDo4Y+qsWEa/88O +M+0LjnM0Ua4DGpHLiKtGkmsc9+Lyhq1bRa07F78ufsVW7Fv3esOa2dyOU9+cK/oe +fukRZH3/AkEA1tAzV8bRVxoyFahZ31yEnag9op+ZdH45TiIKT/TpA3skxaanV5aJ +xa3czmfOge3izwZ5e/Gq2MVuCHiRUUb7KwJAQy11/P5IDbrHJsix04iXEPuS39BV +SEo3ZhcskOGs9NsGvPJ/gzFZc/cbw/RQnzYpoMzBw8jME0fYUd24K806TwJAWQD2 +5P2Zqy9NZS/V3PgmcnRM5V6fZGcQM1FjWHGvQiP5vnMojt/uwZsiC9ty8t6vxPt3 +xmUBVsOmrZfXDggM9QJBAKKwevWzPt5v42+mZhN1qWeHgHk/urFWn5+ITIzVNZmD +FvIQ/2iBj2YmLiD3pbgT0eflAdfSM8enTyqZ431nOFE= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/ocsp_svr_nocheck_and_ocspsigning.crt b/tests/cert-svc/data/TestData/ssl/ocsp_svr_nocheck_and_ocspsigning.crt new file mode 100644 index 0000000..892ac97 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/ocsp_svr_nocheck_and_ocspsigning.crt @@ -0,0 +1,82 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 40 (0x28) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 16 23:08:54 2009 GMT + Not After : Mar 14 23:08:54 2019 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=OCSP Responder's certificate with delegation + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:d0:8a:8e:73:c5:57:a8:03:b0:2c:1f:05:05:36: + 1b:90:89:db:48:b2:cd:e8:ea:02:95:d8:30:c3:c6: + 3e:6a:8c:19:70:0c:a7:cb:a6:07:df:ec:42:c9:dc: + 18:cf:ef:73:cd:d1:eb:51:c0:bd:0e:51:63:6f:a3: + ce:26:a0:02:da:32:a3:65:36:ad:42:02:85:9b:df: + 9e:0a:51:41:93:f9:02:ff:f0:63:be:38:2e:b9:d9: + 07:db:3c:81:23:4f:2a:0d:24:50:6e:e2:ef:59:f4: + 91:3a:fb:fd:55:19:4b:49:71:08:bd:f9:2d:ea:64: + 82:f6:1a:ca:46:60:ac:de:e5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + OCSP Signing + OCSP No Check: + + Signature Algorithm: sha1WithRSAEncryption + 05:a1:04:c7:55:71:a8:52:04:d6:60:f3:37:08:15:50:86:71: + bf:8e:9e:9b:60:50:6e:57:1e:b1:30:3a:e0:8a:e0:74:90:c0: + be:97:78:f1:8b:52:f3:6b:e6:45:38:a5:7b:e2:47:2d:5c:80: + 15:e7:74:b2:b1:66:db:eb:96:67:7c:01:8b:5e:c1:c2:59:33: + 2e:62:a9:a3:7f:c7:b8:07:ee:27:22:83:11:e3:e9:b9:59:a5: + 1f:27:1f:6f:b9:34:c5:c2:ae:d5:cd:59:59:28:05:78:ff:0f: + 18:6a:c8:22:5b:40:06:0b:a9:ee:8c:e5:44:04:59:a0:f2:42: + e8:52:a4:ec:45:78:1e:b4:cf:02:e5:b5:31:d2:f4:93:15:58: + bc:02:a6:b0:01:5a:d9:72:eb:80:64:e9:f1:d5:38:69:f4:1a: + 4d:7c:78:d7:ba:9e:ca:41:22:a6:09:c2:7e:fe:90:20:7f:72: + ae:ca:76:30:39:e5:1e:70:63:bc:68:e4:ee:0f:e7:7a:b0:cf: + c4:70:26:b8:dd:4e:9f:9f:75:11:05:be:d8:17:95:c1:75:ac: + e6:91:f7:b8:8e:93:f3:45:c1:9d:10:10:71:69:92:6d:f1:b8: + 73:18:ed:02:84:6d:ab:6c:cc:91:be:ac:3c:61:39:48:74:e2: + 27:b9:16:5e:02:6c:c4:1b:35:a2:68:24:44:5c:4e:37:58:6d: + f3:a4:e9:6a:d9:56:92:6d:05:6e:e1:f3:f5:7b:11:40:4b:2b: + 13:32:e5:18:5b:62:64:1a:17:9f:91:fd:0c:95:54:02:09:6f: + 48:ea:c8:ae:7e:24:bb:a8:b1:33:c8:98:50:90:8d:b2:5b:21: + 1e:af:d2:78:ae:87:a7:32:82:3d:aa:9d:66:0d:92:59:02:8c: + 3f:73:43:76:74:58:f9:95:fd:5c:90:31:d7:c7:7a:2a:fb:e0: + bb:b8:50:62:3c:44:09:34:dd:68:10:11:be:c6:c3:65:a4:e8: + e3:9d:0f:59:a2:a7:e5:d5:97:8b:48:a0:d4:30:31:aa:9e:4b: + e2:30:ed:06:72:c8:97:0d:6a:70:a8:c9:ca:9c:d4:f1:57:0b: + bf:24:43:7e:b7:a1:a5:91:af:ac:ae:f5:c6:8b:ef:aa:61:e5: + c4:7d:37:31:a0:5f:e9:45:9d:d8:08:b9:15:da:16:2a:16:77: + c7:82:0e:02:6e:9b:ec:25:f3:8f:8d:11:41:0b:56:a9:7b:1d: + 0f:f3:be:fa:46:ee:cb:80:3b:09:1f:85:90:70:ed:1d:e3:65: + f4:81:3f:ef:86:32:6c:9c:b0:35:e2:73:41:fb:0c:0c:2d:2d: + cb:45:0e:73:d3:39:98:36 +-----BEGIN CERTIFICATE----- +MIID6jCCAdKgAwIBAgIBKDANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxNjIzMDg1NFoXDTE5 +MDMxNDIzMDg1NFowcTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xNTAzBgNVBAMTLE9DU1AgUmVzcG9uZGVy +J3MgY2VydGlmaWNhdGUgd2l0aCBkZWxlZ2F0aW9uMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDQio5zxVeoA7AsHwUFNhuQidtIss3o6gKV2DDDxj5qjBlwDKfL +pgff7ELJ3BjP73PN0etRwL0OUWNvo84moALaMqNlNq1CAoWb354KUUGT+QL/8GO+ +OC652QfbPIEjTyoNJFBu4u9Z9JE6+/1VGUtJcQi9+S3qZIL2GspGYKze5QIDAQAB +oygwJjATBgNVHSUEDDAKBggrBgEFBQcDCTAPBgkrBgEFBQcwAQUEAgUAMA0GCSqG +SIb3DQEBBQUAA4ICAQAFoQTHVXGoUgTWYPM3CBVQhnG/jp6bYFBuVx6xMDrgiuB0 +kMC+l3jxi1Lza+ZFOKV74kctXIAV53SysWbb65ZnfAGLXsHCWTMuYqmjf8e4B+4n +IoMR4+m5WaUfJx9vuTTFwq7VzVlZKAV4/w8YasgiW0AGC6nujOVEBFmg8kLoUqTs +RXgetM8C5bUx0vSTFVi8AqawAVrZcuuAZOnx1Thp9BpNfHjXup7KQSKmCcJ+/pAg +f3KuynYwOeUecGO8aOTuD+d6sM/EcCa43U6fn3URBb7YF5XBdazmkfe4jpPzRcGd +EBBxaZJt8bhzGO0ChG2rbMyRvqw8YTlIdOInuRZeAmzEGzWiaCREXE43WG3zpOlq +2VaSbQVu4fP1exFASysTMuUYW2JkGhefkf0MlVQCCW9I6siufiS7qLEzyJhQkI2y +WyEer9J4roenMoI9qp1mDZJZAow/c0N2dFj5lf1ckDHXx3oq++C7uFBiPEQJNN1o +EBG+xsNlpOjjnQ9Zoqfl1ZeLSKDUMDGqnkviMO0GcsiXDWpwqMnKnNTxVwu/JEN+ +t6Glka+srvXGi++qYeXEfTcxoF/pRZ3YCLkV2hYqFnfHgg4CbpvsJfOPjRFBC1ap +ex0P8776Ru7LgDsJH4WQcO0d42X0gT/vhjJsnLA14nNB+wwMLS3LRQ5z0zmYNg== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/ocsp_svr_nocheck_and_ocspsigning.key b/tests/cert-svc/data/TestData/ssl/ocsp_svr_nocheck_and_ocspsigning.key new file mode 100644 index 0000000..3c1f779 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/ocsp_svr_nocheck_and_ocspsigning.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDQio5zxVeoA7AsHwUFNhuQidtIss3o6gKV2DDDxj5qjBlwDKfL +pgff7ELJ3BjP73PN0etRwL0OUWNvo84moALaMqNlNq1CAoWb354KUUGT+QL/8GO+ +OC652QfbPIEjTyoNJFBu4u9Z9JE6+/1VGUtJcQi9+S3qZIL2GspGYKze5QIDAQAB +AoGAN5sqft45EFjjafBfg1M5KGJJ8WmUFC4JwHDkF9/NltWClukY+Oltohy6dl7U +0uUziMcXqzXsc1vqWsNf3da+y3oApBa83lI0u02Quzfjc3Lod+Blg7F6RA2dujg+ +3r6Zsop82NWnsMVqxi6+ZjXymSndu8UoY2k/+0N4Ct3916UCQQD9tWlBrKwPhVI3 +tz1Ho0peEdHrn6FXg21rvZgy+RMuiJUummwZZVUDS8ag2OPymffpNCZjbLTDXlaS +LGKwWt8vAkEA0my3N0557HO345VHlhFiOc1wKcAVN06PNzjU1FZ9PqQeOpoVj4E5 +LlZK625v8d6N8/W8EFbjxfsVll4/P2Q+KwJAS5noYJqctw9KXbHrv9In0fpLbIQn +5tUSIR3hIadZEO/ATJ/VgIfSmmXVLY8T9fHtjv9sRQpanzEYaPxy+AxMHwJAb0q8 +pG3HIn4Zli7QC9jp4LR9TDehgPz11jkip6OO3mCi9E+mc53fBljxiw9/+abB4XPo +oaOzGHUx97OlM/vqvQJBAKSUpOYm8HPvMiHUAZElqD+gCSPM1ocv5MpQjm6t7Bc+ +WTCWBulo/KPHIG0wI4Ug/PtA29DsdC0mqQVLZZ9r0IE= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/ocsp_svr_with_response.crt b/tests/cert-svc/data/TestData/ssl/ocsp_svr_with_response.crt new file mode 100644 index 0000000..0846e40 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/ocsp_svr_with_response.crt @@ -0,0 +1,80 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 14 (0xe) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Mar 13 03:16:42 2009 GMT + Not After : Mar 11 03:16:42 2019 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=Second Responder Certificate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:aa:01:31:49:34:0e:6c:b5:25:a0:da:35:71:cf: + 9d:a7:c4:ad:27:31:ee:c2:46:fe:03:8f:4f:ed:f7: + 75:d5:b9:01:c6:a9:8f:8d:17:ca:8c:82:82:63:ed: + 08:d4:05:9e:31:3c:c9:66:59:41:72:63:8e:01:3e: + a2:39:d1:9c:51:9c:c5:9a:ad:72:0d:e6:2b:19:ba: + 45:a6:18:f6:e2:79:72:4b:5e:79:74:38:b5:86:9c: + 57:bb:2c:e8:f5:57:9b:32:34:86:2a:2f:40:2f:5d: + dd:9c:f5:63:d4:2e:ad:b1:d3:25:22:7c:86:89:84: + c9:26:70:3c:c8:11:64:ed:47 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Extended Key Usage: + OCSP Signing + Signature Algorithm: sha1WithRSAEncryption + b8:56:6b:f9:21:8a:79:e8:53:38:c7:84:e0:c3:96:6c:f3:71: + 95:dc:31:9a:ef:fc:fb:b5:18:c6:35:26:3d:ee:4d:00:9c:e4: + 10:25:a9:2e:a0:41:8a:37:a9:91:02:9c:52:ec:0d:7a:bf:e9: + bb:54:6d:4a:92:5c:9d:c8:01:17:a3:8f:25:fd:32:a7:11:e4: + 77:fd:ce:7c:4b:c9:ae:32:e6:d5:25:cc:a4:97:bb:07:f3:1d: + f0:11:8a:d8:f1:37:e6:4f:3c:99:30:44:20:04:3d:82:fc:87: + 60:24:21:a9:46:e7:d8:41:2c:76:d8:a5:58:44:ca:85:71:31: + 24:f2:45:7d:fb:70:db:1b:93:42:21:85:69:5d:19:13:85:7c: + 85:6c:83:8f:bf:c1:a7:3d:49:b9:68:4e:a2:12:2e:9d:89:c3: + a7:1b:86:71:e4:cc:29:79:0e:b1:19:07:ca:2d:b8:95:87:f4: + 8d:4a:be:06:0d:d0:e1:1a:ed:ea:a2:52:f3:f2:7b:1f:3c:10: + c6:67:be:00:3a:36:ca:ad:93:d4:ee:b3:9d:e8:47:6e:bb:6f: + 12:6b:cf:3d:73:22:a3:15:e0:e1:51:88:86:e6:2a:23:ee:e1: + 32:55:0c:b8:73:35:f7:42:9e:4c:c4:ea:f5:3c:d5:20:ef:32: + 27:c2:b5:9b:ad:f0:a8:bf:72:5c:5b:fc:41:e4:a0:6d:b2:4d: + c0:69:a5:b2:dc:70:d6:90:ae:2e:81:41:f4:ec:33:c5:43:4e: + 70:eb:1c:17:4c:d9:ed:8f:97:2e:20:17:9d:40:bc:d1:ae:74: + 21:8b:ab:cc:b0:86:5a:cd:42:9c:df:13:16:59:56:27:be:26: + bb:92:5f:7a:86:9e:f5:19:45:1f:36:8a:e3:55:5d:89:3b:2f: + ed:13:9c:e7:ae:bd:eb:34:31:a2:02:70:0c:a7:32:d3:d1:be: + c0:2f:0e:10:b7:43:2d:ab:68:70:b4:a1:e1:25:c1:ae:1c:43: + 32:c0:90:81:c1:39:0b:27:e7:14:c9:28:db:40:0f:1f:9c:ce: + 1b:8b:26:ca:b8:41:01:e7:cb:92:b0:8a:14:00:f3:e0:3c:84: + d3:2c:45:19:15:01:02:ab:bd:e8:19:6b:d7:7e:c6:5a:a9:3a: + d5:00:23:15:2a:e9:93:7d:11:75:cc:c6:c3:8e:5f:3f:d3:3f: + 05:9f:40:12:a9:a8:bc:50:dc:42:02:62:7d:00:6a:ef:08:e1: + 69:87:4d:2a:9b:54:49:35:80:58:12:92:a1:33:65:20:5f:29: + cf:ab:03:8e:0b:91:08:9e:52:d6:b2:d7:ec:bb:38:9b:d5:5d: + f6:b2:89:f5:00:bb:0f:f2 +-----BEGIN CERTIFICATE----- +MIIDyTCCAbGgAwIBAgIBDjANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDMxMzAzMTY0MloXDTE5 +MDMxMTAzMTY0MlowYTELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xJTAjBgNVBAMTHFNlY29uZCBSZXNwb25k +ZXIgQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKoBMUk0 +Dmy1JaDaNXHPnafErScx7sJG/gOPT+33ddW5Acapj40XyoyCgmPtCNQFnjE8yWZZ +QXJjjgE+ojnRnFGcxZqtcg3mKxm6RaYY9uJ5ckteeXQ4tYacV7ss6PVXmzI0hiov +QC9d3Zz1Y9QurbHTJSJ8homEySZwPMgRZO1HAgMBAAGjFzAVMBMGA1UdJQQMMAoG +CCsGAQUFBwMJMA0GCSqGSIb3DQEBBQUAA4ICAQC4Vmv5IYp56FM4x4Tgw5Zs83GV +3DGa7/z7tRjGNSY97k0AnOQQJakuoEGKN6mRApxS7A16v+m7VG1KklydyAEXo48l +/TKnEeR3/c58S8muMubVJcykl7sH8x3wEYrY8TfmTzyZMEQgBD2C/IdgJCGpRufY +QSx22KVYRMqFcTEk8kV9+3DbG5NCIYVpXRkThXyFbIOPv8GnPUm5aE6iEi6dicOn +G4Zx5MwpeQ6xGQfKLbiVh/SNSr4GDdDhGu3qolLz8nsfPBDGZ74AOjbKrZPU7rOd +6Eduu28Sa889cyKjFeDhUYiG5ioj7uEyVQy4czX3Qp5MxOr1PNUg7zInwrWbrfCo +v3JcW/xB5KBtsk3AaaWy3HDWkK4ugUH07DPFQ05w6xwXTNntj5cuIBedQLzRrnQh +i6vMsIZazUKc3xMWWVYnvia7kl96hp71GUUfNorjVV2JOy/tE5znrr3rNDGiAnAM +pzLT0b7ALw4Qt0Mtq2hwtKHhJcGuHEMywJCBwTkLJ+cUySjbQA8fnM4biybKuEEB +58uSsIoUAPPgPITTLEUZFQECq73oGWvXfsZaqTrVACMVKumTfRF1zMbDjl8/0z8F +n0ASqai8UNxCAmJ9AGrvCOFph00qm1RJNYBYEpKhM2UgXynPqwOOC5EInlLWstfs +uzib1V32son1ALsP8g== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/TestData/ssl/ocsp_svr_with_response.key b/tests/cert-svc/data/TestData/ssl/ocsp_svr_with_response.key new file mode 100644 index 0000000..f9b78cd --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/ocsp_svr_with_response.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQCqATFJNA5stSWg2jVxz52nxK0nMe7CRv4Dj0/t93XVuQHGqY+N +F8qMgoJj7QjUBZ4xPMlmWUFyY44BPqI50ZxRnMWarXIN5isZukWmGPbieXJLXnl0 +OLWGnFe7LOj1V5syNIYqL0AvXd2c9WPULq2x0yUifIaJhMkmcDzIEWTtRwIDAQAB +AoGANCB/e0Gx9pUov4SJBKezYKDGsxD1c66O7op/6KiLAghjSgXt1UZpPeI6luc0 +YMaENfa8jlxp2+g4v5rz5SSneEK4G/Qx5dNh+wMEr0iE7PWgkgmOgDj2beaqcFP1 +l1QG0pshiW4VuD+erfPuWMBzPPGC5rGlyFCDgvHelybbuNECQQDaPgCAmxk1CcVD +hN6TIA9Q1kkzALKvFntrKGgSy/c/tY+FkYQbMl8EPqaiIs+sseXCtW1kLELQU5gY +tZsF7wMpAkEAx2q9HZ4s+K141csh+7pLhum/xR2lYJ4Gu2qtj15Xq2fWdRDLvbdv +lt+R0Mw9H+cDlgmPQHnYWglajRC2EKJq7wJAbydzFA1qukO+r9PllOOYSWDKqWpq +l5iIxZwv3Zr60/0CG1JxCXUPRdcvAZdfVKLK1e+XxpRwdzCMX9FnIo+IeQJAfIPY +a9rtJ6VhctTwdjafnDDuDg1xyr9BYtq8Xm3A/gTLMrN3FBGquqEEckRk0juz0IZN +jSvHfIikorpRhFd1vwJBAMKpl679FQG6Bcl6TPXnFuiw3/g/4zFGBONQGhBwl6xb +PwrJ4Iv1XzZ1VtVvp5c5sRkCf6F1Lv7pyZsCMLD8wrQ= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/TestData/ssl/resp_ocsp1.der b/tests/cert-svc/data/TestData/ssl/resp_ocsp1.der Binary files differnew file mode 100644 index 0000000..2bf5734 --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/resp_ocsp1.der diff --git a/tests/cert-svc/data/TestData/ssl/sha256.crt b/tests/cert-svc/data/TestData/ssl/sha256.crt new file mode 100644 index 0000000..f3fd8ed --- /dev/null +++ b/tests/cert-svc/data/TestData/ssl/sha256.crt @@ -0,0 +1,92 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 42 (0x2a) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=KR, ST=KyungGi-Do, L=Suwon-Si, O=Samsung Elec., CN=CA + Validity + Not Before: Jun 20 08:21:47 2009 GMT + Not After : Jun 18 08:21:47 2019 GMT + Subject: C=KR, ST=KyungGi-Do, O=Samsung Elec., CN=First Test Certificate + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:cf:0f:cf:a5:08:18:bf:8b:6c:2c:3c:55:fe:02: + 43:b7:a8:af:45:a3:4a:28:63:d1:da:26:7a:c2:0d: + f8:58:a5:73:c5:db:b8:fb:62:47:ea:17:7b:25:6b: + d1:8c:e2:74:96:f4:6b:e5:49:3b:b3:e5:6a:63:36: + 19:f8:3c:d8:4b:9c:14:9d:2b:6a:71:cc:3a:9f:b9: + d5:db:60:8e:44:40:d7:12:53:52:e5:71:41:c8:bf: + ec:0d:9c:5b:7c:8e:ac:99:47:65:50:e5:f8:95:3e: + 8a:3c:99:d9:75:47:73:51:f4:fd:36:46:ed:1a:77: + 10:ce:1d:01:0c:86:6b:23:ff + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 25:0C:EC:1F:D6:1A:A2:95:AF:C1:A3:DA:EF:B1:F3:BE:62:F3:10:6C + X509v3 Authority Key Identifier: + DirName:/C=KR/ST=KyungGi-Do/L=Suwon-Si/O=Samsung Elec./CN=CA + serial:F2:5B:40:5B:C2:B7:D0:64 + + Signature Algorithm: sha256WithRSAEncryption + b1:3e:50:ff:5f:32:b2:09:6b:52:98:07:5a:78:7f:fe:12:6f: + 87:25:d4:bc:96:45:07:31:e0:ae:52:d1:9e:04:d8:05:84:cf: + e2:e5:82:01:b5:46:ce:4e:47:d6:ef:87:7c:37:d6:67:99:ab: + ad:4d:70:eb:98:fe:31:f1:f8:e9:a2:c5:40:4f:a6:c4:79:15: + 64:d3:64:d2:3f:05:b5:08:16:88:46:22:72:86:a1:8e:ef:df: + 67:25:d7:74:bd:01:04:b8:70:00:0d:9d:36:d0:9e:3a:4b:7e: + 0d:3d:9e:3d:ce:fb:47:ee:7d:5b:b9:c1:65:2b:4c:ef:26:89: + ed:1b:bc:17:4a:63:41:b3:99:e7:c5:4d:d5:31:af:d7:4b:3b: + 37:ce:99:da:8f:53:20:40:14:95:14:09:61:ba:9c:c0:1b:66: + 7c:e7:e3:4c:28:c6:48:e8:6c:02:55:3c:44:18:d1:29:88:7b: + ff:30:e5:be:ee:8e:da:95:fe:04:c2:c8:a1:ce:81:46:b9:bb: + b2:3d:ad:af:a9:e3:a8:c1:8f:d8:51:48:d1:c6:e9:c8:c8:94: + 6f:7c:b0:fc:92:04:d0:8f:30:30:f1:a3:d0:f8:dc:aa:52:2c: + 1f:bd:f3:67:ac:97:6e:0d:1a:82:c1:a2:30:9e:d3:95:74:47: + b5:49:c8:73:7a:c6:73:20:18:7a:98:8f:c1:3e:5f:1a:04:33: + 9b:ff:e0:ab:9e:f8:ca:92:bc:e8:94:b8:ce:87:89:75:e6:49: + bd:d5:7f:1f:44:b6:48:fc:02:4f:b5:25:f4:ff:53:98:5f:0f: + 95:52:d2:00:2a:41:85:cb:8d:f4:a1:a6:ef:68:ac:b5:fa:a7: + 94:91:cc:64:5c:30:43:01:90:84:eb:8f:66:3b:98:4c:42:43: + 3d:31:47:28:da:49:eb:e9:14:67:c5:81:f6:13:a3:c3:a5:ee: + c4:28:0e:52:ee:c7:b2:e6:f8:c3:79:63:12:45:c1:06:5b:94: + 48:f1:4c:32:c7:69:9d:6d:b3:0b:c5:98:93:f4:4b:c7:64:35: + 23:22:56:c7:fa:e3:0c:3b:39:cf:b4:ca:cf:d2:10:97:b3:95: + e4:f7:53:d3:cb:5e:43:82:d4:7c:e5:83:a4:cf:4e:0b:c8:16: + 35:5e:8a:2b:47:8a:6e:2f:98:02:d4:cc:9d:28:a9:95:ff:ab: + 73:df:01:c6:ff:df:7b:33:21:e0:db:81:8d:59:11:f0:f3:92: + f7:c5:8c:83:2e:22:55:dd:1f:78:5c:f7:a3:fc:de:99:8f:46: + 50:ff:75:db:bb:58:07:fa:01:c1:67:8c:18:c4:3f:2f:b7:41: + f7:ec:56:e7:1a:4b:e4:78 +-----BEGIN CERTIFICATE----- +MIIEfjCCAmagAwIBAgIBKjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJLUjET +MBEGA1UECBMKS3l1bmdHaS1EbzERMA8GA1UEBxMIU3V3b24tU2kxFjAUBgNVBAoT +DVNhbXN1bmcgRWxlYy4xCzAJBgNVBAMTAkNBMB4XDTA5MDYyMDA4MjE0N1oXDTE5 +MDYxODA4MjE0N1owWzELMAkGA1UEBhMCS1IxEzARBgNVBAgTCkt5dW5nR2ktRG8x +FjAUBgNVBAoTDVNhbXN1bmcgRWxlYy4xHzAdBgNVBAMTFkZpcnN0IFRlc3QgQ2Vy +dGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM8Pz6UIGL+LbCw8 +Vf4CQ7eor0WjSihj0domesIN+Filc8XbuPtiR+oXeyVr0YzidJb0a+VJO7PlamM2 +Gfg82EucFJ0ranHMOp+51dtgjkRA1xJTUuVxQci/7A2cW3yOrJlHZVDl+JU+ijyZ +2XVHc1H0/TZG7Rp3EM4dAQyGayP/AgMBAAGjgdEwgc4wCQYDVR0TBAIwADAsBglg +hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O +BBYEFCUM7B/WGqKVr8Gj2u+x875i8xBsMHQGA1UdIwRtMGuhXqRcMFoxCzAJBgNV +BAYTAktSMRMwEQYDVQQIEwpLeXVuZ0dpLURvMREwDwYDVQQHEwhTdXdvbi1TaTEW +MBQGA1UEChMNU2Ftc3VuZyBFbGVjLjELMAkGA1UEAxMCQ0GCCQDyW0BbwrfQZDAN +BgkqhkiG9w0BAQsFAAOCAgEAsT5Q/18ysglrUpgHWnh//hJvhyXUvJZFBzHgrlLR +ngTYBYTP4uWCAbVGzk5H1u+HfDfWZ5mrrU1w65j+MfH46aLFQE+mxHkVZNNk0j8F +tQgWiEYicoahju/fZyXXdL0BBLhwAA2dNtCeOkt+DT2ePc77R+59W7nBZStM7yaJ +7Ru8F0pjQbOZ58VN1TGv10s7N86Z2o9TIEAUlRQJYbqcwBtmfOfjTCjGSOhsAlU8 +RBjRKYh7/zDlvu6O2pX+BMLIoc6BRrm7sj2tr6njqMGP2FFI0cbpyMiUb3yw/JIE +0I8wMPGj0PjcqlIsH73zZ6yXbg0agsGiMJ7TlXRHtUnIc3rGcyAYepiPwT5fGgQz +m//gq574ypK86JS4zoeJdeZJvdV/H0S2SPwCT7Ul9P9TmF8PlVLSACpBhcuN9KGm +72istfqnlJHMZFwwQwGQhOuPZjuYTEJDPTFHKNpJ6+kUZ8WB9hOjw6XuxCgOUu7H +sub4w3ljEkXBBluUSPFMMsdpnW2zC8WYk/RLx2Q1IyJWx/rjDDs5z7TKz9IQl7OV +5PdT08teQ4LUfOWDpM9OC8gWNV6KK0eKbi+YAtTMnSiplf+rc98Bxv/fezMh4NuB +jVkR8POS98WMgy4iVd0feFz3o/zemY9GUP9127tYB/oBwWeMGMQ/L7dB9+xW5xpL +5Hg= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/caflag/aia_signer.der b/tests/cert-svc/data/caflag/aia_signer.der Binary files differnew file mode 100644 index 0000000..f4250e7 --- /dev/null +++ b/tests/cert-svc/data/caflag/aia_signer.der diff --git a/tests/cert-svc/data/caflag/invalidCert.der b/tests/cert-svc/data/caflag/invalidCert.der new file mode 100644 index 0000000..fd08360 --- /dev/null +++ b/tests/cert-svc/data/caflag/invalidCert.der @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICpzCCAhCgAwIBAgIBADANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJDUjEM +MAoGA1UECBMDU1RSMQswCQYDVQQKEwJPUjEMMAoGA1UECxMDT1VSMQwwCgYDVQQD +EwNDTlIxFTATBgkqhkiG9w0BCQEWBkVtYWlsUjAeFw0wNzEyMTkwNTE5MjBaFw0x +MDEyMTgwNTE5MjBaMFsxCzAJBgNVBAYTAkNSMQwwCgYDVQQIEwNTVFIxCzAJBgNV +BAoTAk9SMQwwCgYDVQQLEwNPVVIxDDAKBgNVBAMTA0NOUjEVMBMGCSqGSIb3DQEJ +ARYGRW1haWxSMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG2dhVCOuBD2i4 +mjWLU8vkQpRVylojbSzxvO3uynaOZAnhqLxu2F2ugR1NLJOlrgbjq13xCO4FjKZj +eb4kln5HJl7GLCNz8ns2+kAtwiVfpZnQ8U6Y/1BLiB7sLH+ONB4g6Rm9cgST1e6H +e/EJMkzU75+wkj94ORZ4TINDU4kU4QIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCG +SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E +FgQUX0cbXBYMGt9k4/HRapEA9XUlKk4wHwYDVR0jBBgwFoAUX0cbXBYMGt9k4/HR +apEA9XUlKk4wDQYJKoZIhvcNAQEFBQADgYEAXyKHjF6k0yNY/og30g1+SsNxYNqC +yzGEbCywXELFakhQ1qmx12VY6qkeo+khyuiRfp9cDx8sSQ2asypIYeO9ctRNmp4D +lC8YNI7BdY/g4Xq7uy4BKeng8Mv8VNAtdBaKreJqSk5RvQmepXRiTJgo2DzGlCU5 +3aU1rQ6vF96wFt4= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/caflag/noaia_signer.der b/tests/cert-svc/data/caflag/noaia_signer.der Binary files differnew file mode 100644 index 0000000..0f695e3 --- /dev/null +++ b/tests/cert-svc/data/caflag/noaia_signer.der diff --git a/tests/cert-svc/data/caflag/ocsp_signer.crt b/tests/cert-svc/data/caflag/ocsp_signer.crt new file mode 100644 index 0000000..23eb39e --- /dev/null +++ b/tests/cert-svc/data/caflag/ocsp_signer.crt @@ -0,0 +1,66 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 5 (0x5) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Second CA/emailAddress=tt@gmail.com + Validity + Not Before: Jun 18 08:11:46 2014 GMT + Not After : Jun 18 08:11:46 2015 GMT + Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test OCSP Response Signer, CN=OCSP Response Signer/emailAddress=tt@gmail.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:cb:b2:52:c6:6d:75:32:a3:41:e5:7a:3c:21:a0: + fd:e5:9d:d5:42:fe:3b:7d:e7:7d:8f:6d:b6:75:22: + 39:51:9f:ba:2b:f2:ff:aa:9b:bc:4e:11:cc:42:1f: + 84:04:4d:8f:fa:a1:86:e0:80:54:8b:84:6e:58:b9: + 5c:f2:e2:99:3f:d4:e5:cd:d0:27:a3:f9:23:52:d1: + d3:9d:59:ce:a3:db:2e:ce:6d:1d:6d:1b:a2:28:8c: + 52:c2:c1:57:30:41:0c:c1:b9:3a:66:75:e5:da:2a: + 41:cc:27:98:8b:03:f3:e6:a1:3e:ec:24:83:45:84: + 47:21:54:25:53:33:3b:6d:01 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Extended Key Usage: + OCSP Signing + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + BD:88:26:A9:60:B7:BB:51:73:06:06:4B:72:52:F6:44:50:3B:EE:90 + X509v3 Authority Key Identifier: + keyid:A9:49:F3:5B:13:45:76:34:79:FF:57:97:FA:EB:4B:F6:71:6C:18:80 + + Signature Algorithm: sha1WithRSAEncryption + 33:1f:11:ca:e8:01:2a:92:df:5c:07:98:f3:0c:5e:61:a8:6c: + 58:47:6e:24:d1:01:da:ea:7c:40:2d:e8:89:38:e4:5a:12:cd: + 3f:e0:24:bd:bb:79:f0:0f:8f:6f:72:21:d5:a2:18:89:24:f8: + 61:98:ed:66:59:64:4d:da:9b:6f:20:0b:6e:a4:7f:b0:0b:f1: + ae:70:3a:54:0b:06:53:58:a0:28:22:67:78:4b:88:97:43:8d: + 1c:58:d3:9b:77:49:6c:66:ed:46:01:e5:4f:6f:96:5a:e0:f8: + 90:8c:6b:7d:cc:c6:45:6c:60:cf:2e:b0:c7:85:fe:21:41:67: + e5:48 +-----BEGIN CERTIFICATE----- +MIIDJTCCAo6gAwIBAgIBBTANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJLUjEO +MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu +IFRlc3QxFzAVBgNVBAMMDlRlc3QgU2Vjb25kIENBMRswGQYJKoZIhvcNAQkBFgx0 +dEBnbWFpbC5jb20wHhcNMTQwNjE4MDgxMTQ2WhcNMTUwNjE4MDgxMTQ2WjCBlTEL +MAkGA1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMRAwDgYDVQQKDAdTYW1zdW5nMSgw +JgYDVQQLDB9UaXplbiBUZXN0IE9DU1AgUmVzcG9uc2UgU2lnbmVyMR0wGwYDVQQD +DBRPQ1NQIFJlc3BvbnNlIFNpZ25lcjEbMBkGCSqGSIb3DQEJARYMdHRAZ21haWwu +Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLslLGbXUyo0HlejwhoP3l +ndVC/jt9532PbbZ1IjlRn7or8v+qm7xOEcxCH4QETY/6oYbggFSLhG5YuVzy4pk/ +1OXN0Cej+SNS0dOdWc6j2y7ObR1tG6IojFLCwVcwQQzBuTpmdeXaKkHMJ5iLA/Pm +oT7sJINFhEchVCVTMzttAQIDAQABo4GeMIGbMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgXgMBMGA1UdJQQMMAoGCCsGAQUFBwMJMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM +IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUvYgmqWC3u1FzBgZLclL2 +RFA77pAwHwYDVR0jBBgwFoAUqUnzWxNFdjR5/1eX+utL9nFsGIAwDQYJKoZIhvcN +AQEFBQADgYEAMx8RyugBKpLfXAeY8wxeYahsWEduJNEB2up8QC3oiTjkWhLNP+Ak +vbt58A+Pb3Ih1aIYiST4YZjtZllkTdqbbyALbqR/sAvxrnA6VAsGU1igKCJneEuI +l0ONHFjTm3dJbGbtRgHlT2+WWuD4kIxrfczGRWxgzy6wx4X+IUFn5Ug= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/caflag/out.pem b/tests/cert-svc/data/caflag/out.pem new file mode 100644 index 0000000..42c6573 --- /dev/null +++ b/tests/cert-svc/data/caflag/out.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDXTCCAsagAwIBAgIBAjANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJLUjEO +MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu +IFRlc3QxFzAVBgNVBAMMDlRlc3QgU2Vjb25kIENBMRswGQYJKoZIhvcNAQkBFgx0 +dEBnbWFpbC5jb20wHhcNMTQwNjE4MDgxMTA0WhcNMTUwNjE4MDgxMTA0WjB7MQsw +CQYDVQQGEwJLUjEOMAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxFzAV +BgNVBAsMDlRpemVuIFRlc3QgQUlBMRQwEgYDVQQDDAtUZXN0IFNpZ25lcjEbMBkG +CSqGSIb3DQEJARYMdHRAZ21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCwgKw+/71jWXnx4bLLZrTPmE+NrDfHSfZx8yTGYeewMzP6ZlXM8WduxNiq +pqm7G2XN182GEXsdoxwa09HtMVGqSGA/BCamD1Z6liHOEb4UTB3ROJ1lZDDkyJ9a +gZOfoZst/Aj8+bwV3x3ie+p4a2w/8eSsalrfef2gX6khaSsJOwIDAQABo4HxMIHu +MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl +cnRpZmljYXRlMB0GA1UdDgQWBBRL0nKiNUjzh1/LPvZoqLvnVfOZqjAfBgNVHSME +GDAWgBSpSfNbE0V2NHn/V5f660v2cWwYgDBzBggrBgEFBQcBAQRnMGUwIQYIKwYB +BQUHMAGGFWh0dHA6Ly8xMjcuMC4wLjE6ODg4ODBABggrBgEFBQcwAoY0aHR0cDov +L1NWUlNlY3VyZS1HMy1haWEudmVyaXNpZ24uY29tL1NWUlNlY3VyZUczLmNlcjAN +BgkqhkiG9w0BAQUFAAOBgQABP+yru9/2auZ4ekjV03WRg5Vq/rqmOHDruMNVbZ4H +4PBLRLSpC//OGahgEgUKe89BcB10lUi55D5YME3Do89I+hFugv0BPGaA201iLOhL +/0u0aVm1yJxNt1YjW2fMKqnCHgjoHzh0wQC1pIb5vxJrYCn3Pbhml7W6JPDDJHfm +XQ== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/caflag/rev_signer.der b/tests/cert-svc/data/caflag/rev_signer.der Binary files differnew file mode 100644 index 0000000..5b5a621 --- /dev/null +++ b/tests/cert-svc/data/caflag/rev_signer.der diff --git a/tests/cert-svc/data/caflag/root_ca.der b/tests/cert-svc/data/caflag/root_ca.der Binary files differnew file mode 100644 index 0000000..11a8fae --- /dev/null +++ b/tests/cert-svc/data/caflag/root_ca.der diff --git a/tests/cert-svc/data/caflag/root_ca_v1.der b/tests/cert-svc/data/caflag/root_ca_v1.der Binary files differnew file mode 100644 index 0000000..b9ee8f6 --- /dev/null +++ b/tests/cert-svc/data/caflag/root_ca_v1.der diff --git a/tests/cert-svc/data/caflag/second_ca.der b/tests/cert-svc/data/caflag/second_ca.der Binary files differnew file mode 100644 index 0000000..67f4456 --- /dev/null +++ b/tests/cert-svc/data/caflag/second_ca.der diff --git a/tests/cert-svc/data/caflag/v1_signer.der b/tests/cert-svc/data/caflag/v1_signer.der Binary files differnew file mode 100644 index 0000000..01c6548 --- /dev/null +++ b/tests/cert-svc/data/caflag/v1_signer.der diff --git a/tests/cert-svc/data/cert_chain/00.pem b/tests/cert-svc/data/cert_chain/00.pem new file mode 100644 index 0000000..a80bbbc --- /dev/null +++ b/tests/cert-svc/data/cert_chain/00.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=AU, ST=Some-State, L=root, O=Internet Widgits Pty Ltd, OU=root, CN=root/emailAddress=root + Validity + Not Before: May 13 01:21:41 2011 GMT + Not After : May 12 01:21:41 2012 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain1, CN=chain1/emailAddress=chain1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:ae:6d:d3:18:3f:b2:63:ab:fb:72:ce:ff:9a:8b: + 07:4a:52:c5:99:0e:9e:5c:68:ce:82:67:07:7a:27: + 11:98:a7:fe:3a:68:3f:4e:4b:74:d4:a5:77:15:87: + 7e:9c:9f:10:82:2f:1c:e3:c0:c7:1e:8b:35:ab:3a: + f6:13:44:81:43:22:a7:fa:06:36:9c:55:53:7a:9d: + 18:9b:a0:f4:93:58:50:2c:cd:ab:ec:32:2f:fa:4f: + ff:6e:6a:68:75:15:76:e1:b1:e1:67:f9:13:0a:d0: + 9b:db:12:b9:fd:dd:51:19:e4:63:d0:d0:56:b5:6a: + 00:a5:03:68:e7:77:21:b0:f9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 01:d3:3c:dc:a0:62:14:99:b8:b1:99:cf:0c:4a:50:2b:f7:1e: + 56:f6:de:ce:80:b4:32:bb:0c:5c:45:b7:78:e5:27:ee:90:0c: + a0:db:ef:32:85:85:08:c6:4a:e6:22:7b:56:61:d5:b4:4e:a1: + 7e:ed:60:c2:bf:bc:51:89:9a:b1:73:c2:e0:bb:3d:4e:fa:6f: + 3e:32:b5:7f:b4:bc:0f:8a:ca:7d:f0:bf:da:b1:12:23:0e:cc: + 57:e5:58:7c:23:38:b1:d8:b2:13:d8:6a:0d:20:bd:e9:66:51: + 2d:e6:57:a1:33:17:69:6d:21:9f:18:37:23:6c:ca:0e:b0:c4: + 47:86 +-----BEGIN CERTIFICATE----- +MIICjDCCAfWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBhzELMAkGA1UEBhMCQVUx +EzARBgNVBAgTClNvbWUtU3RhdGUxDTALBgNVBAcTBHJvb3QxITAfBgNVBAoTGElu +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UECxMEcm9vdDENMAsGA1UEAxME +cm9vdDETMBEGCSqGSIb3DQEJARYEcm9vdDAeFw0xMTA1MTMwMTIxNDFaFw0xMjA1 +MTIwMTIxNDFaMH4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEw +HwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAsTBmNoYWlu +MTEPMA0GA1UEAxMGY2hhaW4xMRUwEwYJKoZIhvcNAQkBFgZjaGFpbjEwgZ8wDQYJ +KoZIhvcNAQEBBQADgY0AMIGJAoGBAK5t0xg/smOr+3LO/5qLB0pSxZkOnlxozoJn +B3onEZin/jpoP05LdNSldxWHfpyfEIIvHOPAxx6LNas69hNEgUMip/oGNpxVU3qd +GJug9JNYUCzNq+wyL/pP/25qaHUVduGx4Wf5EwrQm9sSuf3dURnkY9DQVrVqAKUD +aOd3IbD5AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA +AdM83KBiFJm4sZnPDEpQK/ceVvbezoC0MrsMXEW3eOUn7pAMoNvvMoWFCMZK5iJ7 +VmHVtE6hfu1gwr+8UYmasXPC4Ls9TvpvPjK1f7S8D4rKffC/2rESIw7MV+VYfCM4 +sdiyE9hqDSC96WZRLeZXoTMXaW0hnxg3I2zKDrDER4Y= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/cert_chain/01.pem b/tests/cert-svc/data/cert_chain/01.pem new file mode 100644 index 0000000..7b475e5 --- /dev/null +++ b/tests/cert-svc/data/cert_chain/01.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain1, CN=chain1/emailAddress=chain1 + Validity + Not Before: May 13 01:22:02 2011 GMT + Not After : May 12 01:22:02 2012 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain2, CN=chain2/emailAddress=chain2 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c4:20:c7:96:1e:c5:33:47:ac:e5:ad:2b:0b:63: + ce:e4:44:33:e3:7f:16:ae:f0:d8:7c:b0:96:01:69: + 38:63:4f:62:7d:97:d6:31:c9:0d:10:24:f5:17:40: + 13:f0:1a:70:70:5e:3f:05:4d:d9:67:52:ed:41:83: + b7:d2:bb:bf:3d:29:98:07:a3:64:1e:2f:1e:13:8c: + 7a:c1:62:33:66:33:3e:d4:26:5a:59:99:05:8e:67: + c7:68:cd:f2:8d:6f:fb:8c:07:63:ab:50:68:03:88: + ae:0a:5c:9b:b6:9b:c1:18:7b:ef:cd:c9:f0:5e:44: + ab:56:d6:df:48:41:d3:21:51 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 53:5a:c3:bb:48:87:d0:a2:7d:20:68:02:7c:be:18:93:b6:3d: + 83:e4:10:1a:a7:4d:37:24:3e:6c:41:bd:8f:1d:3b:89:08:5a: + e3:ba:81:9b:e8:fc:0e:fc:3d:0a:70:f2:11:69:59:de:ba:45: + b4:97:b8:d2:e0:5a:d1:a4:75:bc:68:d5:5f:71:36:78:32:ae: + d3:31:26:80:f3:f3:a8:54:33:f7:be:a3:0c:2d:d9:9b:b8:33: + 03:be:54:7b:f5:c4:cf:62:9b:25:0c:79:76:12:10:b6:84:1e: + f1:ff:7c:fe:0a:ac:46:85:26:52:d5:6f:cc:e5:89:e7:ca:8d: + 71:69 +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjExDzANBgNVBAMTBmNoYWluMTEVMBMGCSqG +SIb3DQEJARYGY2hhaW4xMB4XDTExMDUxMzAxMjIwMloXDTEyMDUxMjAxMjIwMlow +fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGY2hhaW4yMQ8wDQYDVQQD +EwZjaGFpbjIxFTATBgkqhkiG9w0BCQEWBmNoYWluMjCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAxCDHlh7FM0es5a0rC2PO5EQz438WrvDYfLCWAWk4Y09ifZfW +MckNECT1F0AT8BpwcF4/BU3ZZ1LtQYO30ru/PSmYB6NkHi8eE4x6wWIzZjM+1CZa +WZkFjmfHaM3yjW/7jAdjq1BoA4iuClybtpvBGHvvzcnwXkSrVtbfSEHTIVECAwEA +AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBTWsO7SIfQon0g +aAJ8vhiTtj2D5BAap003JD5sQb2PHTuJCFrjuoGb6PwO/D0KcPIRaVneukW0l7jS +4FrRpHW8aNVfcTZ4Mq7TMSaA8/OoVDP3vqMMLdmbuDMDvlR79cTPYpslDHl2EhC2 +hB7x/3z+CqxGhSZS1W/M5Ynnyo1xaQ== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/cert_chain/02.pem b/tests/cert-svc/data/cert_chain/02.pem new file mode 100644 index 0000000..0c15ecd --- /dev/null +++ b/tests/cert-svc/data/cert_chain/02.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain2, CN=chain2/emailAddress=chain2 + Validity + Not Before: May 13 01:22:13 2011 GMT + Not After : May 12 01:22:13 2012 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain3, CN=chain3/emailAddress=chain3 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:a2:52:3c:b7:64:b4:05:92:cd:b2:58:0c:81:5c: + b4:bd:a4:10:99:17:1a:35:f2:de:f8:86:db:e9:24: + a3:01:b1:d6:03:a9:f8:2b:d1:cd:f7:7b:9a:c0:a0: + a9:8d:6d:34:94:7c:2c:4c:5c:c0:26:db:46:13:a3: + c2:c4:2d:eb:ac:cb:5b:64:09:2c:23:eb:b5:8c:80: + 12:d6:cd:7b:fa:5f:d9:7a:17:b6:fc:d5:65:fa:d4: + 94:d9:9a:cf:b5:9e:87:99:f7:3e:32:6c:0d:5c:1f: + 09:77:a1:4b:ae:c1:47:27:60:a2:7e:f5:94:66:5f: + 7b:ea:e1:a9:b1:24:5a:40:03 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 80:03:04:99:b2:ea:8c:d8:0a:76:e5:08:fc:2d:72:f9:d5:90: + 8e:ce:3b:c0:ac:d0:57:d1:44:d2:84:cf:83:82:05:70:46:d9: + e8:07:cf:90:e4:cb:4c:7a:a0:98:d9:e3:be:86:23:71:a2:64: + 36:df:43:54:1d:03:cf:85:5f:e6:43:cc:d3:ca:da:a2:31:2b: + dd:5a:da:d9:26:38:29:9e:89:04:cc:f9:55:a5:35:77:77:57: + ab:58:aa:d2:19:39:ad:6b:d2:3f:d9:e0:d7:58:ea:41:79:2a: + f2:50:ec:3f:89:0a:aa:ec:d6:eb:20:af:5e:52:ff:4d:39:34: + 9c:99 +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgIBAjANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjIxDzANBgNVBAMTBmNoYWluMjEVMBMGCSqG +SIb3DQEJARYGY2hhaW4yMB4XDTExMDUxMzAxMjIxM1oXDTEyMDUxMjAxMjIxM1ow +fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGY2hhaW4zMQ8wDQYDVQQD +EwZjaGFpbjMxFTATBgkqhkiG9w0BCQEWBmNoYWluMzCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAolI8t2S0BZLNslgMgVy0vaQQmRcaNfLe+Ibb6SSjAbHWA6n4 +K9HN93uawKCpjW00lHwsTFzAJttGE6PCxC3rrMtbZAksI+u1jIAS1s17+l/Zehe2 +/NVl+tSU2ZrPtZ6Hmfc+MmwNXB8Jd6FLrsFHJ2CifvWUZl976uGpsSRaQAMCAwEA +AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCAAwSZsuqM2Ap2 +5Qj8LXL51ZCOzjvArNBX0UTShM+DggVwRtnoB8+Q5MtMeqCY2eO+hiNxomQ230NU +HQPPhV/mQ8zTytqiMSvdWtrZJjgpnokEzPlVpTV3d1erWKrSGTmta9I/2eDXWOpB +eSryUOw/iQqq7NbrIK9eUv9NOTScmQ== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/cert_chain/03.pem b/tests/cert-svc/data/cert_chain/03.pem new file mode 100644 index 0000000..66a0c30 --- /dev/null +++ b/tests/cert-svc/data/cert_chain/03.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain3, CN=chain3/emailAddress=chain3 + Validity + Not Before: May 13 01:22:24 2011 GMT + Not After : May 12 01:22:24 2012 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain4, CN=chain4/emailAddress=chain4 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b5:4a:07:d9:39:8b:6d:46:b2:91:b7:d0:20:e5: + 5e:41:8e:59:9c:78:8e:b1:54:8a:2e:fb:6a:f1:51: + 1c:90:78:3a:b6:98:ae:eb:1b:86:94:36:1c:10:d1: + ab:47:e2:87:96:cb:e9:70:db:5e:29:2f:24:e6:c4: + a1:de:08:33:81:66:5b:53:8b:54:90:d8:75:7b:ec: + c4:62:61:eb:06:5e:0f:e7:a4:8e:3b:53:50:8e:31: + f2:42:df:4e:e3:38:8b:46:d5:47:ae:81:3e:31:9e: + 70:42:b6:08:b7:c0:ed:a7:3f:b9:72:5b:1b:21:4e: + 0c:77:21:46:92:a0:a5:4e:a5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 14:49:d0:40:34:42:87:e5:c3:13:4b:42:41:e7:7f:cf:85:66: + d8:80:62:4f:5a:d6:38:44:25:67:cb:14:bf:3c:6e:ab:97:9f: + e8:e7:2f:eb:79:ef:97:d2:81:57:e1:a0:e6:10:34:d1:98:4d: + 78:45:9f:98:dd:80:33:b8:64:17:de:3b:f4:e8:99:01:d3:a1: + 56:96:dc:79:5b:75:5a:d1:63:df:4e:9b:4d:6a:65:0d:f4:6d: + 20:ca:51:c0:db:52:7f:4c:b9:32:d5:be:a9:05:ae:b3:19:23: + 5d:38:33:3e:48:66:eb:fb:af:8c:8a:f1:11:61:9d:36:f3:06: + 3e:95 +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgIBAzANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjMxDzANBgNVBAMTBmNoYWluMzEVMBMGCSqG +SIb3DQEJARYGY2hhaW4zMB4XDTExMDUxMzAxMjIyNFoXDTEyMDUxMjAxMjIyNFow +fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGY2hhaW40MQ8wDQYDVQQD +EwZjaGFpbjQxFTATBgkqhkiG9w0BCQEWBmNoYWluNDCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAtUoH2TmLbUaykbfQIOVeQY5ZnHiOsVSKLvtq8VEckHg6tpiu +6xuGlDYcENGrR+KHlsvpcNteKS8k5sSh3ggzgWZbU4tUkNh1e+zEYmHrBl4P56SO +O1NQjjHyQt9O4ziLRtVHroE+MZ5wQrYIt8Dtpz+5clsbIU4MdyFGkqClTqUCAwEA +AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAUSdBANEKH5cMT +S0JB53/PhWbYgGJPWtY4RCVnyxS/PG6rl5/o5y/ree+X0oFX4aDmEDTRmE14RZ+Y +3YAzuGQX3jv06JkB06FWltx5W3Va0WPfTptNamUN9G0gylHA21J/TLky1b6pBa6z +GSNdODM+SGbr+6+MivERYZ028wY+lQ== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/cert_chain/04.pem b/tests/cert-svc/data/cert_chain/04.pem new file mode 100644 index 0000000..88f48eb --- /dev/null +++ b/tests/cert-svc/data/cert_chain/04.pem @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain4, CN=chain4/emailAddress=chain4 + Validity + Not Before: May 13 01:22:35 2011 GMT + Not After : May 12 01:22:35 2012 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain5, CN=chain5/emailAddress=chain5 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:f1:32:40:b3:f9:95:60:3a:29:3c:1c:cc:a4:f5: + e5:08:19:dd:32:95:a2:62:cf:35:74:c2:85:1b:99: + c9:3e:3a:90:d2:b5:9a:be:9a:cf:e9:77:13:26:4c: + d2:78:06:3d:19:9b:d7:38:05:66:ca:d2:36:e7:a2: + ce:bc:81:aa:31:23:c8:5d:a7:7c:41:25:44:79:99: + ac:10:34:16:10:b8:29:a1:5d:96:f8:47:7f:d1:5c: + 68:b2:85:8a:99:28:65:00:94:d9:e6:df:1c:37:59: + db:88:87:5f:b3:e5:a9:88:86:86:30:71:f0:22:24: + 57:3a:5b:58:04:db:c3:94:0f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 26:7c:b5:24:c8:8b:49:4b:d1:d6:76:16:db:75:cb:c4:a8:34: + 92:30:e6:e9:8b:7d:70:b7:24:d9:42:e2:b3:16:83:1e:48:1f: + a2:b5:02:e0:74:3c:f5:bd:b3:03:59:6a:3e:68:6b:bf:3d:38: + d6:86:fd:ef:ae:3d:2e:55:8a:67:42:02:fa:2c:ef:4e:81:aa: + 06:0a:95:80:90:dc:39:af:7e:b1:0d:c8:78:b1:17:59:49:40: + 5d:b0:d2:86:03:1c:3a:a4:f6:26:b1:23:b2:89:a7:22:f5:02: + c7:9e:61:82:ee:c0:3d:a6:cc:bf:de:eb:d3:6e:73:ed:a5:85: + a5:b6 +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgIBBDANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjQxDzANBgNVBAMTBmNoYWluNDEVMBMGCSqG +SIb3DQEJARYGY2hhaW40MB4XDTExMDUxMzAxMjIzNVoXDTEyMDUxMjAxMjIzNVow +fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGY2hhaW41MQ8wDQYDVQQD +EwZjaGFpbjUxFTATBgkqhkiG9w0BCQEWBmNoYWluNTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEA8TJAs/mVYDopPBzMpPXlCBndMpWiYs81dMKFG5nJPjqQ0rWa +vprP6XcTJkzSeAY9GZvXOAVmytI256LOvIGqMSPIXad8QSVEeZmsEDQWELgpoV2W ++Ed/0VxosoWKmShlAJTZ5t8cN1nbiIdfs+WpiIaGMHHwIiRXOltYBNvDlA8CAwEA +AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAmfLUkyItJS9HW +dhbbdcvEqDSSMObpi31wtyTZQuKzFoMeSB+itQLgdDz1vbMDWWo+aGu/PTjWhv3v +rj0uVYpnQgL6LO9OgaoGCpWAkNw5r36xDch4sRdZSUBdsNKGAxw6pPYmsSOyiaci +9QLHnmGC7sA9psy/3uvTbnPtpYWltg== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/cert_chain/05.pem b/tests/cert-svc/data/cert_chain/05.pem new file mode 100644 index 0000000..17d3a68 --- /dev/null +++ b/tests/cert-svc/data/cert_chain/05.pem @@ -0,0 +1,65 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 5 (0x5) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain5, CN=chain5/emailAddress=chain5 + Validity + Not Before: May 13 01:23:13 2011 GMT + Not After : May 12 01:23:13 2012 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=server, CN=server/emailAddress=server + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:d9:75:ea:49:42:39:98:26:0f:61:30:bd:f3:70: + 17:bd:ca:5b:1b:a1:31:68:9d:63:7e:a6:c5:1e:2e: + 1f:13:63:6b:ef:b0:23:b7:21:b6:1e:f7:65:f1:01: + e7:1c:4a:c8:d1:15:20:e9:d4:cb:9d:b2:4c:57:b4: + a8:4b:0e:e3:5b:54:16:10:51:3b:3f:af:51:e9:e3: + d0:7d:1e:a3:30:59:dd:8e:8c:b5:69:02:5d:a3:5e: + 37:02:22:05:e2:6d:04:b8:fb:2b:33:d5:59:c9:e3: + 9e:74:59:65:b2:7f:03:e5:0c:dd:93:62:1a:55:94: + 4d:5c:e1:bd:cc:99:19:04:61 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 2E:EE:9A:24:CA:AA:22:7C:B3:7F:13:56:FC:A8:FC:06:0F:FB:63:7D + X509v3 Authority Key Identifier: + DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain4/CN=chain4/emailAddress=chain4 + serial:04 + + Signature Algorithm: sha1WithRSAEncryption + d6:e7:97:51:80:37:cc:cf:b5:96:47:cc:4b:ca:62:f4:d1:43: + a1:d2:8b:9a:21:50:99:04:9f:c0:00:f1:0c:71:18:82:88:63: + 9e:86:6c:a1:2c:25:0e:c1:30:32:db:02:5b:47:ae:8d:5e:ba: + 0f:3d:16:84:39:c6:30:91:8d:b9:23:1b:a9:58:52:9c:49:81: + c9:87:e3:34:1d:dc:a0:dd:81:0b:1e:f6:d7:a7:2e:bd:dc:1c: + 7b:d7:5c:0f:ec:da:09:81:45:36:63:76:e8:31:ba:cd:26:dc: + 7a:80:18:c4:3e:be:14:14:07:dc:4b:1a:b5:c4:2c:38:10:f6: + 13:84 +-----BEGIN CERTIFICATE----- +MIIDZTCCAs6gAwIBAgIBBTANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjUxDzANBgNVBAMTBmNoYWluNTEVMBMGCSqG +SIb3DQEJARYGY2hhaW41MB4XDTExMDUxMzAxMjMxM1oXDTEyMDUxMjAxMjMxM1ow +fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGc2VydmVyMQ8wDQYDVQQD +EwZzZXJ2ZXIxFTATBgkqhkiG9w0BCQEWBnNlcnZlcjCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEA2XXqSUI5mCYPYTC983AXvcpbG6ExaJ1jfqbFHi4fE2Nr77Aj +tyG2Hvdl8QHnHErI0RUg6dTLnbJMV7SoSw7jW1QWEFE7P69R6ePQfR6jMFndjoy1 +aQJdo143AiIF4m0EuPsrM9VZyeOedFllsn8D5Qzdk2IaVZRNXOG9zJkZBGECAwEA +AaOB8jCB7zAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy +YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQULu6aJMqqInyzfxNW/Kj8Bg/7Y30w +gZQGA1UdIwSBjDCBiaGBg6SBgDB+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t +ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ8wDQYD +VQQLEwZjaGFpbjQxDzANBgNVBAMTBmNoYWluNDEVMBMGCSqGSIb3DQEJARYGY2hh +aW40ggEEMA0GCSqGSIb3DQEBBQUAA4GBANbnl1GAN8zPtZZHzEvKYvTRQ6HSi5oh +UJkEn8AA8QxxGIKIY56GbKEsJQ7BMDLbAltHro1eug89FoQ5xjCRjbkjG6lYUpxJ +gcmH4zQd3KDdgQse9tenLr3cHHvXXA/s2gmBRTZjdugxus0m3HqAGMQ+vhQUB9xL +GrXELDgQ9hOE +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/cert_chain/ca.crt b/tests/cert-svc/data/cert_chain/ca.crt new file mode 100644 index 0000000..e5071c2 --- /dev/null +++ b/tests/cert-svc/data/cert_chain/ca.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDfjCCAuegAwIBAgIJAJpBROaNArZVMA0GCSqGSIb3DQEBBQUAMIGHMQswCQYD +VQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTENMAsGA1UEBxMEcm9vdDEhMB8G +A1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ0wCwYDVQQLEwRyb290MQ0w +CwYDVQQDEwRyb290MRMwEQYJKoZIhvcNAQkBFgRyb290MB4XDTExMDUxMjA1NDE1 +NFoXDTEyMDUxMTA1NDE1NFowgYcxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21l +LVN0YXRlMQ0wCwYDVQQHEwRyb290MSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRz +IFB0eSBMdGQxDTALBgNVBAsTBHJvb3QxDTALBgNVBAMTBHJvb3QxEzARBgkqhkiG +9w0BCQEWBHJvb3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANDZOXVYvgdH +kSZMQi259Uscs8ny6MkvH9VYoK7sKtTKnk0IDjge/srEfOs3mqtNDDL4SI3tS9wH +6AsRn/ixuPF1tmFoFmnP66Mk0+XaB0DxppSmtUqYdKdXIplRTmOzS+pcMi9aL3G8 +uhb2mxZp9gOUt0WXToHpGWpVMg5/G6ptAgMBAAGjge8wgewwHQYDVR0OBBYEFJUV +1626bZK5TUMrRw6PcabInryvMIG8BgNVHSMEgbQwgbGAFJUV1626bZK5TUMrRw6P +cabInryvoYGNpIGKMIGHMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0 +ZTENMAsGA1UEBxMEcm9vdDEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkg +THRkMQ0wCwYDVQQLEwRyb290MQ0wCwYDVQQDEwRyb290MRMwEQYJKoZIhvcNAQkB +FgRyb290ggkAmkFE5o0CtlUwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOB +gQA/yOsY9OTiNklnJablnVur+G/BIqxdOryUojlxQw/yagS2pnvvC2nxPcPBdaao +qvISRWhGIsuhKPUQg4J+OBk6KMHKB79aJljjvjty4ApN7xyFpJQljD+4UFW+U+Yf +kD1tq5SG8hg00YyklFq8mzBiPV97gfseGm4KzwK6RK0EHQ== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/cert_chain/chain1.crt b/tests/cert-svc/data/cert_chain/chain1.crt new file mode 100644 index 0000000..a80bbbc --- /dev/null +++ b/tests/cert-svc/data/cert_chain/chain1.crt @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=AU, ST=Some-State, L=root, O=Internet Widgits Pty Ltd, OU=root, CN=root/emailAddress=root + Validity + Not Before: May 13 01:21:41 2011 GMT + Not After : May 12 01:21:41 2012 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain1, CN=chain1/emailAddress=chain1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:ae:6d:d3:18:3f:b2:63:ab:fb:72:ce:ff:9a:8b: + 07:4a:52:c5:99:0e:9e:5c:68:ce:82:67:07:7a:27: + 11:98:a7:fe:3a:68:3f:4e:4b:74:d4:a5:77:15:87: + 7e:9c:9f:10:82:2f:1c:e3:c0:c7:1e:8b:35:ab:3a: + f6:13:44:81:43:22:a7:fa:06:36:9c:55:53:7a:9d: + 18:9b:a0:f4:93:58:50:2c:cd:ab:ec:32:2f:fa:4f: + ff:6e:6a:68:75:15:76:e1:b1:e1:67:f9:13:0a:d0: + 9b:db:12:b9:fd:dd:51:19:e4:63:d0:d0:56:b5:6a: + 00:a5:03:68:e7:77:21:b0:f9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 01:d3:3c:dc:a0:62:14:99:b8:b1:99:cf:0c:4a:50:2b:f7:1e: + 56:f6:de:ce:80:b4:32:bb:0c:5c:45:b7:78:e5:27:ee:90:0c: + a0:db:ef:32:85:85:08:c6:4a:e6:22:7b:56:61:d5:b4:4e:a1: + 7e:ed:60:c2:bf:bc:51:89:9a:b1:73:c2:e0:bb:3d:4e:fa:6f: + 3e:32:b5:7f:b4:bc:0f:8a:ca:7d:f0:bf:da:b1:12:23:0e:cc: + 57:e5:58:7c:23:38:b1:d8:b2:13:d8:6a:0d:20:bd:e9:66:51: + 2d:e6:57:a1:33:17:69:6d:21:9f:18:37:23:6c:ca:0e:b0:c4: + 47:86 +-----BEGIN CERTIFICATE----- +MIICjDCCAfWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBhzELMAkGA1UEBhMCQVUx +EzARBgNVBAgTClNvbWUtU3RhdGUxDTALBgNVBAcTBHJvb3QxITAfBgNVBAoTGElu +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UECxMEcm9vdDENMAsGA1UEAxME +cm9vdDETMBEGCSqGSIb3DQEJARYEcm9vdDAeFw0xMTA1MTMwMTIxNDFaFw0xMjA1 +MTIwMTIxNDFaMH4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEw +HwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAsTBmNoYWlu +MTEPMA0GA1UEAxMGY2hhaW4xMRUwEwYJKoZIhvcNAQkBFgZjaGFpbjEwgZ8wDQYJ +KoZIhvcNAQEBBQADgY0AMIGJAoGBAK5t0xg/smOr+3LO/5qLB0pSxZkOnlxozoJn +B3onEZin/jpoP05LdNSldxWHfpyfEIIvHOPAxx6LNas69hNEgUMip/oGNpxVU3qd +GJug9JNYUCzNq+wyL/pP/25qaHUVduGx4Wf5EwrQm9sSuf3dURnkY9DQVrVqAKUD +aOd3IbD5AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA +AdM83KBiFJm4sZnPDEpQK/ceVvbezoC0MrsMXEW3eOUn7pAMoNvvMoWFCMZK5iJ7 +VmHVtE6hfu1gwr+8UYmasXPC4Ls9TvpvPjK1f7S8D4rKffC/2rESIw7MV+VYfCM4 +sdiyE9hqDSC96WZRLeZXoTMXaW0hnxg3I2zKDrDER4Y= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/cert_chain/chain2.crt b/tests/cert-svc/data/cert_chain/chain2.crt new file mode 100644 index 0000000..7b475e5 --- /dev/null +++ b/tests/cert-svc/data/cert_chain/chain2.crt @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain1, CN=chain1/emailAddress=chain1 + Validity + Not Before: May 13 01:22:02 2011 GMT + Not After : May 12 01:22:02 2012 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain2, CN=chain2/emailAddress=chain2 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c4:20:c7:96:1e:c5:33:47:ac:e5:ad:2b:0b:63: + ce:e4:44:33:e3:7f:16:ae:f0:d8:7c:b0:96:01:69: + 38:63:4f:62:7d:97:d6:31:c9:0d:10:24:f5:17:40: + 13:f0:1a:70:70:5e:3f:05:4d:d9:67:52:ed:41:83: + b7:d2:bb:bf:3d:29:98:07:a3:64:1e:2f:1e:13:8c: + 7a:c1:62:33:66:33:3e:d4:26:5a:59:99:05:8e:67: + c7:68:cd:f2:8d:6f:fb:8c:07:63:ab:50:68:03:88: + ae:0a:5c:9b:b6:9b:c1:18:7b:ef:cd:c9:f0:5e:44: + ab:56:d6:df:48:41:d3:21:51 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 53:5a:c3:bb:48:87:d0:a2:7d:20:68:02:7c:be:18:93:b6:3d: + 83:e4:10:1a:a7:4d:37:24:3e:6c:41:bd:8f:1d:3b:89:08:5a: + e3:ba:81:9b:e8:fc:0e:fc:3d:0a:70:f2:11:69:59:de:ba:45: + b4:97:b8:d2:e0:5a:d1:a4:75:bc:68:d5:5f:71:36:78:32:ae: + d3:31:26:80:f3:f3:a8:54:33:f7:be:a3:0c:2d:d9:9b:b8:33: + 03:be:54:7b:f5:c4:cf:62:9b:25:0c:79:76:12:10:b6:84:1e: + f1:ff:7c:fe:0a:ac:46:85:26:52:d5:6f:cc:e5:89:e7:ca:8d: + 71:69 +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjExDzANBgNVBAMTBmNoYWluMTEVMBMGCSqG +SIb3DQEJARYGY2hhaW4xMB4XDTExMDUxMzAxMjIwMloXDTEyMDUxMjAxMjIwMlow +fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGY2hhaW4yMQ8wDQYDVQQD +EwZjaGFpbjIxFTATBgkqhkiG9w0BCQEWBmNoYWluMjCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAxCDHlh7FM0es5a0rC2PO5EQz438WrvDYfLCWAWk4Y09ifZfW +MckNECT1F0AT8BpwcF4/BU3ZZ1LtQYO30ru/PSmYB6NkHi8eE4x6wWIzZjM+1CZa +WZkFjmfHaM3yjW/7jAdjq1BoA4iuClybtpvBGHvvzcnwXkSrVtbfSEHTIVECAwEA +AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBTWsO7SIfQon0g +aAJ8vhiTtj2D5BAap003JD5sQb2PHTuJCFrjuoGb6PwO/D0KcPIRaVneukW0l7jS +4FrRpHW8aNVfcTZ4Mq7TMSaA8/OoVDP3vqMMLdmbuDMDvlR79cTPYpslDHl2EhC2 +hB7x/3z+CqxGhSZS1W/M5Ynnyo1xaQ== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/cert_chain/chain3.crt b/tests/cert-svc/data/cert_chain/chain3.crt new file mode 100644 index 0000000..0c15ecd --- /dev/null +++ b/tests/cert-svc/data/cert_chain/chain3.crt @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain2, CN=chain2/emailAddress=chain2 + Validity + Not Before: May 13 01:22:13 2011 GMT + Not After : May 12 01:22:13 2012 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain3, CN=chain3/emailAddress=chain3 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:a2:52:3c:b7:64:b4:05:92:cd:b2:58:0c:81:5c: + b4:bd:a4:10:99:17:1a:35:f2:de:f8:86:db:e9:24: + a3:01:b1:d6:03:a9:f8:2b:d1:cd:f7:7b:9a:c0:a0: + a9:8d:6d:34:94:7c:2c:4c:5c:c0:26:db:46:13:a3: + c2:c4:2d:eb:ac:cb:5b:64:09:2c:23:eb:b5:8c:80: + 12:d6:cd:7b:fa:5f:d9:7a:17:b6:fc:d5:65:fa:d4: + 94:d9:9a:cf:b5:9e:87:99:f7:3e:32:6c:0d:5c:1f: + 09:77:a1:4b:ae:c1:47:27:60:a2:7e:f5:94:66:5f: + 7b:ea:e1:a9:b1:24:5a:40:03 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 80:03:04:99:b2:ea:8c:d8:0a:76:e5:08:fc:2d:72:f9:d5:90: + 8e:ce:3b:c0:ac:d0:57:d1:44:d2:84:cf:83:82:05:70:46:d9: + e8:07:cf:90:e4:cb:4c:7a:a0:98:d9:e3:be:86:23:71:a2:64: + 36:df:43:54:1d:03:cf:85:5f:e6:43:cc:d3:ca:da:a2:31:2b: + dd:5a:da:d9:26:38:29:9e:89:04:cc:f9:55:a5:35:77:77:57: + ab:58:aa:d2:19:39:ad:6b:d2:3f:d9:e0:d7:58:ea:41:79:2a: + f2:50:ec:3f:89:0a:aa:ec:d6:eb:20:af:5e:52:ff:4d:39:34: + 9c:99 +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgIBAjANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjIxDzANBgNVBAMTBmNoYWluMjEVMBMGCSqG +SIb3DQEJARYGY2hhaW4yMB4XDTExMDUxMzAxMjIxM1oXDTEyMDUxMjAxMjIxM1ow +fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGY2hhaW4zMQ8wDQYDVQQD +EwZjaGFpbjMxFTATBgkqhkiG9w0BCQEWBmNoYWluMzCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAolI8t2S0BZLNslgMgVy0vaQQmRcaNfLe+Ibb6SSjAbHWA6n4 +K9HN93uawKCpjW00lHwsTFzAJttGE6PCxC3rrMtbZAksI+u1jIAS1s17+l/Zehe2 +/NVl+tSU2ZrPtZ6Hmfc+MmwNXB8Jd6FLrsFHJ2CifvWUZl976uGpsSRaQAMCAwEA +AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCAAwSZsuqM2Ap2 +5Qj8LXL51ZCOzjvArNBX0UTShM+DggVwRtnoB8+Q5MtMeqCY2eO+hiNxomQ230NU +HQPPhV/mQ8zTytqiMSvdWtrZJjgpnokEzPlVpTV3d1erWKrSGTmta9I/2eDXWOpB +eSryUOw/iQqq7NbrIK9eUv9NOTScmQ== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/cert_chain/chain4.crt b/tests/cert-svc/data/cert_chain/chain4.crt new file mode 100644 index 0000000..66a0c30 --- /dev/null +++ b/tests/cert-svc/data/cert_chain/chain4.crt @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain3, CN=chain3/emailAddress=chain3 + Validity + Not Before: May 13 01:22:24 2011 GMT + Not After : May 12 01:22:24 2012 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain4, CN=chain4/emailAddress=chain4 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b5:4a:07:d9:39:8b:6d:46:b2:91:b7:d0:20:e5: + 5e:41:8e:59:9c:78:8e:b1:54:8a:2e:fb:6a:f1:51: + 1c:90:78:3a:b6:98:ae:eb:1b:86:94:36:1c:10:d1: + ab:47:e2:87:96:cb:e9:70:db:5e:29:2f:24:e6:c4: + a1:de:08:33:81:66:5b:53:8b:54:90:d8:75:7b:ec: + c4:62:61:eb:06:5e:0f:e7:a4:8e:3b:53:50:8e:31: + f2:42:df:4e:e3:38:8b:46:d5:47:ae:81:3e:31:9e: + 70:42:b6:08:b7:c0:ed:a7:3f:b9:72:5b:1b:21:4e: + 0c:77:21:46:92:a0:a5:4e:a5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 14:49:d0:40:34:42:87:e5:c3:13:4b:42:41:e7:7f:cf:85:66: + d8:80:62:4f:5a:d6:38:44:25:67:cb:14:bf:3c:6e:ab:97:9f: + e8:e7:2f:eb:79:ef:97:d2:81:57:e1:a0:e6:10:34:d1:98:4d: + 78:45:9f:98:dd:80:33:b8:64:17:de:3b:f4:e8:99:01:d3:a1: + 56:96:dc:79:5b:75:5a:d1:63:df:4e:9b:4d:6a:65:0d:f4:6d: + 20:ca:51:c0:db:52:7f:4c:b9:32:d5:be:a9:05:ae:b3:19:23: + 5d:38:33:3e:48:66:eb:fb:af:8c:8a:f1:11:61:9d:36:f3:06: + 3e:95 +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgIBAzANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjMxDzANBgNVBAMTBmNoYWluMzEVMBMGCSqG +SIb3DQEJARYGY2hhaW4zMB4XDTExMDUxMzAxMjIyNFoXDTEyMDUxMjAxMjIyNFow +fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGY2hhaW40MQ8wDQYDVQQD +EwZjaGFpbjQxFTATBgkqhkiG9w0BCQEWBmNoYWluNDCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAtUoH2TmLbUaykbfQIOVeQY5ZnHiOsVSKLvtq8VEckHg6tpiu +6xuGlDYcENGrR+KHlsvpcNteKS8k5sSh3ggzgWZbU4tUkNh1e+zEYmHrBl4P56SO +O1NQjjHyQt9O4ziLRtVHroE+MZ5wQrYIt8Dtpz+5clsbIU4MdyFGkqClTqUCAwEA +AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAUSdBANEKH5cMT +S0JB53/PhWbYgGJPWtY4RCVnyxS/PG6rl5/o5y/ree+X0oFX4aDmEDTRmE14RZ+Y +3YAzuGQX3jv06JkB06FWltx5W3Va0WPfTptNamUN9G0gylHA21J/TLky1b6pBa6z +GSNdODM+SGbr+6+MivERYZ028wY+lQ== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/cert_chain/chain5.crt b/tests/cert-svc/data/cert_chain/chain5.crt new file mode 100644 index 0000000..88f48eb --- /dev/null +++ b/tests/cert-svc/data/cert_chain/chain5.crt @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain4, CN=chain4/emailAddress=chain4 + Validity + Not Before: May 13 01:22:35 2011 GMT + Not After : May 12 01:22:35 2012 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain5, CN=chain5/emailAddress=chain5 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:f1:32:40:b3:f9:95:60:3a:29:3c:1c:cc:a4:f5: + e5:08:19:dd:32:95:a2:62:cf:35:74:c2:85:1b:99: + c9:3e:3a:90:d2:b5:9a:be:9a:cf:e9:77:13:26:4c: + d2:78:06:3d:19:9b:d7:38:05:66:ca:d2:36:e7:a2: + ce:bc:81:aa:31:23:c8:5d:a7:7c:41:25:44:79:99: + ac:10:34:16:10:b8:29:a1:5d:96:f8:47:7f:d1:5c: + 68:b2:85:8a:99:28:65:00:94:d9:e6:df:1c:37:59: + db:88:87:5f:b3:e5:a9:88:86:86:30:71:f0:22:24: + 57:3a:5b:58:04:db:c3:94:0f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 26:7c:b5:24:c8:8b:49:4b:d1:d6:76:16:db:75:cb:c4:a8:34: + 92:30:e6:e9:8b:7d:70:b7:24:d9:42:e2:b3:16:83:1e:48:1f: + a2:b5:02:e0:74:3c:f5:bd:b3:03:59:6a:3e:68:6b:bf:3d:38: + d6:86:fd:ef:ae:3d:2e:55:8a:67:42:02:fa:2c:ef:4e:81:aa: + 06:0a:95:80:90:dc:39:af:7e:b1:0d:c8:78:b1:17:59:49:40: + 5d:b0:d2:86:03:1c:3a:a4:f6:26:b1:23:b2:89:a7:22:f5:02: + c7:9e:61:82:ee:c0:3d:a6:cc:bf:de:eb:d3:6e:73:ed:a5:85: + a5:b6 +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgIBBDANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjQxDzANBgNVBAMTBmNoYWluNDEVMBMGCSqG +SIb3DQEJARYGY2hhaW40MB4XDTExMDUxMzAxMjIzNVoXDTEyMDUxMjAxMjIzNVow +fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGY2hhaW41MQ8wDQYDVQQD +EwZjaGFpbjUxFTATBgkqhkiG9w0BCQEWBmNoYWluNTCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEA8TJAs/mVYDopPBzMpPXlCBndMpWiYs81dMKFG5nJPjqQ0rWa +vprP6XcTJkzSeAY9GZvXOAVmytI256LOvIGqMSPIXad8QSVEeZmsEDQWELgpoV2W ++Ed/0VxosoWKmShlAJTZ5t8cN1nbiIdfs+WpiIaGMHHwIiRXOltYBNvDlA8CAwEA +AaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAmfLUkyItJS9HW +dhbbdcvEqDSSMObpi31wtyTZQuKzFoMeSB+itQLgdDz1vbMDWWo+aGu/PTjWhv3v +rj0uVYpnQgL6LO9OgaoGCpWAkNw5r36xDch4sRdZSUBdsNKGAxw6pPYmsSOyiaci +9QLHnmGC7sA9psy/3uvTbnPtpYWltg== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/cert_chain/chain_alt.txt b/tests/cert-svc/data/cert_chain/chain_alt.txt new file mode 100644 index 0000000..498e125 --- /dev/null +++ b/tests/cert-svc/data/cert_chain/chain_alt.txt @@ -0,0 +1 @@ +basicConstraints=CA:TRUE diff --git a/tests/cert-svc/data/cert_chain/csr/chain1.csr b/tests/cert-svc/data/cert_chain/csr/chain1.csr new file mode 100644 index 0000000..1bb7205 --- /dev/null +++ b/tests/cert-svc/data/cert_chain/csr/chain1.csr @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIB0DCCATkCAQAwgY8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRl +MQ8wDQYDVQQHEwZjaGFpbjExITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5 +IEx0ZDEPMA0GA1UECxMGY2hhaW4xMQ8wDQYDVQQDEwZjaGFpbjExFTATBgkqhkiG +9w0BCQEWBmNoYWluMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArm3TGD+y +Y6v7cs7/mosHSlLFmQ6eXGjOgmcHeicRmKf+Omg/Tkt01KV3FYd+nJ8Qgi8c48DH +Hos1qzr2E0SBQyKn+gY2nFVTep0Ym6D0k1hQLM2r7DIv+k//bmpodRV24bHhZ/kT +CtCb2xK5/d1RGeRj0NBWtWoApQNo53chsPkCAwEAAaAAMA0GCSqGSIb3DQEBBQUA +A4GBAEZdP93VI8InLmmg/d8SigIev7EfkTxhw1kVmGAdfbEpBuBuKj2ls7FUx6Ee +hz72r2SjFGDJmPeAJwpL+DNQXc+8SywMMwGCTxgz2bHgBGKPc780SlezixYkxxuS +uhkDw9o+SP7v4SQXhlHI9lEccEk3T7HmQc7uDZN81cHT/jjU +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/cert_chain/csr/chain2.csr b/tests/cert-svc/data/cert_chain/csr/chain2.csr new file mode 100644 index 0000000..c363bf4 --- /dev/null +++ b/tests/cert-svc/data/cert_chain/csr/chain2.csr @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIB0DCCATkCAQAwgY8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRl +MQ8wDQYDVQQHEwZjaGFpbjIxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5 +IEx0ZDEPMA0GA1UECxMGY2hhaW4yMQ8wDQYDVQQDEwZjaGFpbjIxFTATBgkqhkiG +9w0BCQEWBmNoYWluMjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxCDHlh7F +M0es5a0rC2PO5EQz438WrvDYfLCWAWk4Y09ifZfWMckNECT1F0AT8BpwcF4/BU3Z +Z1LtQYO30ru/PSmYB6NkHi8eE4x6wWIzZjM+1CZaWZkFjmfHaM3yjW/7jAdjq1Bo +A4iuClybtpvBGHvvzcnwXkSrVtbfSEHTIVECAwEAAaAAMA0GCSqGSIb3DQEBBQUA +A4GBAJDdqMxSiUEjahKvVWsnaUOEqZADE9ncVH1Zp2oiIOTaGoj6TNR08BgAo1Rf +OA5saruaJhak8gvZenvMjl48LoHq1rg5BxlumOqy87flCQO9YRP2+FTzcprCCMoK +O8DuRov7j6+c30H2F3xaxABzlHlOniL659Q9gHm7tTg9dowK +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/cert_chain/csr/chain3.csr b/tests/cert-svc/data/cert_chain/csr/chain3.csr new file mode 100644 index 0000000..19feeb1 --- /dev/null +++ b/tests/cert-svc/data/cert_chain/csr/chain3.csr @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIB0DCCATkCAQAwgY8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRl +MQ8wDQYDVQQHEwZjaGFpbjMxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5 +IEx0ZDEPMA0GA1UECxMGY2hhaW4zMQ8wDQYDVQQDEwZjaGFpbjMxFTATBgkqhkiG +9w0BCQEWBmNoYWluMzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAolI8t2S0 +BZLNslgMgVy0vaQQmRcaNfLe+Ibb6SSjAbHWA6n4K9HN93uawKCpjW00lHwsTFzA +JttGE6PCxC3rrMtbZAksI+u1jIAS1s17+l/Zehe2/NVl+tSU2ZrPtZ6Hmfc+MmwN +XB8Jd6FLrsFHJ2CifvWUZl976uGpsSRaQAMCAwEAAaAAMA0GCSqGSIb3DQEBBQUA +A4GBAJ0QAZHBPgrCTfpY3x+iz798F/HUaXLdZ1PpGWvNAXA5eEvD3gQUW2VTDmxS +WhvIIRuI5KMKAW+tngo/Avfq2pGDSAnBxA+sSLXg/Hesgx2v9A2PsHDQ7rsAZvsz +N+QgyHD2tI/aD1vLnHpFJWy9RFCaWU67q5m09ox0M0AcYYbT +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/cert_chain/csr/chain4.csr b/tests/cert-svc/data/cert_chain/csr/chain4.csr new file mode 100644 index 0000000..fe55ceb --- /dev/null +++ b/tests/cert-svc/data/cert_chain/csr/chain4.csr @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIB0DCCATkCAQAwgY8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRl +MQ8wDQYDVQQHEwZjaGFpbjQxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5 +IEx0ZDEPMA0GA1UECxMGY2hhaW40MQ8wDQYDVQQDEwZjaGFpbjQxFTATBgkqhkiG +9w0BCQEWBmNoYWluNDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtUoH2TmL +bUaykbfQIOVeQY5ZnHiOsVSKLvtq8VEckHg6tpiu6xuGlDYcENGrR+KHlsvpcNte +KS8k5sSh3ggzgWZbU4tUkNh1e+zEYmHrBl4P56SOO1NQjjHyQt9O4ziLRtVHroE+ +MZ5wQrYIt8Dtpz+5clsbIU4MdyFGkqClTqUCAwEAAaAAMA0GCSqGSIb3DQEBBQUA +A4GBAJPwc6IqD20GEyd+ridxaMu2ZxWOSwDs8SZ+Zl9ysbCYP3fClBpL8aCoqPOG +Mgwsp7m4KrwReNYO2jF2TPmHqrpdoYsFLh4SrET4GkUpbdNaJMbzJLcAHYC45W7J +2WnliPdMRG44LAUYA+p46do627qcAHwTdqr0ULg9MNYxHEc4 +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/cert_chain/csr/chain5.csr b/tests/cert-svc/data/cert_chain/csr/chain5.csr new file mode 100644 index 0000000..ef63918 --- /dev/null +++ b/tests/cert-svc/data/cert_chain/csr/chain5.csr @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIB0DCCATkCAQAwgY8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRl +MQ8wDQYDVQQHEwZjaGFpbjUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5 +IEx0ZDEPMA0GA1UECxMGY2hhaW41MQ8wDQYDVQQDEwZjaGFpbjUxFTATBgkqhkiG +9w0BCQEWBmNoYWluNTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA8TJAs/mV +YDopPBzMpPXlCBndMpWiYs81dMKFG5nJPjqQ0rWavprP6XcTJkzSeAY9GZvXOAVm +ytI256LOvIGqMSPIXad8QSVEeZmsEDQWELgpoV2W+Ed/0VxosoWKmShlAJTZ5t8c +N1nbiIdfs+WpiIaGMHHwIiRXOltYBNvDlA8CAwEAAaAAMA0GCSqGSIb3DQEBBQUA +A4GBADmAeL4VKRFVGCVb4rH4HAtIb5Mzn5eqTmCPTqFHTCMfwuHLcvTiAtWZUnkY +65AraaOnqxZHBeLDIYAX/4rTlg6kdCwnjcImYKuF7YP0aFAClon57cS0ZUKdxpO7 +1EVm2vFIpm0KI7tGHTFKU7FK3wu7GtXrdB4tVbW6i7skeWZD +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/cert_chain/csr/server.csr b/tests/cert-svc/data/cert_chain/csr/server.csr new file mode 100644 index 0000000..9f38620 --- /dev/null +++ b/tests/cert-svc/data/cert_chain/csr/server.csr @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIB0DCCATkCAQAwgY8xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRl +MQ8wDQYDVQQHEwZzZXJ2ZXIxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5 +IEx0ZDEPMA0GA1UECxMGc2VydmVyMQ8wDQYDVQQDEwZzZXJ2ZXIxFTATBgkqhkiG +9w0BCQEWBnNlcnZlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2XXqSUI5 +mCYPYTC983AXvcpbG6ExaJ1jfqbFHi4fE2Nr77AjtyG2Hvdl8QHnHErI0RUg6dTL +nbJMV7SoSw7jW1QWEFE7P69R6ePQfR6jMFndjoy1aQJdo143AiIF4m0EuPsrM9VZ +yeOedFllsn8D5Qzdk2IaVZRNXOG9zJkZBGECAwEAAaAAMA0GCSqGSIb3DQEBBQUA +A4GBAIyuwA0UbZ3K93G8OmuSZ2Xiyt5nPvzRFIAZlK6TMGNYTmMWLEkNz/AL1qBX +EByJmCuho83Ei4WRB4xaOfaL/Yq5cRR+Xadz8tjAwpzrT8JpxEUmj4MHABN0EcXr +q3Gz0rvxnDiV6v+1TkbGAfdpzF+pZAh05DdtswLXJ2EoEn29 +-----END CERTIFICATE REQUEST----- diff --git a/tests/cert-svc/data/cert_chain/demoCA/index.txt b/tests/cert-svc/data/cert_chain/demoCA/index.txt new file mode 100644 index 0000000..97e8cfe --- /dev/null +++ b/tests/cert-svc/data/cert_chain/demoCA/index.txt @@ -0,0 +1,6 @@ +V 120512012141Z 00 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain1/CN=chain1/emailAddress=chain1 +V 120512012202Z 01 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain2/CN=chain2/emailAddress=chain2 +V 120512012213Z 02 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain3/CN=chain3/emailAddress=chain3 +V 120512012224Z 03 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain4/CN=chain4/emailAddress=chain4 +V 120512012235Z 04 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain5/CN=chain5/emailAddress=chain5 +V 120512012313Z 05 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=server/CN=server/emailAddress=server diff --git a/tests/cert-svc/data/cert_chain/demoCA/index.txt.attr b/tests/cert-svc/data/cert_chain/demoCA/index.txt.attr new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/tests/cert-svc/data/cert_chain/demoCA/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/tests/cert-svc/data/cert_chain/demoCA/index.txt.attr.old b/tests/cert-svc/data/cert_chain/demoCA/index.txt.attr.old new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/tests/cert-svc/data/cert_chain/demoCA/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = yes diff --git a/tests/cert-svc/data/cert_chain/demoCA/index.txt.old b/tests/cert-svc/data/cert_chain/demoCA/index.txt.old new file mode 100644 index 0000000..0d588d0 --- /dev/null +++ b/tests/cert-svc/data/cert_chain/demoCA/index.txt.old @@ -0,0 +1,5 @@ +V 120512012141Z 00 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain1/CN=chain1/emailAddress=chain1 +V 120512012202Z 01 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain2/CN=chain2/emailAddress=chain2 +V 120512012213Z 02 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain3/CN=chain3/emailAddress=chain3 +V 120512012224Z 03 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain4/CN=chain4/emailAddress=chain4 +V 120512012235Z 04 unknown /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain5/CN=chain5/emailAddress=chain5 diff --git a/tests/cert-svc/data/cert_chain/demoCA/serial b/tests/cert-svc/data/cert_chain/demoCA/serial new file mode 100644 index 0000000..cd672a5 --- /dev/null +++ b/tests/cert-svc/data/cert_chain/demoCA/serial @@ -0,0 +1 @@ +06 diff --git a/tests/cert-svc/data/cert_chain/demoCA/serial.old b/tests/cert-svc/data/cert_chain/demoCA/serial.old new file mode 100644 index 0000000..eeee65e --- /dev/null +++ b/tests/cert-svc/data/cert_chain/demoCA/serial.old @@ -0,0 +1 @@ +05 diff --git a/tests/cert-svc/data/cert_chain/key/ca.key b/tests/cert-svc/data/cert_chain/key/ca.key new file mode 100644 index 0000000..eeefd8f --- /dev/null +++ b/tests/cert-svc/data/cert_chain/key/ca.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDQ2Tl1WL4HR5EmTEItufVLHLPJ8ujJLx/VWKCu7CrUyp5NCA44 +Hv7KxHzrN5qrTQwy+EiN7UvcB+gLEZ/4sbjxdbZhaBZpz+ujJNPl2gdA8aaUprVK +mHSnVyKZUU5js0vqXDIvWi9xvLoW9psWafYDlLdFl06B6RlqVTIOfxuqbQIDAQAB +AoGALIc0Bf3+viSXIPg/X+p3DyW2e4dL9KEUg3NbBxCZbTcqGzhtd6+8GVVdYPVB +B+bsg+2F4qTGeMpCwiFm3ypdSNMqPCe+u8UF8Sw82th7m+Tkj5nM4svtkMT+CWZ2 +/SkJDWPplv0ipBPmYCrX7pMyTkBQxIOAoJh5P2Bb2m+u0y0CQQD6jp0W3tNCZ2m1 +yoIGRWLQDANqZdiOarL2vlu9ksKxySu5sA/COcOCKS4JaE56uebSKZEriLdKFCqd +X/fxv81rAkEA1WKpxTphvNhVKyNsMZbhLoMEB1XUHX08dap1Oiwp5nu4S95RFXKE +LAwngdqApRwrqXQO9WqDpMIDbkHnu2nFhwJBALCgDh8MLxK1gbB0NBqlmRWeEl5T +s0gZ8VS9NkC6D2Nys88vTLyXKbo8u0ZIcGJVYGCwirSMqOCgvLW57DhQBEcCQQCg +A4mdvcb3Lx7G55xFn4gjMdo+ie0zY+uHrRiVU/LjxJkSQ5d4RtS4lzC1Hp5jsjlH +rCFfhc1MKrUZ5FAa6RlXAkBG+TojT8xAF+XzxPEG8ZIRpS75PDek+BTOJNpxbvvk +LyEbsJ054HwYJbEenYrhJiAXGRxQS9wzTXm7vUO/NZlJ +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/cert_chain/key/chain1.key b/tests/cert-svc/data/cert_chain/key/chain1.key new file mode 100644 index 0000000..8fe8106 --- /dev/null +++ b/tests/cert-svc/data/cert_chain/key/chain1.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQCubdMYP7Jjq/tyzv+aiwdKUsWZDp5caM6CZwd6JxGYp/46aD9O +S3TUpXcVh36cnxCCLxzjwMceizWrOvYTRIFDIqf6BjacVVN6nRiboPSTWFAszavs +Mi/6T/9uamh1FXbhseFn+RMK0JvbErn93VEZ5GPQ0Fa1agClA2jndyGw+QIDAQAB +AoGATPoWoKrrlOT/EMmdL5yPWRNyNHupE2sFR7MkL5oyP8ZTgX8kAO933agwB4ZG +L+RaqrkT7MbUmPwicTCSDCq9SCLSL+fQS/hujdRbsBhnLTuAiaIblmpDYO5z6Rma +tUXnImdvKROpYmBNNzFzDlj0686KahdYGXJOTFYSST3QHEkCQQDap3/5ursNj1NY +dehaiUhYD3mOqgrj/MhN+JHNR6Eb3qQQ1Aa/rQmEkPnmopNy7qc/B+6Y4CMxNLkM +bHSyre2/AkEAzDibGZCBct4slqyuPyZTfgh3UQSaCQ4CSF7HG/Pj/ZeHqDnKoxR7 +v//WZy5gxHZ7CrSWM/laNOd6svdtQs1/RwJBAJ1UMK1MQxN6sYnRLSMX7MoQOHMC +v1tUo/wWgzKl+7LF/F9vcHuy0kpk1quxB0+HkSe1WWT+wdPCD/R0hXOb2pkCQFt0 +ehjfuujbEDLF0B6dpkRJvE0+91BYwrLwJtCgzxgQ1QKEJvgTQzv/cV+xyEoTGRT5 +PE64Oyp4A13EKl0BNB8CQF7C0zzEBE/MngPizBU6KEfo47c0hD57IUVGcIA3juwm +AELZem13BOjaDk9CEZppfk1lpdU0ZKmkIodlDwLVgLE= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/cert_chain/key/chain2.key b/tests/cert-svc/data/cert_chain/key/chain2.key new file mode 100644 index 0000000..3be4035 --- /dev/null +++ b/tests/cert-svc/data/cert_chain/key/chain2.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDEIMeWHsUzR6zlrSsLY87kRDPjfxau8Nh8sJYBaThjT2J9l9Yx +yQ0QJPUXQBPwGnBwXj8FTdlnUu1Bg7fSu789KZgHo2QeLx4TjHrBYjNmMz7UJlpZ +mQWOZ8dozfKNb/uMB2OrUGgDiK4KXJu2m8EYe+/NyfBeRKtW1t9IQdMhUQIDAQAB +AoGALCNoZ2uDW9gMnB/NqSGMJSkIOHGYjERdpColiCnC6+6orrUmGkwx6Wk300Sz +d/yrQ06ihjIP9EXgaTcYfo+MKPW4pt5P980H8sZg8XKSwv94gigKoSLAT0jPmFr1 +Z9YXew3b3Js0sd0K/i79pTAC1uIzaHeBjgB+D/SVbVmiX+UCQQDl66n5k43+aidO +TDVizP59SvUPulvEkiWyy59+pvIBkAVtpYFQkS8Ty50M3w+qk3wmjPUbl6NeqFbw +Qb75rLZbAkEA2l/c5D3XdWOmSb8eA5jIa6fIytSHRjOaiYGOAhzH/umWgtmqwNPg +xG9CNsw35bRj9PrL2wpw0UlFUWykdkXOwwJBANKBgP9bZH8R6+jZB2vtKffHADYl +Ns3zzQY1PlM0QJDDruSjypDcTFEAdEsLk4lmPR4Cootfu5j34ZlZaKOpyM8CQHC/ +YAAkAdNlMN0QpQF8Z7ZVubEni/Rt/lMSpexnScdOeVxz39qRSpKBUzGRvSaHPbil +qI0eVeNorjZ9HmjGYBsCQQDEMANkM1n9eYcOuDseJpxh2G43IUN2zJauOkChQ3QH +Rd9aNw3GPBzKw2JbGuYQqdHPMdaoUcCcRAkQQbS2kEm7 +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/cert_chain/key/chain3.key b/tests/cert-svc/data/cert_chain/key/chain3.key new file mode 100644 index 0000000..d27f36c --- /dev/null +++ b/tests/cert-svc/data/cert_chain/key/chain3.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQCiUjy3ZLQFks2yWAyBXLS9pBCZFxo18t74htvpJKMBsdYDqfgr +0c33e5rAoKmNbTSUfCxMXMAm20YTo8LELeusy1tkCSwj67WMgBLWzXv6X9l6F7b8 +1WX61JTZms+1noeZ9z4ybA1cHwl3oUuuwUcnYKJ+9ZRmX3vq4amxJFpAAwIDAQAB +AoGBAIRhv4TuS2eUP9AowSIrwng7uxGv5r+C8VgNXIK7T3oNWHaqg2zxciJZm29o +WH+wRcanstUge9H02SUhVLH8pYx9fFj0swfRhul8ISYVTRowH8I3K5wXjmeBU+z3 +WWyJfFqbsvyTaxdfEfXIoWI/d4vHVz5DeTnWKtntr/Nls/whAkEA1Yw3m3RERisP +Ck9/1C2pzOBtrtHKLVJzQDV/NZBo7+CIMxuOWnbDNnoi+IgacNYtCfxchbF7TtUk ++Pm07HqV0wJBAMKXBdak9PtQjNHyGEyzpqlZpM0auukgXY/EgOcVC86vof2fR5f9 +vhvMLbsxkFWziH1rt67H/8YAhnGpTt/PXxECQBONyFW6urm2HaVzDCBwofi5oDF+ +0kV+JEF/5IsSExnL9IzBfDJ6Z3uoiWU6iTlF00/zxMEVNFZOnBkUPGXe/7MCQHfi +xdUVcl23pdrfVftDn8Wsli1Lb6abqykdPvGf9NNVP+9bB6frzAmiRPaUtcEnSEtF +ZziGvd2Gi05RqmeXgpECQQCTS/meiClVDAn0Wnc3WgShKSBQINIiWUWApsAOdVSJ +32yo5yR9qScoaW9TDroHiEfshdnC7NNh1fBbLZna96if +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/cert_chain/key/chain4.key b/tests/cert-svc/data/cert_chain/key/chain4.key new file mode 100644 index 0000000..03feb92 --- /dev/null +++ b/tests/cert-svc/data/cert_chain/key/chain4.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICWwIBAAKBgQC1SgfZOYttRrKRt9Ag5V5BjlmceI6xVIou+2rxURyQeDq2mK7r +G4aUNhwQ0atH4oeWy+lw214pLyTmxKHeCDOBZltTi1SQ2HV77MRiYesGXg/npI47 +U1COMfJC307jOItG1UeugT4xnnBCtgi3wO2nP7lyWxshTgx3IUaSoKVOpQIDAQAB +AoGAC9E3kcFehVEGctk4h+xrqHpO/RQeuRB5sXZSEkjnQ8OSkDSDsm+o5iBg0/fW +4mixzfKc1O53xNd94E0RABgowzpg3cuOkLWmBYyw//9av3EQUPH9ZKrr1cVgHUvN +pTJckhiZTbMPCibdoeulorkjWJ2kgsz8d4NKpBz03VyUHkECQQDtbYze5rXNXtAc +OyYJv33CyKf8D5e7A4Gv9KRAjQF/6dNniRxggzPB8uE30EeC/iJ2f/o8NcItSlxE +y5PDxF8nAkEAw3hP/xqp5FVH78i3DL1X9WuQDy+eTXv9GCt7Y51jKLRcG5ArwQuy +uIwx9Ki3REiVBsKNH+YPj9mhmNOLuFsDUwJAFr2IYY0NWqc7HYkYwpRBsldPp5fC +u5nBYR34YWpf+2Vk5yS9wAyw92GQ6qybPNOkb18gk4W+nGHj5n7tHzH+vwJAMmoq +f8pZvSl9t0uWYrPHJuZKLpCCjMuI2J4GYgfq1knGY9mIX27r9os6KzcEpZjuzuKI +0YxdwSVJd4hARhk7PwJACI3n/qMb/AiYY9Kh2vUZFcV10BA4zN2bq69wmmSzsIqx +wRBOALPPKRKDsS/aA7ZgPAAiHjXcyazXyWKeObeQ3w== +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/cert_chain/key/chain5.key b/tests/cert-svc/data/cert_chain/key/chain5.key new file mode 100644 index 0000000..e343753 --- /dev/null +++ b/tests/cert-svc/data/cert_chain/key/chain5.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDxMkCz+ZVgOik8HMyk9eUIGd0ylaJizzV0woUbmck+OpDStZq+ +ms/pdxMmTNJ4Bj0Zm9c4BWbK0jbnos68gaoxI8hdp3xBJUR5mawQNBYQuCmhXZb4 +R3/RXGiyhYqZKGUAlNnm3xw3WduIh1+z5amIhoYwcfAiJFc6W1gE28OUDwIDAQAB +AoGAVG4P4jBCzs1tM8KtDC2bP6u2F4fzsPzxrG6PI6tAm8zqdyflBEWy8/mftW98 +2VDtwHIh81VIt0TAvXLrRWdqSF1KqaP1rGdfBBjy7VX/F/RM9BJkGyGGK4muFn5z +ILkTyUokCIvCea59Nxjz8efk4UT8VKTrLUe/aW7AYtyFaRECQQD9hDdNGtkh2CiX +BaMY8kbamWRNGO+hthD3bmtWaqBJBY2F/bgF0D1F71bMT2Po1JX01GLrPDX/WDIY +JANfHYkHAkEA848js49pOq2Xeu7vQUbUGufjiAxq5WcMiM1qrNBIi8Nz7eSC20WO +NB4f39UU7K0HndnpohEcCkBa+5j0efqCuQJBAPChlNQtDbhgMnbWtO6y2KoZOukr +KBl4dTZGqr+FycpF6QUrxIZQGDjParXXDWAsmIGhLptVtXM/RZ1AYargn/UCQAb4 +zfjR3h1D4tYuCMNBl8i9YpH+aQDwFjfESY1w2OLHUYY5yFUmhI+RXTA3FUZBHbqz +BjERdFAGz5PsKPNk7GECQGoi4PRFAA/VRgDQ5PVYqW86pfG0ULyneHBZIg57Urqg +5Umq3ct6qZT+/H2pSonJYkNWKdMJiCK7jU6H5h7z47E= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/cert_chain/key/server.key b/tests/cert-svc/data/cert_chain/key/server.key new file mode 100644 index 0000000..5f76b2e --- /dev/null +++ b/tests/cert-svc/data/cert_chain/key/server.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDZdepJQjmYJg9hML3zcBe9ylsboTFonWN+psUeLh8TY2vvsCO3 +IbYe92XxAeccSsjRFSDp1MudskxXtKhLDuNbVBYQUTs/r1Hp49B9HqMwWd2OjLVp +Al2jXjcCIgXibQS4+ysz1VnJ4550WWWyfwPlDN2TYhpVlE1c4b3MmRkEYQIDAQAB +AoGAGiCCr56XUOJxwpmamN8E2zauz5kEWK9gPt1GnaOo9Clj1H5zLBOO0BWlV9mE +rO+HRSemtrFsbVv4tCjud2Yohp2yAAe8nnW33Xf4KDLZ62wtP5HCXaIoNZKmTnpC +QHc2I/k674jUGE4tCvrYwg0CJQQrpTpXizA8YECudxZ48okCQQD9gKVPdlBeEsF2 +OVKHF//n1LI6+2cD9sWoPzdXayVcpemDyTl+GIQYhqZDVWsMj6DvfOHHlNZdYGr2 +XrmCbvCvAkEA25peZpnAnnwcqgKUrbaNKq5rmYPtbdu5I6rloMUs/OiO2lHkXs9Q +QN904G1dTYOcaEOVH5nMuwD04Es/7Lj/7wJBALE9SddV9Hjhiivbhiz4Ba8UUgzV +C0CFP8sTb+EKA9RUGAFRJoZYI7t2ITcAuNjObwoieUVudbZRnFdnATMF1/cCQQCF +SEvDOc4OYoWDKc3TINjM7s+ffNK9un3DiBWWXhXP6dXJ66oPYQP0W6s0Cyx1v0tO +fLYlV9NKLGpzNzi1FBNBAkAO4WRyZXBK9BVBLyfJq77uptlLZW71yl2X1oSklFyM +MpLH4u1SJorRypt7MsxPgcF4pAZSs/TWaCmx8nmSBcEE +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/cert_chain/server.crt b/tests/cert-svc/data/cert_chain/server.crt new file mode 100644 index 0000000..17d3a68 --- /dev/null +++ b/tests/cert-svc/data/cert_chain/server.crt @@ -0,0 +1,65 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 5 (0x5) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain5, CN=chain5/emailAddress=chain5 + Validity + Not Before: May 13 01:23:13 2011 GMT + Not After : May 12 01:23:13 2012 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=server, CN=server/emailAddress=server + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:d9:75:ea:49:42:39:98:26:0f:61:30:bd:f3:70: + 17:bd:ca:5b:1b:a1:31:68:9d:63:7e:a6:c5:1e:2e: + 1f:13:63:6b:ef:b0:23:b7:21:b6:1e:f7:65:f1:01: + e7:1c:4a:c8:d1:15:20:e9:d4:cb:9d:b2:4c:57:b4: + a8:4b:0e:e3:5b:54:16:10:51:3b:3f:af:51:e9:e3: + d0:7d:1e:a3:30:59:dd:8e:8c:b5:69:02:5d:a3:5e: + 37:02:22:05:e2:6d:04:b8:fb:2b:33:d5:59:c9:e3: + 9e:74:59:65:b2:7f:03:e5:0c:dd:93:62:1a:55:94: + 4d:5c:e1:bd:cc:99:19:04:61 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 2E:EE:9A:24:CA:AA:22:7C:B3:7F:13:56:FC:A8:FC:06:0F:FB:63:7D + X509v3 Authority Key Identifier: + DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain4/CN=chain4/emailAddress=chain4 + serial:04 + + Signature Algorithm: sha1WithRSAEncryption + d6:e7:97:51:80:37:cc:cf:b5:96:47:cc:4b:ca:62:f4:d1:43: + a1:d2:8b:9a:21:50:99:04:9f:c0:00:f1:0c:71:18:82:88:63: + 9e:86:6c:a1:2c:25:0e:c1:30:32:db:02:5b:47:ae:8d:5e:ba: + 0f:3d:16:84:39:c6:30:91:8d:b9:23:1b:a9:58:52:9c:49:81: + c9:87:e3:34:1d:dc:a0:dd:81:0b:1e:f6:d7:a7:2e:bd:dc:1c: + 7b:d7:5c:0f:ec:da:09:81:45:36:63:76:e8:31:ba:cd:26:dc: + 7a:80:18:c4:3e:be:14:14:07:dc:4b:1a:b5:c4:2c:38:10:f6: + 13:84 +-----BEGIN CERTIFICATE----- +MIIDZTCCAs6gAwIBAgIBBTANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjUxDzANBgNVBAMTBmNoYWluNTEVMBMGCSqG +SIb3DQEJARYGY2hhaW41MB4XDTExMDUxMzAxMjMxM1oXDTEyMDUxMjAxMjMxM1ow +fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGc2VydmVyMQ8wDQYDVQQD +EwZzZXJ2ZXIxFTATBgkqhkiG9w0BCQEWBnNlcnZlcjCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEA2XXqSUI5mCYPYTC983AXvcpbG6ExaJ1jfqbFHi4fE2Nr77Aj +tyG2Hvdl8QHnHErI0RUg6dTLnbJMV7SoSw7jW1QWEFE7P69R6ePQfR6jMFndjoy1 +aQJdo143AiIF4m0EuPsrM9VZyeOedFllsn8D5Qzdk2IaVZRNXOG9zJkZBGECAwEA +AaOB8jCB7zAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy +YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQULu6aJMqqInyzfxNW/Kj8Bg/7Y30w +gZQGA1UdIwSBjDCBiaGBg6SBgDB+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t +ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ8wDQYD +VQQLEwZjaGFpbjQxDzANBgNVBAMTBmNoYWluNDEVMBMGCSqGSIb3DQEJARYGY2hh +aW40ggEEMA0GCSqGSIb3DQEBBQUAA4GBANbnl1GAN8zPtZZHzEvKYvTRQ6HSi5oh +UJkEn8AA8QxxGIKIY56GbKEsJQ7BMDLbAltHro1eug89FoQ5xjCRjbkjG6lYUpxJ +gcmH4zQd3KDdgQse9tenLr3cHHvXXA/s2gmBRTZjdugxus0m3HqAGMQ+vhQUB9xL +GrXELDgQ9hOE +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/invalidCert.der b/tests/cert-svc/data/invalidCert.der new file mode 100644 index 0000000..fd08360 --- /dev/null +++ b/tests/cert-svc/data/invalidCert.der @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICpzCCAhCgAwIBAgIBADANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJDUjEM +MAoGA1UECBMDU1RSMQswCQYDVQQKEwJPUjEMMAoGA1UECxMDT1VSMQwwCgYDVQQD +EwNDTlIxFTATBgkqhkiG9w0BCQEWBkVtYWlsUjAeFw0wNzEyMTkwNTE5MjBaFw0x +MDEyMTgwNTE5MjBaMFsxCzAJBgNVBAYTAkNSMQwwCgYDVQQIEwNTVFIxCzAJBgNV +BAoTAk9SMQwwCgYDVQQLEwNPVVIxDDAKBgNVBAMTA0NOUjEVMBMGCSqGSIb3DQEJ +ARYGRW1haWxSMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG2dhVCOuBD2i4 +mjWLU8vkQpRVylojbSzxvO3uynaOZAnhqLxu2F2ugR1NLJOlrgbjq13xCO4FjKZj +eb4kln5HJl7GLCNz8ns2+kAtwiVfpZnQ8U6Y/1BLiB7sLH+ONB4g6Rm9cgST1e6H +e/EJMkzU75+wkj94ORZ4TINDU4kU4QIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCG +SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E +FgQUX0cbXBYMGt9k4/HRapEA9XUlKk4wHwYDVR0jBBgwFoAUX0cbXBYMGt9k4/HR +apEA9XUlKk4wDQYJKoZIhvcNAQEFBQADgYEAXyKHjF6k0yNY/og30g1+SsNxYNqC +yzGEbCywXELFakhQ1qmx12VY6qkeo+khyuiRfp9cDx8sSQ2asypIYeO9ctRNmp4D +lC8YNI7BdY/g4Xq7uy4BKeng8Mv8VNAtdBaKreJqSk5RvQmepXRiTJgo2DzGlCU5 +3aU1rQ6vF96wFt4= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/newcert.pem b/tests/cert-svc/data/newcert.pem new file mode 100644 index 0000000..d960df3 --- /dev/null +++ b/tests/cert-svc/data/newcert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMCS1Ix +FDASBgNVBAgTC0t5dW5nLWdpIGRvMRIwEAYDVQQHEwlTdS13b24gc2kxEDAOBgNV +BAoTB1NhbXN1bmcxDDAKBgNVBAsTA0RNQzEQMA4GA1UEAxMHQ0EgY2VydDEdMBsG +CSqGSIb3DQEJARYOY2FAc2Ftc3VuZy5jb20wHhcNMTEwNDAxMDgyNDAyWhcNMTIw +MzMxMDgyNDAyWjBWMQswCQYDVQQGEwJLUjEUMBIGA1UECBMLS3l1bmctZ2kgZG8x +EDAOBgNVBAoTB1NhbXN1bmcxDDAKBgNVBAsTA0RNQzERMA8GA1UEAxMIdGVzdHRl +c3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOP+k1tVoVt6Sbvv/y41PP/2 +abO0S3EJW2p/twZ164Dzd7g21r63zUkBfD3pET0x2IL1N48QlTYwDj7bmzRH+i1v +7Jxk4w6Op7Oho0mPjJ+Plvjfz5LCuwOOupw5V6TpZ2FtGaFcNWIK20BaLuZOyDAl +m0HXGbfkuESZ9dayHvEtAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgEN +BB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQ6leM2 +NG1RdqMk7cmJ1IVi2Zjk+DAfBgNVHSMEGDAWgBTNauriVKaL7CMpmNmXIOmNU7GR +hTANBgkqhkiG9w0BAQUFAAOBgQCU+c0daLk+AHvSOetVRVFkkY3VMnWw7RURD8CU +FDkb+Kz6huYlvh9pfkGn7HmxjUARJ6UpxokZ69toOv1UB0Ix4kyT3CCvf0EcnrjG +1fAYrROOhNYlntSTDcgwB2VzXSZ9WEAOBj/B+/nGb7gkkAmf++4FKTMQLZvg5gQr +700V7Q== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/notcert.der b/tests/cert-svc/data/notcert.der new file mode 100644 index 0000000..408a3ee --- /dev/null +++ b/tests/cert-svc/data/notcert.der @@ -0,0 +1,2 @@ +afgnwthbgowjfkvbasdlkfgnaldfnglkwdafbkwjtghsghsfgusrfghadfht5ehadgfhsg +hsfghsdrghsfh56h thdfghedrgrger[gfdghwdfhsadfhgsdfhasdfghasdfhsadfhgadfg diff --git a/tests/cert-svc/data/ocsp/aia_signer.der b/tests/cert-svc/data/ocsp/aia_signer.der Binary files differnew file mode 100644 index 0000000..f4250e7 --- /dev/null +++ b/tests/cert-svc/data/ocsp/aia_signer.der diff --git a/tests/cert-svc/data/ocsp/cert-svc-tests-kill-ocsp-server.sh b/tests/cert-svc/data/ocsp/cert-svc-tests-kill-ocsp-server.sh new file mode 100755 index 0000000..5ff8716 --- /dev/null +++ b/tests/cert-svc/data/ocsp/cert-svc-tests-kill-ocsp-server.sh @@ -0,0 +1,19 @@ +#!/bin/sh +# Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +echo "--- Kill OCSP server..." +pkill -9 openssl # if previously it was launched and openssl didn't close sockets + diff --git a/tests/cert-svc/data/ocsp/cert-svc-tests-start-ocsp-server.sh b/tests/cert-svc/data/ocsp/cert-svc-tests-start-ocsp-server.sh new file mode 100755 index 0000000..f3b18d3 --- /dev/null +++ b/tests/cert-svc/data/ocsp/cert-svc-tests-start-ocsp-server.sh @@ -0,0 +1,31 @@ +#!/bin/sh +# Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +source /etc/tizen-platform.conf + +LOCAL_OCSP_WORKSPACE=${TZ_SYS_SHARE}/cert-svc/tests/orig_c/data/ocsp + +pkill -9 openssl # if previously it was launched and openssl didn't close sockets + +echo "starting OCSP server" +OPENSSL_CONF=${LOCAL_OCSP_WORKSPACE}/demoCA/openssl.cnf openssl ocsp \ +-index ${LOCAL_OCSP_WORKSPACE}/demoCA/index.txt \ +-port 8888 -rsigner ${LOCAL_OCSP_WORKSPACE}/ocsp_signer.crt \ +-rkey ${LOCAL_OCSP_WORKSPACE}/ocsp_signer.key \ +-CA ${LOCAL_OCSP_WORKSPACE}/demoCA/cacert.pem -text \ +-out ${LOCAL_OCSP_WORKSPACE}/log.txt & + +echo "--- OCSP server shutdown..." + diff --git a/tests/cert-svc/data/ocsp/demoCA/cacert.pem b/tests/cert-svc/data/ocsp/demoCA/cacert.pem new file mode 100644 index 0000000..3a38a52 --- /dev/null +++ b/tests/cert-svc/data/ocsp/demoCA/cacert.pem @@ -0,0 +1,65 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Root CA/emailAddress=tt@gmail.com + Validity + Not Before: Jun 18 08:10:59 2014 GMT + Not After : Jun 18 08:10:59 2015 GMT + Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Second CA/emailAddress=tt@gmail.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:cb:26:b3:00:17:f2:73:c4:82:2b:43:34:3f:dc: + 51:ad:ed:c1:80:50:46:1a:10:54:a8:fa:17:03:29: + 84:57:69:90:b7:df:f9:24:54:03:58:16:1f:a5:a2: + 0f:5e:30:95:14:96:dd:13:04:e8:3b:f6:d3:a7:4b: + fe:4c:07:05:9a:54:b1:0e:2d:a9:6f:d1:48:f6:15: + f8:c4:32:91:9d:ff:11:05:e9:5b:f7:e2:64:93:71: + 66:9d:30:7c:83:c1:8c:03:65:5c:1d:16:4a:ef:3a: + 40:3a:5b:08:30:4b:c5:d2:ae:96:c7:fe:79:0a:52: + 42:a9:93:e6:18:96:32:84:cd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + A9:49:F3:5B:13:45:76:34:79:FF:57:97:FA:EB:4B:F6:71:6C:18:80 + X509v3 Authority Key Identifier: + keyid:64:1E:4F:4B:9E:18:2F:BC:E2:30:C4:73:A6:6B:9E:05:1A:DF:12:08 + + X509v3 Basic Constraints: + CA:TRUE + Authority Information Access: + OCSP - URI:http://127.0.0.1:8888 + CA Issuers - URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer + + Signature Algorithm: sha1WithRSAEncryption + 5a:27:0d:0c:ec:fd:3b:35:b0:40:d6:dd:fe:44:9a:e2:95:66: + 5a:47:f6:c2:ec:b5:22:c9:c5:92:bc:fa:ff:3c:25:bc:f8:e7: + 5f:cb:7f:c8:71:be:73:2f:dc:cc:04:c5:7a:fd:a8:f2:8f:96: + f2:91:7e:3f:9b:6c:b0:79:29:31:1c:67:9c:e1:0e:92:7b:48: + 36:1e:b1:d5:1d:44:a3:8c:48:dd:09:21:12:f7:24:e0:9d:60: + 73:a7:26:4e:a8:fb:8e:6f:67:f4:cd:bf:49:6c:88:af:74:bf: + 11:f6:8e:8d:84:5e:73:46:fa:37:b2:04:6c:29:fb:71:fa:45: + 61:f0 +-----BEGIN CERTIFICATE----- +MIIDLzCCApigAwIBAgIBATANBgkqhkiG9w0BAQUFADB4MQswCQYDVQQGEwJLUjEO +MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu +IFRlc3QxFTATBgNVBAMMDFRlc3QgUm9vdCBDQTEbMBkGCSqGSIb3DQEJARYMdHRA +Z21haWwuY29tMB4XDTE0MDYxODA4MTA1OVoXDTE1MDYxODA4MTA1OVowejELMAkG +A1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMRAwDgYDVQQKDAdTYW1zdW5nMRMwEQYD +VQQLDApUaXplbiBUZXN0MRcwFQYDVQQDDA5UZXN0IFNlY29uZCBDQTEbMBkGCSqG +SIb3DQEJARYMdHRAZ21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQDLJrMAF/JzxIIrQzQ/3FGt7cGAUEYaEFSo+hcDKYRXaZC33/kkVANYFh+log9e +MJUUlt0TBOg79tOnS/5MBwWaVLEOLalv0Uj2FfjEMpGd/xEF6Vv34mSTcWadMHyD +wYwDZVwdFkrvOkA6WwgwS8XSrpbH/nkKUkKpk+YYljKEzQIDAQABo4HGMIHDMB0G +A1UdDgQWBBSpSfNbE0V2NHn/V5f660v2cWwYgDAfBgNVHSMEGDAWgBRkHk9Lnhgv +vOIwxHOma54FGt8SCDAMBgNVHRMEBTADAQH/MHMGCCsGAQUFBwEBBGcwZTAhBggr +BgEFBQcwAYYVaHR0cDovLzEyNy4wLjAuMTo4ODg4MEAGCCsGAQUFBzAChjRodHRw +Oi8vU1ZSU2VjdXJlLUczLWFpYS52ZXJpc2lnbi5jb20vU1ZSU2VjdXJlRzMuY2Vy +MA0GCSqGSIb3DQEBBQUAA4GBAFonDQzs/Ts1sEDW3f5EmuKVZlpH9sLstSLJxZK8 ++v88Jbz451/Lf8hxvnMv3MwExXr9qPKPlvKRfj+bbLB5KTEcZ5zhDpJ7SDYesdUd +RKOMSN0JIRL3JOCdYHOnJk6o+45vZ/TNv0lsiK90vxH2jo2EXnNG+jeyBGwp+3H6 +RWHw +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/ocsp/demoCA/crlnumber b/tests/cert-svc/data/ocsp/demoCA/crlnumber new file mode 100644 index 0000000..8a0f05e --- /dev/null +++ b/tests/cert-svc/data/ocsp/demoCA/crlnumber @@ -0,0 +1 @@ +01 diff --git a/tests/cert-svc/data/ocsp/demoCA/index.txt b/tests/cert-svc/data/ocsp/demoCA/index.txt new file mode 100644 index 0000000..64cb9f5 --- /dev/null +++ b/tests/cert-svc/data/ocsp/demoCA/index.txt @@ -0,0 +1,6 @@ +V 150618081051Z 00 unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test/CN=Test Root CA/emailAddress=tt@gmail.com +V 150618081059Z 01 unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test/CN=Test Second CA/emailAddress=tt@gmail.com +V 150618081104Z 02 unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test AIA/CN=Test Signer/emailAddress=tt@gmail.com +R 150618081114Z 140618081114Z 03 unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test REVOKED/CN=Test Signer/emailAddress=tt@gmail.com +V 150618081129Z 04 unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test NO AIA/CN=Test Signer/emailAddress=tt@gmail.com +V 150618081146Z 05 unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test OCSP Response Signer/CN=OCSP Response Signer/emailAddress=tt@gmail.com diff --git a/tests/cert-svc/data/ocsp/demoCA/index.txt.attr b/tests/cert-svc/data/ocsp/demoCA/index.txt.attr new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/tests/cert-svc/data/ocsp/demoCA/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/tests/cert-svc/data/ocsp/demoCA/index.txt.attr.old b/tests/cert-svc/data/ocsp/demoCA/index.txt.attr.old new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/tests/cert-svc/data/ocsp/demoCA/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = yes diff --git a/tests/cert-svc/data/ocsp/demoCA/index.txt.old b/tests/cert-svc/data/ocsp/demoCA/index.txt.old new file mode 100644 index 0000000..bd19201 --- /dev/null +++ b/tests/cert-svc/data/ocsp/demoCA/index.txt.old @@ -0,0 +1,5 @@ +V 150618081051Z 00 unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test/CN=Test Root CA/emailAddress=tt@gmail.com +V 150618081059Z 01 unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test/CN=Test Second CA/emailAddress=tt@gmail.com +V 150618081104Z 02 unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test AIA/CN=Test Signer/emailAddress=tt@gmail.com +R 150618081114Z 140618081114Z 03 unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test REVOKED/CN=Test Signer/emailAddress=tt@gmail.com +V 150618081129Z 04 unknown /C=KR/ST=Seoul/O=Samsung/OU=Tizen Test NO AIA/CN=Test Signer/emailAddress=tt@gmail.com diff --git a/tests/cert-svc/data/ocsp/demoCA/newcerts/00.pem b/tests/cert-svc/data/ocsp/demoCA/newcerts/00.pem new file mode 100644 index 0000000..0f12631 --- /dev/null +++ b/tests/cert-svc/data/ocsp/demoCA/newcerts/00.pem @@ -0,0 +1,65 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Root CA/emailAddress=tt@gmail.com + Validity + Not Before: Jun 18 08:10:51 2014 GMT + Not After : Jun 18 08:10:51 2015 GMT + Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Root CA/emailAddress=tt@gmail.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:a3:a6:5e:82:c4:3d:85:27:0c:d7:20:fb:7a:3b: + f8:e3:15:13:24:38:d3:95:c1:b0:78:78:7b:e8:89: + b6:db:1e:b2:02:58:cc:db:e7:4a:76:3d:c4:21:51: + ad:d0:10:37:ea:a7:59:16:5f:16:3b:1c:d0:19:c0: + 33:41:8e:c6:14:e5:d0:56:88:38:52:3a:87:33:19: + 96:c0:0c:79:8d:0c:81:cc:88:9e:02:3e:07:67:69: + 6a:b8:f0:62:ca:22:1e:1c:0a:3a:b0:24:96:b3:19: + e1:ec:fa:af:59:a0:32:a4:f6:55:12:a3:89:de:06: + b9:ad:7c:83:09:c8:f3:43:c1 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 64:1E:4F:4B:9E:18:2F:BC:E2:30:C4:73:A6:6B:9E:05:1A:DF:12:08 + X509v3 Authority Key Identifier: + keyid:64:1E:4F:4B:9E:18:2F:BC:E2:30:C4:73:A6:6B:9E:05:1A:DF:12:08 + + X509v3 Basic Constraints: + CA:TRUE + Authority Information Access: + OCSP - URI:http://127.0.0.1:8888 + CA Issuers - URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer + + Signature Algorithm: sha1WithRSAEncryption + 32:44:95:d3:65:cc:11:0a:44:4d:19:94:02:3b:cb:71:1e:fa: + e6:82:ff:2f:43:09:d9:64:5e:92:c3:26:3f:06:bc:b4:7e:69: + 5e:86:d3:79:d8:d2:e3:8c:f1:06:ea:ef:58:15:87:f3:4a:48: + d0:95:54:74:a9:f4:36:98:db:37:77:a0:0a:16:53:9d:64:e4: + fa:72:e1:08:66:e2:9e:a4:36:f6:4f:1e:49:25:b2:0d:e8:dd: + df:13:f9:55:49:6f:3c:2b:d6:92:08:5d:a7:d7:98:18:4d:25: + 66:0f:48:ee:1e:e2:c0:a1:69:c8:89:c6:9a:f9:26:de:d9:3b: + 23:01 +-----BEGIN CERTIFICATE----- +MIIDLTCCApagAwIBAgIBADANBgkqhkiG9w0BAQUFADB4MQswCQYDVQQGEwJLUjEO +MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu +IFRlc3QxFTATBgNVBAMMDFRlc3QgUm9vdCBDQTEbMBkGCSqGSIb3DQEJARYMdHRA +Z21haWwuY29tMB4XDTE0MDYxODA4MTA1MVoXDTE1MDYxODA4MTA1MVoweDELMAkG +A1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMRAwDgYDVQQKDAdTYW1zdW5nMRMwEQYD +VQQLDApUaXplbiBUZXN0MRUwEwYDVQQDDAxUZXN0IFJvb3QgQ0ExGzAZBgkqhkiG +9w0BCQEWDHR0QGdtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +o6ZegsQ9hScM1yD7ejv44xUTJDjTlcGweHh76Im22x6yAljM2+dKdj3EIVGt0BA3 +6qdZFl8WOxzQGcAzQY7GFOXQVog4UjqHMxmWwAx5jQyBzIieAj4HZ2lquPBiyiIe +HAo6sCSWsxnh7PqvWaAypPZVEqOJ3ga5rXyDCcjzQ8ECAwEAAaOBxjCBwzAdBgNV +HQ4EFgQUZB5PS54YL7ziMMRzpmueBRrfEggwHwYDVR0jBBgwFoAUZB5PS54YL7zi +MMRzpmueBRrfEggwDAYDVR0TBAUwAwEB/zBzBggrBgEFBQcBAQRnMGUwIQYIKwYB +BQUHMAGGFWh0dHA6Ly8xMjcuMC4wLjE6ODg4ODBABggrBgEFBQcwAoY0aHR0cDov +L1NWUlNlY3VyZS1HMy1haWEudmVyaXNpZ24uY29tL1NWUlNlY3VyZUczLmNlcjAN +BgkqhkiG9w0BAQUFAAOBgQAyRJXTZcwRCkRNGZQCO8txHvrmgv8vQwnZZF6SwyY/ +Bry0fmlehtN52NLjjPEG6u9YFYfzSkjQlVR0qfQ2mNs3d6AKFlOdZOT6cuEIZuKe +pDb2Tx5JJbIN6N3fE/lVSW88K9aSCF2n15gYTSVmD0juHuLAoWnIicaa+Sbe2Tsj +AQ== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/ocsp/demoCA/newcerts/01.pem b/tests/cert-svc/data/ocsp/demoCA/newcerts/01.pem new file mode 100644 index 0000000..3a38a52 --- /dev/null +++ b/tests/cert-svc/data/ocsp/demoCA/newcerts/01.pem @@ -0,0 +1,65 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Root CA/emailAddress=tt@gmail.com + Validity + Not Before: Jun 18 08:10:59 2014 GMT + Not After : Jun 18 08:10:59 2015 GMT + Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Second CA/emailAddress=tt@gmail.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:cb:26:b3:00:17:f2:73:c4:82:2b:43:34:3f:dc: + 51:ad:ed:c1:80:50:46:1a:10:54:a8:fa:17:03:29: + 84:57:69:90:b7:df:f9:24:54:03:58:16:1f:a5:a2: + 0f:5e:30:95:14:96:dd:13:04:e8:3b:f6:d3:a7:4b: + fe:4c:07:05:9a:54:b1:0e:2d:a9:6f:d1:48:f6:15: + f8:c4:32:91:9d:ff:11:05:e9:5b:f7:e2:64:93:71: + 66:9d:30:7c:83:c1:8c:03:65:5c:1d:16:4a:ef:3a: + 40:3a:5b:08:30:4b:c5:d2:ae:96:c7:fe:79:0a:52: + 42:a9:93:e6:18:96:32:84:cd + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + A9:49:F3:5B:13:45:76:34:79:FF:57:97:FA:EB:4B:F6:71:6C:18:80 + X509v3 Authority Key Identifier: + keyid:64:1E:4F:4B:9E:18:2F:BC:E2:30:C4:73:A6:6B:9E:05:1A:DF:12:08 + + X509v3 Basic Constraints: + CA:TRUE + Authority Information Access: + OCSP - URI:http://127.0.0.1:8888 + CA Issuers - URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer + + Signature Algorithm: sha1WithRSAEncryption + 5a:27:0d:0c:ec:fd:3b:35:b0:40:d6:dd:fe:44:9a:e2:95:66: + 5a:47:f6:c2:ec:b5:22:c9:c5:92:bc:fa:ff:3c:25:bc:f8:e7: + 5f:cb:7f:c8:71:be:73:2f:dc:cc:04:c5:7a:fd:a8:f2:8f:96: + f2:91:7e:3f:9b:6c:b0:79:29:31:1c:67:9c:e1:0e:92:7b:48: + 36:1e:b1:d5:1d:44:a3:8c:48:dd:09:21:12:f7:24:e0:9d:60: + 73:a7:26:4e:a8:fb:8e:6f:67:f4:cd:bf:49:6c:88:af:74:bf: + 11:f6:8e:8d:84:5e:73:46:fa:37:b2:04:6c:29:fb:71:fa:45: + 61:f0 +-----BEGIN CERTIFICATE----- +MIIDLzCCApigAwIBAgIBATANBgkqhkiG9w0BAQUFADB4MQswCQYDVQQGEwJLUjEO +MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu +IFRlc3QxFTATBgNVBAMMDFRlc3QgUm9vdCBDQTEbMBkGCSqGSIb3DQEJARYMdHRA +Z21haWwuY29tMB4XDTE0MDYxODA4MTA1OVoXDTE1MDYxODA4MTA1OVowejELMAkG +A1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMRAwDgYDVQQKDAdTYW1zdW5nMRMwEQYD +VQQLDApUaXplbiBUZXN0MRcwFQYDVQQDDA5UZXN0IFNlY29uZCBDQTEbMBkGCSqG +SIb3DQEJARYMdHRAZ21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQDLJrMAF/JzxIIrQzQ/3FGt7cGAUEYaEFSo+hcDKYRXaZC33/kkVANYFh+log9e +MJUUlt0TBOg79tOnS/5MBwWaVLEOLalv0Uj2FfjEMpGd/xEF6Vv34mSTcWadMHyD +wYwDZVwdFkrvOkA6WwgwS8XSrpbH/nkKUkKpk+YYljKEzQIDAQABo4HGMIHDMB0G +A1UdDgQWBBSpSfNbE0V2NHn/V5f660v2cWwYgDAfBgNVHSMEGDAWgBRkHk9Lnhgv +vOIwxHOma54FGt8SCDAMBgNVHRMEBTADAQH/MHMGCCsGAQUFBwEBBGcwZTAhBggr +BgEFBQcwAYYVaHR0cDovLzEyNy4wLjAuMTo4ODg4MEAGCCsGAQUFBzAChjRodHRw +Oi8vU1ZSU2VjdXJlLUczLWFpYS52ZXJpc2lnbi5jb20vU1ZSU2VjdXJlRzMuY2Vy +MA0GCSqGSIb3DQEBBQUAA4GBAFonDQzs/Ts1sEDW3f5EmuKVZlpH9sLstSLJxZK8 ++v88Jbz451/Lf8hxvnMv3MwExXr9qPKPlvKRfj+bbLB5KTEcZ5zhDpJ7SDYesdUd +RKOMSN0JIRL3JOCdYHOnJk6o+45vZ/TNv0lsiK90vxH2jo2EXnNG+jeyBGwp+3H6 +RWHw +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/ocsp/demoCA/newcerts/02.pem b/tests/cert-svc/data/ocsp/demoCA/newcerts/02.pem new file mode 100644 index 0000000..c028e41 --- /dev/null +++ b/tests/cert-svc/data/ocsp/demoCA/newcerts/02.pem @@ -0,0 +1,68 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Second CA/emailAddress=tt@gmail.com + Validity + Not Before: Jun 18 08:11:04 2014 GMT + Not After : Jun 18 08:11:04 2015 GMT + Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test AIA, CN=Test Signer/emailAddress=tt@gmail.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:b0:80:ac:3e:ff:bd:63:59:79:f1:e1:b2:cb:66: + b4:cf:98:4f:8d:ac:37:c7:49:f6:71:f3:24:c6:61: + e7:b0:33:33:fa:66:55:cc:f1:67:6e:c4:d8:aa:a6: + a9:bb:1b:65:cd:d7:cd:86:11:7b:1d:a3:1c:1a:d3: + d1:ed:31:51:aa:48:60:3f:04:26:a6:0f:56:7a:96: + 21:ce:11:be:14:4c:1d:d1:38:9d:65:64:30:e4:c8: + 9f:5a:81:93:9f:a1:9b:2d:fc:08:fc:f9:bc:15:df: + 1d:e2:7b:ea:78:6b:6c:3f:f1:e4:ac:6a:5a:df:79: + fd:a0:5f:a9:21:69:2b:09:3b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 4B:D2:72:A2:35:48:F3:87:5F:CB:3E:F6:68:A8:BB:E7:55:F3:99:AA + X509v3 Authority Key Identifier: + keyid:A9:49:F3:5B:13:45:76:34:79:FF:57:97:FA:EB:4B:F6:71:6C:18:80 + + Authority Information Access: + OCSP - URI:http://127.0.0.1:8888 + CA Issuers - URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer + + Signature Algorithm: sha1WithRSAEncryption + 01:3f:ec:ab:bb:df:f6:6a:e6:78:7a:48:d5:d3:75:91:83:95: + 6a:fe:ba:a6:38:70:eb:b8:c3:55:6d:9e:07:e0:f0:4b:44:b4: + a9:0b:ff:ce:19:a8:60:12:05:0a:7b:cf:41:70:1d:74:95:48: + b9:e4:3e:58:30:4d:c3:a3:cf:48:fa:11:6e:82:fd:01:3c:66: + 80:db:4d:62:2c:e8:4b:ff:4b:b4:69:59:b5:c8:9c:4d:b7:56: + 23:5b:67:cc:2a:a9:c2:1e:08:e8:1f:38:74:c1:00:b5:a4:86: + f9:bf:12:6b:60:29:f7:3d:b8:66:97:b5:ba:24:f0:c3:24:77: + e6:5d +-----BEGIN CERTIFICATE----- +MIIDXTCCAsagAwIBAgIBAjANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJLUjEO +MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu +IFRlc3QxFzAVBgNVBAMMDlRlc3QgU2Vjb25kIENBMRswGQYJKoZIhvcNAQkBFgx0 +dEBnbWFpbC5jb20wHhcNMTQwNjE4MDgxMTA0WhcNMTUwNjE4MDgxMTA0WjB7MQsw +CQYDVQQGEwJLUjEOMAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxFzAV +BgNVBAsMDlRpemVuIFRlc3QgQUlBMRQwEgYDVQQDDAtUZXN0IFNpZ25lcjEbMBkG +CSqGSIb3DQEJARYMdHRAZ21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCwgKw+/71jWXnx4bLLZrTPmE+NrDfHSfZx8yTGYeewMzP6ZlXM8WduxNiq +pqm7G2XN182GEXsdoxwa09HtMVGqSGA/BCamD1Z6liHOEb4UTB3ROJ1lZDDkyJ9a +gZOfoZst/Aj8+bwV3x3ie+p4a2w/8eSsalrfef2gX6khaSsJOwIDAQABo4HxMIHu +MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl +cnRpZmljYXRlMB0GA1UdDgQWBBRL0nKiNUjzh1/LPvZoqLvnVfOZqjAfBgNVHSME +GDAWgBSpSfNbE0V2NHn/V5f660v2cWwYgDBzBggrBgEFBQcBAQRnMGUwIQYIKwYB +BQUHMAGGFWh0dHA6Ly8xMjcuMC4wLjE6ODg4ODBABggrBgEFBQcwAoY0aHR0cDov +L1NWUlNlY3VyZS1HMy1haWEudmVyaXNpZ24uY29tL1NWUlNlY3VyZUczLmNlcjAN +BgkqhkiG9w0BAQUFAAOBgQABP+yru9/2auZ4ekjV03WRg5Vq/rqmOHDruMNVbZ4H +4PBLRLSpC//OGahgEgUKe89BcB10lUi55D5YME3Do89I+hFugv0BPGaA201iLOhL +/0u0aVm1yJxNt1YjW2fMKqnCHgjoHzh0wQC1pIb5vxJrYCn3Pbhml7W6JPDDJHfm +XQ== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/ocsp/demoCA/newcerts/03.pem b/tests/cert-svc/data/ocsp/demoCA/newcerts/03.pem new file mode 100644 index 0000000..9c53eb0 --- /dev/null +++ b/tests/cert-svc/data/ocsp/demoCA/newcerts/03.pem @@ -0,0 +1,68 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Second CA/emailAddress=tt@gmail.com + Validity + Not Before: Jun 18 08:11:14 2014 GMT + Not After : Jun 18 08:11:14 2015 GMT + Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test REVOKED, CN=Test Signer/emailAddress=tt@gmail.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:dc:f4:b7:27:44:70:33:76:f5:d7:cf:43:4a:c2: + a8:0a:f0:f3:d0:df:02:dc:1c:1e:44:d4:be:d4:e3: + 08:46:41:a3:b5:4f:3c:23:89:34:90:64:7b:cc:52: + 15:93:07:4f:98:53:9d:db:cf:fd:8f:0a:70:ce:22: + c3:ff:02:4b:df:94:41:49:02:e8:a7:d7:4b:c8:1e: + 53:8b:82:9e:75:e2:db:ce:1e:33:34:4d:00:ac:3d: + 3c:06:86:c1:dd:27:39:e1:4b:01:56:04:2e:bb:ff: + 0f:ec:ed:57:bc:50:b6:ed:25:fe:0c:84:8c:22:59: + 38:f9:84:54:83:94:af:aa:97 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + FE:35:D9:5C:69:D8:F6:D2:BA:37:31:35:93:33:91:81:B4:21:EB:E9 + X509v3 Authority Key Identifier: + keyid:A9:49:F3:5B:13:45:76:34:79:FF:57:97:FA:EB:4B:F6:71:6C:18:80 + + Authority Information Access: + OCSP - URI:http://127.0.0.1:8888 + CA Issuers - URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer + + Signature Algorithm: sha1WithRSAEncryption + a8:6a:83:c1:9b:b2:6b:0f:b0:0e:09:a3:02:bf:e1:ab:19:bb: + 34:a9:24:ce:c9:f5:e1:a9:ba:20:ad:05:31:ec:f6:cc:47:f9: + f0:5e:3c:70:f1:01:6e:ac:6a:a5:05:2b:40:c5:20:34:e4:b6: + 3b:40:f9:c3:5f:0e:b7:0b:04:96:b1:be:25:e0:33:c3:64:63: + 59:83:73:4b:df:0c:ab:83:d1:00:9b:44:c3:93:55:f4:0d:8b: + fd:f9:55:59:b2:c0:13:7a:ed:b7:f1:4e:57:9f:1b:c5:3f:bd: + bf:4d:f9:5b:50:55:98:19:c0:06:24:65:10:48:4d:ad:75:bb: + 57:a6 +-----BEGIN CERTIFICATE----- +MIIDYTCCAsqgAwIBAgIBAzANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJLUjEO +MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu +IFRlc3QxFzAVBgNVBAMMDlRlc3QgU2Vjb25kIENBMRswGQYJKoZIhvcNAQkBFgx0 +dEBnbWFpbC5jb20wHhcNMTQwNjE4MDgxMTE0WhcNMTUwNjE4MDgxMTE0WjB/MQsw +CQYDVQQGEwJLUjEOMAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxGzAZ +BgNVBAsMElRpemVuIFRlc3QgUkVWT0tFRDEUMBIGA1UEAwwLVGVzdCBTaWduZXIx +GzAZBgkqhkiG9w0BCQEWDHR0QGdtYWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEA3PS3J0RwM3b1189DSsKoCvDz0N8C3BweRNS+1OMIRkGjtU88I4k0 +kGR7zFIVkwdPmFOd28/9jwpwziLD/wJL35RBSQLop9dLyB5Ti4KedeLbzh4zNE0A +rD08BobB3Sc54UsBVgQuu/8P7O1XvFC27SX+DISMIlk4+YRUg5SvqpcCAwEAAaOB +8TCB7jAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRl +ZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU/jXZXGnY9tK6NzE1kzORgbQh6+kwHwYD +VR0jBBgwFoAUqUnzWxNFdjR5/1eX+utL9nFsGIAwcwYIKwYBBQUHAQEEZzBlMCEG +CCsGAQUFBzABhhVodHRwOi8vMTI3LjAuMC4xOjg4ODgwQAYIKwYBBQUHMAKGNGh0 +dHA6Ly9TVlJTZWN1cmUtRzMtYWlhLnZlcmlzaWduLmNvbS9TVlJTZWN1cmVHMy5j +ZXIwDQYJKoZIhvcNAQEFBQADgYEAqGqDwZuyaw+wDgmjAr/hqxm7NKkkzsn14am6 +IK0FMez2zEf58F48cPEBbqxqpQUrQMUgNOS2O0D5w18OtwsElrG+JeAzw2RjWYNz +S98Mq4PRAJtEw5NV9A2L/flVWbLAE3rtt/FOV58bxT+9v035W1BVmBnABiRlEEhN +rXW7V6Y= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/ocsp/demoCA/newcerts/04.pem b/tests/cert-svc/data/ocsp/demoCA/newcerts/04.pem new file mode 100644 index 0000000..5b7155a --- /dev/null +++ b/tests/cert-svc/data/ocsp/demoCA/newcerts/04.pem @@ -0,0 +1,61 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4 (0x4) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Second CA/emailAddress=tt@gmail.com + Validity + Not Before: Jun 18 08:11:29 2014 GMT + Not After : Jun 18 08:11:29 2015 GMT + Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test NO AIA, CN=Test Signer/emailAddress=tt@gmail.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:c9:92:88:32:45:4e:93:f6:be:6d:39:97:e7:a0: + d1:93:1a:13:df:48:14:1b:e6:a8:85:ca:52:40:7f: + 37:86:ba:05:37:4e:ed:c1:b1:c9:1f:0f:d1:c9:d4: + 65:ee:db:2f:85:31:5a:04:7c:2d:d2:be:32:6d:a0: + d9:3e:17:49:29:f8:ec:be:a4:a6:2b:e6:ee:02:0c: + 20:39:0b:12:1c:7f:ac:bc:f8:a7:46:96:9c:0a:71: + 5e:dd:6d:88:cd:af:a1:41:52:86:c2:60:da:af:5f: + dc:44:a3:db:18:f9:fb:fd:9a:af:d1:1d:14:22:d0: + cd:03:af:d5:aa:db:c1:ed:0d + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + EC:0E:07:A6:63:F0:9C:4C:80:6E:25:56:70:93:B5:54:68:77:97:FC + X509v3 Authority Key Identifier: + keyid:A9:49:F3:5B:13:45:76:34:79:FF:57:97:FA:EB:4B:F6:71:6C:18:80 + + Signature Algorithm: sha1WithRSAEncryption + c3:6a:ad:09:16:63:c5:4a:f5:84:75:25:79:c0:1d:4e:1d:cc: + 15:df:e6:d9:46:6e:3b:0d:93:07:49:7d:ee:fa:4d:c6:39:03: + 05:62:cf:3e:4f:a7:2b:03:9c:6c:dd:76:f4:92:ea:03:c4:e6: + b3:b6:1d:4b:15:ea:ad:b6:11:a9:29:79:03:7d:a9:eb:6c:97: + 4b:f8:cf:9f:0e:e3:29:50:c2:c5:5b:ec:f8:d0:dd:7d:0c:6b: + 75:10:dc:08:0f:f2:38:6d:a6:e1:83:81:46:e6:8c:fe:3d:17: + e6:84:d3:a9:bd:d9:ad:d5:ba:b4:e4:86:57:46:6f:81:89:5e: + fe:bd +-----BEGIN CERTIFICATE----- +MIIC6TCCAlKgAwIBAgIBBDANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJLUjEO +MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu +IFRlc3QxFzAVBgNVBAMMDlRlc3QgU2Vjb25kIENBMRswGQYJKoZIhvcNAQkBFgx0 +dEBnbWFpbC5jb20wHhcNMTQwNjE4MDgxMTI5WhcNMTUwNjE4MDgxMTI5WjB+MQsw +CQYDVQQGEwJLUjEOMAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxGjAY +BgNVBAsMEVRpemVuIFRlc3QgTk8gQUlBMRQwEgYDVQQDDAtUZXN0IFNpZ25lcjEb +MBkGCSqGSIb3DQEJARYMdHRAZ21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQDJkogyRU6T9r5tOZfnoNGTGhPfSBQb5qiFylJAfzeGugU3Tu3Bsckf +D9HJ1GXu2y+FMVoEfC3SvjJtoNk+F0kp+Oy+pKYr5u4CDCA5CxIcf6y8+KdGlpwK +cV7dbYjNr6FBUobCYNqvX9xEo9sY+fv9mq/RHRQi0M0Dr9Wq28HtDQIDAQABo3sw +eTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBD +ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU7A4HpmPwnEyAbiVWcJO1VGh3l/wwHwYDVR0j +BBgwFoAUqUnzWxNFdjR5/1eX+utL9nFsGIAwDQYJKoZIhvcNAQEFBQADgYEAw2qt +CRZjxUr1hHUlecAdTh3MFd/m2UZuOw2TB0l97vpNxjkDBWLPPk+nKwOcbN129JLq +A8Tms7YdSxXqrbYRqSl5A32p62yXS/jPnw7jKVDCxVvs+NDdfQxrdRDcCA/yOG2m +4YOBRuaM/j0X5oTTqb3ZrdW6tOSGV0ZvgYle/r0= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/ocsp/demoCA/newcerts/05.pem b/tests/cert-svc/data/ocsp/demoCA/newcerts/05.pem new file mode 100644 index 0000000..23eb39e --- /dev/null +++ b/tests/cert-svc/data/ocsp/demoCA/newcerts/05.pem @@ -0,0 +1,66 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 5 (0x5) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Second CA/emailAddress=tt@gmail.com + Validity + Not Before: Jun 18 08:11:46 2014 GMT + Not After : Jun 18 08:11:46 2015 GMT + Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test OCSP Response Signer, CN=OCSP Response Signer/emailAddress=tt@gmail.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:cb:b2:52:c6:6d:75:32:a3:41:e5:7a:3c:21:a0: + fd:e5:9d:d5:42:fe:3b:7d:e7:7d:8f:6d:b6:75:22: + 39:51:9f:ba:2b:f2:ff:aa:9b:bc:4e:11:cc:42:1f: + 84:04:4d:8f:fa:a1:86:e0:80:54:8b:84:6e:58:b9: + 5c:f2:e2:99:3f:d4:e5:cd:d0:27:a3:f9:23:52:d1: + d3:9d:59:ce:a3:db:2e:ce:6d:1d:6d:1b:a2:28:8c: + 52:c2:c1:57:30:41:0c:c1:b9:3a:66:75:e5:da:2a: + 41:cc:27:98:8b:03:f3:e6:a1:3e:ec:24:83:45:84: + 47:21:54:25:53:33:3b:6d:01 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Extended Key Usage: + OCSP Signing + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + BD:88:26:A9:60:B7:BB:51:73:06:06:4B:72:52:F6:44:50:3B:EE:90 + X509v3 Authority Key Identifier: + keyid:A9:49:F3:5B:13:45:76:34:79:FF:57:97:FA:EB:4B:F6:71:6C:18:80 + + Signature Algorithm: sha1WithRSAEncryption + 33:1f:11:ca:e8:01:2a:92:df:5c:07:98:f3:0c:5e:61:a8:6c: + 58:47:6e:24:d1:01:da:ea:7c:40:2d:e8:89:38:e4:5a:12:cd: + 3f:e0:24:bd:bb:79:f0:0f:8f:6f:72:21:d5:a2:18:89:24:f8: + 61:98:ed:66:59:64:4d:da:9b:6f:20:0b:6e:a4:7f:b0:0b:f1: + ae:70:3a:54:0b:06:53:58:a0:28:22:67:78:4b:88:97:43:8d: + 1c:58:d3:9b:77:49:6c:66:ed:46:01:e5:4f:6f:96:5a:e0:f8: + 90:8c:6b:7d:cc:c6:45:6c:60:cf:2e:b0:c7:85:fe:21:41:67: + e5:48 +-----BEGIN CERTIFICATE----- +MIIDJTCCAo6gAwIBAgIBBTANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJLUjEO +MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu +IFRlc3QxFzAVBgNVBAMMDlRlc3QgU2Vjb25kIENBMRswGQYJKoZIhvcNAQkBFgx0 +dEBnbWFpbC5jb20wHhcNMTQwNjE4MDgxMTQ2WhcNMTUwNjE4MDgxMTQ2WjCBlTEL +MAkGA1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMRAwDgYDVQQKDAdTYW1zdW5nMSgw +JgYDVQQLDB9UaXplbiBUZXN0IE9DU1AgUmVzcG9uc2UgU2lnbmVyMR0wGwYDVQQD +DBRPQ1NQIFJlc3BvbnNlIFNpZ25lcjEbMBkGCSqGSIb3DQEJARYMdHRAZ21haWwu +Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLslLGbXUyo0HlejwhoP3l +ndVC/jt9532PbbZ1IjlRn7or8v+qm7xOEcxCH4QETY/6oYbggFSLhG5YuVzy4pk/ +1OXN0Cej+SNS0dOdWc6j2y7ObR1tG6IojFLCwVcwQQzBuTpmdeXaKkHMJ5iLA/Pm +oT7sJINFhEchVCVTMzttAQIDAQABo4GeMIGbMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgXgMBMGA1UdJQQMMAoGCCsGAQUFBwMJMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM +IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUvYgmqWC3u1FzBgZLclL2 +RFA77pAwHwYDVR0jBBgwFoAUqUnzWxNFdjR5/1eX+utL9nFsGIAwDQYJKoZIhvcN +AQEFBQADgYEAMx8RyugBKpLfXAeY8wxeYahsWEduJNEB2up8QC3oiTjkWhLNP+Ak +vbt58A+Pb3Ih1aIYiST4YZjtZllkTdqbbyALbqR/sAvxrnA6VAsGU1igKCJneEuI +l0ONHFjTm3dJbGbtRgHlT2+WWuD4kIxrfczGRWxgzy6wx4X+IUFn5Ug= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/ocsp/demoCA/openssl.cnf b/tests/cert-svc/data/ocsp/demoCA/openssl.cnf new file mode 100644 index 0000000..817a689 --- /dev/null +++ b/tests/cert-svc/data/ocsp/demoCA/openssl.cnf @@ -0,0 +1,459 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +# Policies used by the TSA examples. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = default # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ no_ext ] +# no contents hear + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (e.g. server FQDN or YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This is required for TSA certificates. +# extendedKeyUsage = critical,timeStamping + +# AIA +authorityInfoAccess = OCSP;URI:http://127.0.0.1:8888,caIssuers;URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer + +[ usr_cert_noaia ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] +# Extensions for a typical CA + +# PKIX recommendation. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +# AIA(Authority Information Access) +#authorityInfoAccess = OCSP;URI:http://ocsp.verisign.com +#authorityInfoAccess = caIssuers;URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer +authorityInfoAccess = OCSP;URI:http://127.0.0.1:8888,caIssuers;URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer + + +[ v3_ca_noaia ] +# Extensions for a typical CA + +# PKIX recommendation. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +# AIA(Authority Information Access) +#authorityInfoAccess = OCSP;URI:http://ocsp.verisign.com +#authorityInfoAccess = caIssuers;URI:http://SVRSecure-G3-aia.verisign.com/SVRSecureG3.cer + + +# CRL extensions. +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo + +#################################################################### +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = ./demoCA # TSA root directory +serial = $dir/tsaserial # The current serial number (mandatory) +crypto_device = builtin # OpenSSL engine to use for signing +signer_cert = $dir/tsacert.pem # The TSA signing certificate + # (optional) +certs = $dir/cacert.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/private/tsakey.pem # The TSA private key (optional) + +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = md5, sha1 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +clock_precision_digits = 0 # number of digits after dot. (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = no # Must the ESS cert id chain be included? + # (optional, default: no) + +###########################################################################33 +[ v3_ocsp ] +basicConstraints=CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = OCSPSigning + +nsComment = "OpenSSL Generated Certificate" + +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + diff --git a/tests/cert-svc/data/ocsp/demoCA/private/cakey.pem b/tests/cert-svc/data/ocsp/demoCA/private/cakey.pem new file mode 100644 index 0000000..9147c1e --- /dev/null +++ b/tests/cert-svc/data/ocsp/demoCA/private/cakey.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDLJrMAF/JzxIIrQzQ/3FGt7cGAUEYaEFSo+hcDKYRXaZC33/kk +VANYFh+log9eMJUUlt0TBOg79tOnS/5MBwWaVLEOLalv0Uj2FfjEMpGd/xEF6Vv3 +4mSTcWadMHyDwYwDZVwdFkrvOkA6WwgwS8XSrpbH/nkKUkKpk+YYljKEzQIDAQAB +AoGBAKzIUV42/+Mus3eQRRQ7kszXdshnffgVA6xkaMYrvX+LLab2O7SGMAHvbyM0 +3tVBhMpqNcVDWzIFEKctny+SmVPRr1SWmweLCs32Q3qgH/MPIHJ4rCFRBQACQLET +aXiv1pF5HchwfA94S5qmwEDYBSBoGfm/0gP4FSEAWf8UgccRAkEA60uR5Mqokm/w +8ev+XN+7nKiLkl2G98BCX+LxCDVvGfatLY9wEUs7MyPE4SUj3nkpSJ0IvMT+QVzn +aqM9aIGgWwJBAN0HB5n64EaSNq653D/LQigegkVdOfH6yMb/kdTJwNJavuEJYoh1 +oH9tWe1ajcaloWtwbwWvsbUvM2StdzqL9/cCQHY6OIp/kghSmvzUGbFM8hYbUlYv +DHw8bJ2FiJsZTkP7gLTd1++4n3xowqpmYQmOU8IataM0UJVDOzyH3Xk/ePUCQGV6 +9siB4TtFoomymCdKIYPeDh3e4d3yMQD9Em3KfBeYxo74Ch9xMlGPWXya2QFdxrFX +nAHWWxc/Jq+Q3W8qGJ0CQQCOsjHigGpEKvhH0D4UFRyZ7MtqEsQqG6g2QuWxUcwH +MbC8QKgM7psAQxR55aXOeIdOKA3sxURBNuLI0HP4wQap +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/ocsp/demoCA/serial b/tests/cert-svc/data/ocsp/demoCA/serial new file mode 100644 index 0000000..cd672a5 --- /dev/null +++ b/tests/cert-svc/data/ocsp/demoCA/serial @@ -0,0 +1 @@ +06 diff --git a/tests/cert-svc/data/ocsp/demoCA/serial.old b/tests/cert-svc/data/ocsp/demoCA/serial.old new file mode 100644 index 0000000..eeee65e --- /dev/null +++ b/tests/cert-svc/data/ocsp/demoCA/serial.old @@ -0,0 +1 @@ +05 diff --git a/tests/cert-svc/data/ocsp/noaia_signer.der b/tests/cert-svc/data/ocsp/noaia_signer.der Binary files differnew file mode 100644 index 0000000..0f695e3 --- /dev/null +++ b/tests/cert-svc/data/ocsp/noaia_signer.der diff --git a/tests/cert-svc/data/ocsp/noroot_cert.pem b/tests/cert-svc/data/ocsp/noroot_cert.pem new file mode 100644 index 0000000..fd08360 --- /dev/null +++ b/tests/cert-svc/data/ocsp/noroot_cert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICpzCCAhCgAwIBAgIBADANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQGEwJDUjEM +MAoGA1UECBMDU1RSMQswCQYDVQQKEwJPUjEMMAoGA1UECxMDT1VSMQwwCgYDVQQD +EwNDTlIxFTATBgkqhkiG9w0BCQEWBkVtYWlsUjAeFw0wNzEyMTkwNTE5MjBaFw0x +MDEyMTgwNTE5MjBaMFsxCzAJBgNVBAYTAkNSMQwwCgYDVQQIEwNTVFIxCzAJBgNV +BAoTAk9SMQwwCgYDVQQLEwNPVVIxDDAKBgNVBAMTA0NOUjEVMBMGCSqGSIb3DQEJ +ARYGRW1haWxSMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG2dhVCOuBD2i4 +mjWLU8vkQpRVylojbSzxvO3uynaOZAnhqLxu2F2ugR1NLJOlrgbjq13xCO4FjKZj +eb4kln5HJl7GLCNz8ns2+kAtwiVfpZnQ8U6Y/1BLiB7sLH+ONB4g6Rm9cgST1e6H +e/EJMkzU75+wkj94ORZ4TINDU4kU4QIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCG +SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E +FgQUX0cbXBYMGt9k4/HRapEA9XUlKk4wHwYDVR0jBBgwFoAUX0cbXBYMGt9k4/HR +apEA9XUlKk4wDQYJKoZIhvcNAQEFBQADgYEAXyKHjF6k0yNY/og30g1+SsNxYNqC +yzGEbCywXELFakhQ1qmx12VY6qkeo+khyuiRfp9cDx8sSQ2asypIYeO9ctRNmp4D +lC8YNI7BdY/g4Xq7uy4BKeng8Mv8VNAtdBaKreJqSk5RvQmepXRiTJgo2DzGlCU5 +3aU1rQ6vF96wFt4= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/ocsp/ocsp_level1.crt b/tests/cert-svc/data/ocsp/ocsp_level1.crt new file mode 100644 index 0000000..b6276d4 --- /dev/null +++ b/tests/cert-svc/data/ocsp/ocsp_level1.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx +ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g +RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMTYw +MTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH +QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5j +b20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j +b20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161+4WQFapmGBWTtwY6vj3D3H +KrjJM9N55DrtPDAjhI6zMBS2sofDPZVUBJ7fmd0LJR4h3mUpfjWoqVTr9vcyOdQm +VZWt7/v+WIbXnvQAjYwqDL1CBM6nPwT27oDyqu9SoWlm2r4arV3aLGbqGmu75RpR +SgAvSMeYddi5Kcju+GZtCpyz8/x4fKL4o/K1w/O5epHBp+YlLpyo7RJlbmr2EkRT +cDCVw5wrWCs9CHRK8r5RsL+H0EwnWGu1NcWdrxcx+AuP7q2BNgWJCJjPOq8lh8BJ +6qf9Z/dFjpfMFDniNoW1fho3/Rb2cRGadDAW/hOUoz+EDU8CAwEAAaOCATIwggEu +MB0GA1UdDgQWBBT9rGEyk2xF1uLuhV+auud2mWjM5zAfBgNVHSMEGDAWgBTSxLDS +kdRMEXGzYcs9of7dqGrU4zASBgNVHRMBAf8ECDAGAQH/AgEAMDMGCCsGAQUFBwEB +BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wRgYDVR0f +BD8wPTA7oDmgN4Y1aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv +c2l0b3J5L2dkcm9vdC5jcmwwSwYDVR0gBEQwQjBABgRVHSAAMDgwNgYIKwYBBQUH +AgEWKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTAO +BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBANKGwOy9+aG2Z+5mC6IG +OgRQjhVyrEp0lVPLN8tESe8HkGsz2ZbwlFalEzAFPIUyIXvJxwqoJKSQ3kbTJSMU +A2fCENZvD117esyfxVgqwcSeIaha86ykRvOe5GPLL5CkKSkB2XIsKd83ASe8T+5o +0yGPwLPk9Qnt0hCqU7S+8MxZC9Y7lhyVJEnfzuz9p0iRFEUOOjZv2kWzRaJBydTX +RE4+uXR21aITVSzGh6O1mawGhId/dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuH +qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV +U+4= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/ocsp/ocsp_level2.crt b/tests/cert-svc/data/ocsp/ocsp_level2.crt new file mode 100644 index 0000000..ec9fc33 --- /dev/null +++ b/tests/cert-svc/data/ocsp/ocsp_level2.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE+zCCBGSgAwIBAgICAQ0wDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1Zh +bGlDZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIElu +Yy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24g +QXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAe +BgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTA0MDYyOTE3MDYyMFoX +DTI0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBE +YWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgC +ggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv +2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+q +N1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiO +r18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lN +f4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEH +U1jPEX44dMX4/7VpkI+EdOqXG68CAQOjggHhMIIB3TAdBgNVHQ4EFgQU0sSw0pHU +TBFxs2HLPaH+3ahq1OMwgdIGA1UdIwSByjCBx6GBwaSBvjCBuzEkMCIGA1UEBxMb +VmFsaUNlcnQgVmFsaWRhdGlvbiBOZXR3b3JrMRcwFQYDVQQKEw5WYWxpQ2VydCwg +SW5jLjE1MDMGA1UECxMsVmFsaUNlcnQgQ2xhc3MgMiBQb2xpY3kgVmFsaWRhdGlv +biBBdXRob3JpdHkxITAfBgNVBAMTGGh0dHA6Ly93d3cudmFsaWNlcnQuY29tLzEg +MB4GCSqGSIb3DQEJARYRaW5mb0B2YWxpY2VydC5jb22CAQEwDwYDVR0TAQH/BAUw +AwEB/zAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmdv +ZGFkZHkuY29tMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jZXJ0aWZpY2F0ZXMu +Z29kYWRkeS5jb20vcmVwb3NpdG9yeS9yb290LmNybDBLBgNVHSAERDBCMEAGBFUd +IAAwODA2BggrBgEFBQcCARYqaHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNv +bS9yZXBvc2l0b3J5MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOBgQC1 +QPmnHfbq/qQaQlpE9xXUhUaJwL6e4+PrxeNYiY+Sn1eocSxI0YGyeR+sBjUZsE4O +WBsUs5iB0QQeyAfJg594RAoYC5jcdnplDQ1tgMQLARzLrUc+cb53S8wGd9D0Vmsf +SxOaFIqII6hR8INMqzW/Rn453HWkrugp++85j09VZw== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/ocsp/ocsp_rootca.crt b/tests/cert-svc/data/ocsp/ocsp_rootca.crt new file mode 100644 index 0000000..8417dc7 --- /dev/null +++ b/tests/cert-svc/data/ocsp/ocsp_rootca.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy
+NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY
+dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9
+WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS
+v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v
+UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu
+IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC
+W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd
+-----END CERTIFICATE-----
diff --git a/tests/cert-svc/data/ocsp/ocsp_signer.crt b/tests/cert-svc/data/ocsp/ocsp_signer.crt new file mode 100644 index 0000000..23eb39e --- /dev/null +++ b/tests/cert-svc/data/ocsp/ocsp_signer.crt @@ -0,0 +1,66 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 5 (0x5) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Second CA/emailAddress=tt@gmail.com + Validity + Not Before: Jun 18 08:11:46 2014 GMT + Not After : Jun 18 08:11:46 2015 GMT + Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test OCSP Response Signer, CN=OCSP Response Signer/emailAddress=tt@gmail.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:cb:b2:52:c6:6d:75:32:a3:41:e5:7a:3c:21:a0: + fd:e5:9d:d5:42:fe:3b:7d:e7:7d:8f:6d:b6:75:22: + 39:51:9f:ba:2b:f2:ff:aa:9b:bc:4e:11:cc:42:1f: + 84:04:4d:8f:fa:a1:86:e0:80:54:8b:84:6e:58:b9: + 5c:f2:e2:99:3f:d4:e5:cd:d0:27:a3:f9:23:52:d1: + d3:9d:59:ce:a3:db:2e:ce:6d:1d:6d:1b:a2:28:8c: + 52:c2:c1:57:30:41:0c:c1:b9:3a:66:75:e5:da:2a: + 41:cc:27:98:8b:03:f3:e6:a1:3e:ec:24:83:45:84: + 47:21:54:25:53:33:3b:6d:01 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature, Non Repudiation, Key Encipherment + X509v3 Extended Key Usage: + OCSP Signing + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + BD:88:26:A9:60:B7:BB:51:73:06:06:4B:72:52:F6:44:50:3B:EE:90 + X509v3 Authority Key Identifier: + keyid:A9:49:F3:5B:13:45:76:34:79:FF:57:97:FA:EB:4B:F6:71:6C:18:80 + + Signature Algorithm: sha1WithRSAEncryption + 33:1f:11:ca:e8:01:2a:92:df:5c:07:98:f3:0c:5e:61:a8:6c: + 58:47:6e:24:d1:01:da:ea:7c:40:2d:e8:89:38:e4:5a:12:cd: + 3f:e0:24:bd:bb:79:f0:0f:8f:6f:72:21:d5:a2:18:89:24:f8: + 61:98:ed:66:59:64:4d:da:9b:6f:20:0b:6e:a4:7f:b0:0b:f1: + ae:70:3a:54:0b:06:53:58:a0:28:22:67:78:4b:88:97:43:8d: + 1c:58:d3:9b:77:49:6c:66:ed:46:01:e5:4f:6f:96:5a:e0:f8: + 90:8c:6b:7d:cc:c6:45:6c:60:cf:2e:b0:c7:85:fe:21:41:67: + e5:48 +-----BEGIN CERTIFICATE----- +MIIDJTCCAo6gAwIBAgIBBTANBgkqhkiG9w0BAQUFADB6MQswCQYDVQQGEwJLUjEO +MAwGA1UECAwFU2VvdWwxEDAOBgNVBAoMB1NhbXN1bmcxEzARBgNVBAsMClRpemVu +IFRlc3QxFzAVBgNVBAMMDlRlc3QgU2Vjb25kIENBMRswGQYJKoZIhvcNAQkBFgx0 +dEBnbWFpbC5jb20wHhcNMTQwNjE4MDgxMTQ2WhcNMTUwNjE4MDgxMTQ2WjCBlTEL +MAkGA1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMRAwDgYDVQQKDAdTYW1zdW5nMSgw +JgYDVQQLDB9UaXplbiBUZXN0IE9DU1AgUmVzcG9uc2UgU2lnbmVyMR0wGwYDVQQD +DBRPQ1NQIFJlc3BvbnNlIFNpZ25lcjEbMBkGCSqGSIb3DQEJARYMdHRAZ21haWwu +Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLslLGbXUyo0HlejwhoP3l +ndVC/jt9532PbbZ1IjlRn7or8v+qm7xOEcxCH4QETY/6oYbggFSLhG5YuVzy4pk/ +1OXN0Cej+SNS0dOdWc6j2y7ObR1tG6IojFLCwVcwQQzBuTpmdeXaKkHMJ5iLA/Pm +oT7sJINFhEchVCVTMzttAQIDAQABo4GeMIGbMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgXgMBMGA1UdJQQMMAoGCCsGAQUFBwMJMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM +IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUvYgmqWC3u1FzBgZLclL2 +RFA77pAwHwYDVR0jBBgwFoAUqUnzWxNFdjR5/1eX+utL9nFsGIAwDQYJKoZIhvcN +AQEFBQADgYEAMx8RyugBKpLfXAeY8wxeYahsWEduJNEB2up8QC3oiTjkWhLNP+Ak +vbt58A+Pb3Ih1aIYiST4YZjtZllkTdqbbyALbqR/sAvxrnA6VAsGU1igKCJneEuI +l0ONHFjTm3dJbGbtRgHlT2+WWuD4kIxrfczGRWxgzy6wx4X+IUFn5Ug= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/ocsp/ocsp_signer.key b/tests/cert-svc/data/ocsp/ocsp_signer.key new file mode 100644 index 0000000..d5b8952 --- /dev/null +++ b/tests/cert-svc/data/ocsp/ocsp_signer.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDLslLGbXUyo0HlejwhoP3lndVC/jt9532PbbZ1IjlRn7or8v+q +m7xOEcxCH4QETY/6oYbggFSLhG5YuVzy4pk/1OXN0Cej+SNS0dOdWc6j2y7ObR1t +G6IojFLCwVcwQQzBuTpmdeXaKkHMJ5iLA/PmoT7sJINFhEchVCVTMzttAQIDAQAB +AoGAR6q7+Nh2DZTnEGgLVAGikvEPIXz1TXzu7lG5iki6Rf+eruvWDB6zB/y3EuSn +vCPV7mZ6X+6G0HeNo2XEUChtpij9kFPvvzDtFh5QEH9Opj/CFX4j1FcxMH7RyZv7 +VjBnfa1c9futYYJGLMynX7J+paSYC02FMMqXdwWeBfCeQ2ECQQDmj2GtiCkzQJS6 +D0G10l5Ion4UUXHbzaEXLyqkuBYka8m5WPPhmHKI+QLb6zL6mQHw+bHVwlJHCThk +oePKJbUlAkEA4iwhMwgTAIxD4kYA1GEb6V2PB1taXRn3nUKWYePkC7wDbPGkZmPG +LqThVZQdgYYlmhGrUCWrAloGi322FNwHrQJAQ0rl/3gWTlczEXsSercDvb9vfQ6o +ZLcHpXSmxZzVGZw8LFTCGb4c781+ACINpwaxglveg71LtmACjZySl5WZ4QJAcpJm +UwKhFaL4dHR/0RZMXGBPpyto0EbqP5jOs1INYMBif9q9LD0Y1OIjYAXDGK0K+UxA +Gz6prWxLanhJN7HqlQJBAL2WPV7Et9Uy1iNULd34n2FGHShvhNL99maT/pUGxpna +ltX8KGsHS3cCvSG3zmiReDYG1xJw69c59OfMPRufJRk= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/ocsp/rev_signer.der b/tests/cert-svc/data/ocsp/rev_signer.der Binary files differnew file mode 100644 index 0000000..5b5a621 --- /dev/null +++ b/tests/cert-svc/data/ocsp/rev_signer.der diff --git a/tests/cert-svc/data/ocsp/root_ca.der b/tests/cert-svc/data/ocsp/root_ca.der Binary files differnew file mode 100644 index 0000000..11a8fae --- /dev/null +++ b/tests/cert-svc/data/ocsp/root_ca.der diff --git a/tests/cert-svc/data/ocsp/second_ca.der b/tests/cert-svc/data/ocsp/second_ca.der Binary files differnew file mode 100644 index 0000000..67f4456 --- /dev/null +++ b/tests/cert-svc/data/ocsp/second_ca.der diff --git a/tests/cert-svc/data/pfx/pfxtest.crt b/tests/cert-svc/data/pfx/pfxtest.crt new file mode 100644 index 0000000..70debc4 --- /dev/null +++ b/tests/cert-svc/data/pfx/pfxtest.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICsDCCAhmgAwIBAgIJAN8GoBDEijurMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQwHhcNMTEwNTE5MDExMzEyWhcNMTIwNTE4MDExMzEyWjBF +MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50 +ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQDQXOd31QayaocvkpRZgLPd0d+bUaoMWQE5t6NtgKmvC83o3qZFoigKjox2BeTx ++ywyhAMiLpob2Hn3Rl4OuKFIUiEn6xdpW+29HeenxK2cZRVmfdsqylqpkdfi3fQY +aIDp4Z+aHXaVAN/5hz5UtRHKlMaz+euTLd6BhQPQX0txFwIDAQABo4GnMIGkMB0G +A1UdDgQWBBSsnqdXF5mOVx9EXUG/y7O7nRjIWTB1BgNVHSMEbjBsgBSsnqdXF5mO +Vx9EXUG/y7O7nRjIWaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt +U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAN8GoBDE +ijurMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAzkDAU7L/iIuweO2n +2AoFzTX9sIk+1vq5CC5jtgCOe9Sa92TJcKDOySxpZJz5gpW+bZi+BjNbYiSqMASg +whlY63X+i0Ea5RKZTkoQZLfWw+dKKIlSqJfixkUPScOn7mmDM8sCMMXNJ/KaZqRK +Ojl5x1BXedyIzOzk/7Dcz2jGQUs= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/pfx/pfxtest.key b/tests/cert-svc/data/pfx/pfxtest.key new file mode 100644 index 0000000..0b3afa9 --- /dev/null +++ b/tests/cert-svc/data/pfx/pfxtest.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQDQXOd31QayaocvkpRZgLPd0d+bUaoMWQE5t6NtgKmvC83o3qZF +oigKjox2BeTx+ywyhAMiLpob2Hn3Rl4OuKFIUiEn6xdpW+29HeenxK2cZRVmfdsq +ylqpkdfi3fQYaIDp4Z+aHXaVAN/5hz5UtRHKlMaz+euTLd6BhQPQX0txFwIDAQAB +AoGBAMJNAGSUuGwEPxAzxjc4d4Jwxe4W11YwYZ4rCzF/+7wKa/euOKtSrbg6ee1N +TdQBf5OT20Ay6O7yjbnzWp6ruWkCbTtRSd2GY/hUP+o0XEEeyRAEvWD6UCeWlUy9 +Geu8ePe30O6tvdBdS33+Y1OLHbSyA6UobT040HwiLOeKX67BAkEA8AAKZvtiuJmm +muMkja4arMs1iGEezvMqBLhcqmqB4IOMbOWGgXUpdz/RVU8bkv6aoz7MmcIAyr+h +POLh84mXZwJBAN5A7UQmBGiPd3eMI3012wf2N6MGbRk/5ZkVOO5q/0kPq3Mqdmfi +oZpqUOLvTqdeYPJCIPKN3SAMne9v4oCautECQQDYVgEKcUG8yuvuJB+4Ap+S8J3x +sDH4NCLFHHaTOuyVt56mLoN/QGA/WOxWLLfbWduEmUAOvVy/ZdtuqckpIPazAkBE +RQdczpy+DYux8h8YoAlm2a/faOLsRZ9eNZGmUsGWDLUqjBmQ8aGYUB4Gh2HOsYPw +BnYea4tIA/gji2e0/1JxAkEAswhUY3QeaXIawxdnswmeHu5KUhiM2LZXSo+DoOf2 +vNDPZviZX2LaZ79i1na3JkFaYJvLSemBICbLwWC/3GgOAg== +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/pfx/pfxtest.pfx b/tests/cert-svc/data/pfx/pfxtest.pfx Binary files differnew file mode 100644 index 0000000..e1f7168 --- /dev/null +++ b/tests/cert-svc/data/pfx/pfxtest.pfx diff --git a/tests/cert-svc/data/pfx/temp/server.crt b/tests/cert-svc/data/pfx/temp/server.crt new file mode 100644 index 0000000..17d3a68 --- /dev/null +++ b/tests/cert-svc/data/pfx/temp/server.crt @@ -0,0 +1,65 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 5 (0x5) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain5, CN=chain5/emailAddress=chain5 + Validity + Not Before: May 13 01:23:13 2011 GMT + Not After : May 12 01:23:13 2012 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=server, CN=server/emailAddress=server + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:d9:75:ea:49:42:39:98:26:0f:61:30:bd:f3:70: + 17:bd:ca:5b:1b:a1:31:68:9d:63:7e:a6:c5:1e:2e: + 1f:13:63:6b:ef:b0:23:b7:21:b6:1e:f7:65:f1:01: + e7:1c:4a:c8:d1:15:20:e9:d4:cb:9d:b2:4c:57:b4: + a8:4b:0e:e3:5b:54:16:10:51:3b:3f:af:51:e9:e3: + d0:7d:1e:a3:30:59:dd:8e:8c:b5:69:02:5d:a3:5e: + 37:02:22:05:e2:6d:04:b8:fb:2b:33:d5:59:c9:e3: + 9e:74:59:65:b2:7f:03:e5:0c:dd:93:62:1a:55:94: + 4d:5c:e1:bd:cc:99:19:04:61 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 2E:EE:9A:24:CA:AA:22:7C:B3:7F:13:56:FC:A8:FC:06:0F:FB:63:7D + X509v3 Authority Key Identifier: + DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain4/CN=chain4/emailAddress=chain4 + serial:04 + + Signature Algorithm: sha1WithRSAEncryption + d6:e7:97:51:80:37:cc:cf:b5:96:47:cc:4b:ca:62:f4:d1:43: + a1:d2:8b:9a:21:50:99:04:9f:c0:00:f1:0c:71:18:82:88:63: + 9e:86:6c:a1:2c:25:0e:c1:30:32:db:02:5b:47:ae:8d:5e:ba: + 0f:3d:16:84:39:c6:30:91:8d:b9:23:1b:a9:58:52:9c:49:81: + c9:87:e3:34:1d:dc:a0:dd:81:0b:1e:f6:d7:a7:2e:bd:dc:1c: + 7b:d7:5c:0f:ec:da:09:81:45:36:63:76:e8:31:ba:cd:26:dc: + 7a:80:18:c4:3e:be:14:14:07:dc:4b:1a:b5:c4:2c:38:10:f6: + 13:84 +-----BEGIN CERTIFICATE----- +MIIDZTCCAs6gAwIBAgIBBTANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjUxDzANBgNVBAMTBmNoYWluNTEVMBMGCSqG +SIb3DQEJARYGY2hhaW41MB4XDTExMDUxMzAxMjMxM1oXDTEyMDUxMjAxMjMxM1ow +fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGc2VydmVyMQ8wDQYDVQQD +EwZzZXJ2ZXIxFTATBgkqhkiG9w0BCQEWBnNlcnZlcjCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEA2XXqSUI5mCYPYTC983AXvcpbG6ExaJ1jfqbFHi4fE2Nr77Aj +tyG2Hvdl8QHnHErI0RUg6dTLnbJMV7SoSw7jW1QWEFE7P69R6ePQfR6jMFndjoy1 +aQJdo143AiIF4m0EuPsrM9VZyeOedFllsn8D5Qzdk2IaVZRNXOG9zJkZBGECAwEA +AaOB8jCB7zAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy +YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQULu6aJMqqInyzfxNW/Kj8Bg/7Y30w +gZQGA1UdIwSBjDCBiaGBg6SBgDB+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t +ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ8wDQYD +VQQLEwZjaGFpbjQxDzANBgNVBAMTBmNoYWluNDEVMBMGCSqGSIb3DQEJARYGY2hh +aW40ggEEMA0GCSqGSIb3DQEBBQUAA4GBANbnl1GAN8zPtZZHzEvKYvTRQ6HSi5oh +UJkEn8AA8QxxGIKIY56GbKEsJQ7BMDLbAltHro1eug89FoQ5xjCRjbkjG6lYUpxJ +gcmH4zQd3KDdgQse9tenLr3cHHvXXA/s2gmBRTZjdugxus0m3HqAGMQ+vhQUB9xL +GrXELDgQ9hOE +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/pfx/temp/server.key b/tests/cert-svc/data/pfx/temp/server.key new file mode 100644 index 0000000..5f76b2e --- /dev/null +++ b/tests/cert-svc/data/pfx/temp/server.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDZdepJQjmYJg9hML3zcBe9ylsboTFonWN+psUeLh8TY2vvsCO3 +IbYe92XxAeccSsjRFSDp1MudskxXtKhLDuNbVBYQUTs/r1Hp49B9HqMwWd2OjLVp +Al2jXjcCIgXibQS4+ysz1VnJ4550WWWyfwPlDN2TYhpVlE1c4b3MmRkEYQIDAQAB +AoGAGiCCr56XUOJxwpmamN8E2zauz5kEWK9gPt1GnaOo9Clj1H5zLBOO0BWlV9mE +rO+HRSemtrFsbVv4tCjud2Yohp2yAAe8nnW33Xf4KDLZ62wtP5HCXaIoNZKmTnpC +QHc2I/k674jUGE4tCvrYwg0CJQQrpTpXizA8YECudxZ48okCQQD9gKVPdlBeEsF2 +OVKHF//n1LI6+2cD9sWoPzdXayVcpemDyTl+GIQYhqZDVWsMj6DvfOHHlNZdYGr2 +XrmCbvCvAkEA25peZpnAnnwcqgKUrbaNKq5rmYPtbdu5I6rloMUs/OiO2lHkXs9Q +QN904G1dTYOcaEOVH5nMuwD04Es/7Lj/7wJBALE9SddV9Hjhiivbhiz4Ba8UUgzV +C0CFP8sTb+EKA9RUGAFRJoZYI7t2ITcAuNjObwoieUVudbZRnFdnATMF1/cCQQCF +SEvDOc4OYoWDKc3TINjM7s+ffNK9un3DiBWWXhXP6dXJ66oPYQP0W6s0Cyx1v0tO +fLYlV9NKLGpzNzi1FBNBAkAO4WRyZXBK9BVBLyfJq77uptlLZW71yl2X1oSklFyM +MpLH4u1SJorRypt7MsxPgcF4pAZSs/TWaCmx8nmSBcEE +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/pfx/temp/server.pfx b/tests/cert-svc/data/pfx/temp/server.pfx Binary files differnew file mode 100644 index 0000000..b08b0b0 --- /dev/null +++ b/tests/cert-svc/data/pfx/temp/server.pfx diff --git a/tests/cert-svc/data/pfx/temp/temp.crt b/tests/cert-svc/data/pfx/temp/temp.crt new file mode 100644 index 0000000..9f5d2fe --- /dev/null +++ b/tests/cert-svc/data/pfx/temp/temp.crt @@ -0,0 +1,25 @@ +Bag Attributes + localKeyID: 36 5A C4 1E 25 04 62 BD 9A E0 42 59 82 36 DD 24 FE AD 83 A0 +subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=server/CN=server/emailAddress=server +issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/OU=chain5/CN=chain5/emailAddress=chain5 +-----BEGIN CERTIFICATE----- +MIIDZTCCAs6gAwIBAgIBBTANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJBVTET +MBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMQ8wDQYDVQQLEwZjaGFpbjUxDzANBgNVBAMTBmNoYWluNTEVMBMGCSqG +SIb3DQEJARYGY2hhaW41MB4XDTExMDUxMzAxMjMxM1oXDTEyMDUxMjAxMjMxM1ow +fjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGElu +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UECxMGc2VydmVyMQ8wDQYDVQQD +EwZzZXJ2ZXIxFTATBgkqhkiG9w0BCQEWBnNlcnZlcjCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEA2XXqSUI5mCYPYTC983AXvcpbG6ExaJ1jfqbFHi4fE2Nr77Aj +tyG2Hvdl8QHnHErI0RUg6dTLnbJMV7SoSw7jW1QWEFE7P69R6ePQfR6jMFndjoy1 +aQJdo143AiIF4m0EuPsrM9VZyeOedFllsn8D5Qzdk2IaVZRNXOG9zJkZBGECAwEA +AaOB8jCB7zAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy +YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQULu6aJMqqInyzfxNW/Kj8Bg/7Y30w +gZQGA1UdIwSBjDCBiaGBg6SBgDB+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29t +ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ8wDQYD +VQQLEwZjaGFpbjQxDzANBgNVBAMTBmNoYWluNDEVMBMGCSqGSIb3DQEJARYGY2hh +aW40ggEEMA0GCSqGSIb3DQEBBQUAA4GBANbnl1GAN8zPtZZHzEvKYvTRQ6HSi5oh +UJkEn8AA8QxxGIKIY56GbKEsJQ7BMDLbAltHro1eug89FoQ5xjCRjbkjG6lYUpxJ +gcmH4zQd3KDdgQse9tenLr3cHHvXXA/s2gmBRTZjdugxus0m3HqAGMQ+vhQUB9xL +GrXELDgQ9hOE +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/pfx/temp/temp.key b/tests/cert-svc/data/pfx/temp/temp.key new file mode 100644 index 0000000..2aa8089 --- /dev/null +++ b/tests/cert-svc/data/pfx/temp/temp.key @@ -0,0 +1,18 @@ +Bag Attributes + localKeyID: 36 5A C4 1E 25 04 62 BD 9A E0 42 59 82 36 DD 24 FE AD 83 A0 +Key Attributes: <No Attributes> +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDZdepJQjmYJg9hML3zcBe9ylsboTFonWN+psUeLh8TY2vvsCO3 +IbYe92XxAeccSsjRFSDp1MudskxXtKhLDuNbVBYQUTs/r1Hp49B9HqMwWd2OjLVp +Al2jXjcCIgXibQS4+ysz1VnJ4550WWWyfwPlDN2TYhpVlE1c4b3MmRkEYQIDAQAB +AoGAGiCCr56XUOJxwpmamN8E2zauz5kEWK9gPt1GnaOo9Clj1H5zLBOO0BWlV9mE +rO+HRSemtrFsbVv4tCjud2Yohp2yAAe8nnW33Xf4KDLZ62wtP5HCXaIoNZKmTnpC +QHc2I/k674jUGE4tCvrYwg0CJQQrpTpXizA8YECudxZ48okCQQD9gKVPdlBeEsF2 +OVKHF//n1LI6+2cD9sWoPzdXayVcpemDyTl+GIQYhqZDVWsMj6DvfOHHlNZdYGr2 +XrmCbvCvAkEA25peZpnAnnwcqgKUrbaNKq5rmYPtbdu5I6rloMUs/OiO2lHkXs9Q +QN904G1dTYOcaEOVH5nMuwD04Es/7Lj/7wJBALE9SddV9Hjhiivbhiz4Ba8UUgzV +C0CFP8sTb+EKA9RUGAFRJoZYI7t2ITcAuNjObwoieUVudbZRnFdnATMF1/cCQQCF +SEvDOc4OYoWDKc3TINjM7s+ffNK9un3DiBWWXhXP6dXJ66oPYQP0W6s0Cyx1v0tO +fLYlV9NKLGpzNzi1FBNBAkAO4WRyZXBK9BVBLyfJq77uptlLZW71yl2X1oSklFyM +MpLH4u1SJorRypt7MsxPgcF4pAZSs/TWaCmx8nmSBcEE +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/rootcert.pem b/tests/cert-svc/data/rootcert.pem new file mode 100644 index 0000000..5c3ef72 --- /dev/null +++ b/tests/cert-svc/data/rootcert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDgTCCAuqgAwIBAgIJAMU+zh6oJmrXMA0GCSqGSIb3DQEBBQUAMIGIMQswCQYD +VQQGEwJLUjEUMBIGA1UECBMLS3l1bmctZ2kgZG8xEjAQBgNVBAcTCVN1LXdvbiBz +aTEQMA4GA1UEChMHU2Ftc3VuZzEMMAoGA1UECxMDRE1DMRAwDgYDVQQDEwdDQSBj +ZXJ0MR0wGwYJKoZIhvcNAQkBFg5jYUBzYW1zdW5nLmNvbTAeFw0xMTAzMjkwMjQ1 +MzhaFw0xMjAzMjgwMjQ1MzhaMIGIMQswCQYDVQQGEwJLUjEUMBIGA1UECBMLS3l1 +bmctZ2kgZG8xEjAQBgNVBAcTCVN1LXdvbiBzaTEQMA4GA1UEChMHU2Ftc3VuZzEM +MAoGA1UECxMDRE1DMRAwDgYDVQQDEwdDQSBjZXJ0MR0wGwYJKoZIhvcNAQkBFg5j +YUBzYW1zdW5nLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwTDwxz9h +2KaO4X29eKQxT3XCNRMnzSpx62rNLLGaXYrOMYHQcUDOkwEFRw4fV4yxqXgwk7Bv +4C+anNX2jN6SkYGEj4mGDVrE0jaI60X04tf3fAb0Ltw2PEgKsB56X75PNAxGP8oh +/y6fysoCAEyNhoYnwEsRrSfWY8iAm+hKAxUCAwEAAaOB8DCB7TAdBgNVHQ4EFgQU +zWrq4lSmi+wjKZjZlyDpjVOxkYUwgb0GA1UdIwSBtTCBsoAUzWrq4lSmi+wjKZjZ +lyDpjVOxkYWhgY6kgYswgYgxCzAJBgNVBAYTAktSMRQwEgYDVQQIEwtLeXVuZy1n +aSBkbzESMBAGA1UEBxMJU3Utd29uIHNpMRAwDgYDVQQKEwdTYW1zdW5nMQwwCgYD +VQQLEwNETUMxEDAOBgNVBAMTB0NBIGNlcnQxHTAbBgkqhkiG9w0BCQEWDmNhQHNh +bXN1bmcuY29tggkAxT7OHqgmatcwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUF +AAOBgQB6dqH4U00mnavG0bUVTjhEwYbdQtpSc+fKB3+O9QY4PlLttyd3GfeKmsxe +Z2RwUtUd3vjEDNPROcDAow6bHdy4B++qoojKVj1INJI0iDG/i6NUnDofsH+NS7mW +J6FKF6ukwnTfk2HjvIfrLO6S8nSVa1dSoB2GHzg2kWgm36a9pw== +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/signing/chain1.crt b/tests/cert-svc/data/signing/chain1.crt new file mode 100644 index 0000000..a80bbbc --- /dev/null +++ b/tests/cert-svc/data/signing/chain1.crt @@ -0,0 +1,52 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=AU, ST=Some-State, L=root, O=Internet Widgits Pty Ltd, OU=root, CN=root/emailAddress=root + Validity + Not Before: May 13 01:21:41 2011 GMT + Not After : May 12 01:21:41 2012 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, OU=chain1, CN=chain1/emailAddress=chain1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:ae:6d:d3:18:3f:b2:63:ab:fb:72:ce:ff:9a:8b: + 07:4a:52:c5:99:0e:9e:5c:68:ce:82:67:07:7a:27: + 11:98:a7:fe:3a:68:3f:4e:4b:74:d4:a5:77:15:87: + 7e:9c:9f:10:82:2f:1c:e3:c0:c7:1e:8b:35:ab:3a: + f6:13:44:81:43:22:a7:fa:06:36:9c:55:53:7a:9d: + 18:9b:a0:f4:93:58:50:2c:cd:ab:ec:32:2f:fa:4f: + ff:6e:6a:68:75:15:76:e1:b1:e1:67:f9:13:0a:d0: + 9b:db:12:b9:fd:dd:51:19:e4:63:d0:d0:56:b5:6a: + 00:a5:03:68:e7:77:21:b0:f9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 01:d3:3c:dc:a0:62:14:99:b8:b1:99:cf:0c:4a:50:2b:f7:1e: + 56:f6:de:ce:80:b4:32:bb:0c:5c:45:b7:78:e5:27:ee:90:0c: + a0:db:ef:32:85:85:08:c6:4a:e6:22:7b:56:61:d5:b4:4e:a1: + 7e:ed:60:c2:bf:bc:51:89:9a:b1:73:c2:e0:bb:3d:4e:fa:6f: + 3e:32:b5:7f:b4:bc:0f:8a:ca:7d:f0:bf:da:b1:12:23:0e:cc: + 57:e5:58:7c:23:38:b1:d8:b2:13:d8:6a:0d:20:bd:e9:66:51: + 2d:e6:57:a1:33:17:69:6d:21:9f:18:37:23:6c:ca:0e:b0:c4: + 47:86 +-----BEGIN CERTIFICATE----- +MIICjDCCAfWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBhzELMAkGA1UEBhMCQVUx +EzARBgNVBAgTClNvbWUtU3RhdGUxDTALBgNVBAcTBHJvb3QxITAfBgNVBAoTGElu +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDENMAsGA1UECxMEcm9vdDENMAsGA1UEAxME +cm9vdDETMBEGCSqGSIb3DQEJARYEcm9vdDAeFw0xMTA1MTMwMTIxNDFaFw0xMjA1 +MTIwMTIxNDFaMH4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEw +HwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAsTBmNoYWlu +MTEPMA0GA1UEAxMGY2hhaW4xMRUwEwYJKoZIhvcNAQkBFgZjaGFpbjEwgZ8wDQYJ +KoZIhvcNAQEBBQADgY0AMIGJAoGBAK5t0xg/smOr+3LO/5qLB0pSxZkOnlxozoJn +B3onEZin/jpoP05LdNSldxWHfpyfEIIvHOPAxx6LNas69hNEgUMip/oGNpxVU3qd +GJug9JNYUCzNq+wyL/pP/25qaHUVduGx4Wf5EwrQm9sSuf3dURnkY9DQVrVqAKUD +aOd3IbD5AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA +AdM83KBiFJm4sZnPDEpQK/ceVvbezoC0MrsMXEW3eOUn7pAMoNvvMoWFCMZK5iJ7 +VmHVtE6hfu1gwr+8UYmasXPC4Ls9TvpvPjK1f7S8D4rKffC/2rESIw7MV+VYfCM4 +sdiyE9hqDSC96WZRLeZXoTMXaW0hnxg3I2zKDrDER4Y= +-----END CERTIFICATE----- diff --git a/tests/cert-svc/data/signing/chain1.key b/tests/cert-svc/data/signing/chain1.key new file mode 100644 index 0000000..8fe8106 --- /dev/null +++ b/tests/cert-svc/data/signing/chain1.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQCubdMYP7Jjq/tyzv+aiwdKUsWZDp5caM6CZwd6JxGYp/46aD9O +S3TUpXcVh36cnxCCLxzjwMceizWrOvYTRIFDIqf6BjacVVN6nRiboPSTWFAszavs +Mi/6T/9uamh1FXbhseFn+RMK0JvbErn93VEZ5GPQ0Fa1agClA2jndyGw+QIDAQAB +AoGATPoWoKrrlOT/EMmdL5yPWRNyNHupE2sFR7MkL5oyP8ZTgX8kAO933agwB4ZG +L+RaqrkT7MbUmPwicTCSDCq9SCLSL+fQS/hujdRbsBhnLTuAiaIblmpDYO5z6Rma +tUXnImdvKROpYmBNNzFzDlj0686KahdYGXJOTFYSST3QHEkCQQDap3/5ursNj1NY +dehaiUhYD3mOqgrj/MhN+JHNR6Eb3qQQ1Aa/rQmEkPnmopNy7qc/B+6Y4CMxNLkM +bHSyre2/AkEAzDibGZCBct4slqyuPyZTfgh3UQSaCQ4CSF7HG/Pj/ZeHqDnKoxR7 +v//WZy5gxHZ7CrSWM/laNOd6svdtQs1/RwJBAJ1UMK1MQxN6sYnRLSMX7MoQOHMC +v1tUo/wWgzKl+7LF/F9vcHuy0kpk1quxB0+HkSe1WWT+wdPCD/R0hXOb2pkCQFt0 +ehjfuujbEDLF0B6dpkRJvE0+91BYwrLwJtCgzxgQ1QKEJvgTQzv/cV+xyEoTGRT5 +PE64Oyp4A13EKl0BNB8CQF7C0zzEBE/MngPizBU6KEfo47c0hD57IUVGcIA3juwm +AELZem13BOjaDk9CEZppfk1lpdU0ZKmkIodlDwLVgLE= +-----END RSA PRIVATE KEY----- diff --git a/tests/cert-svc/data/signing/chain1pub.pem b/tests/cert-svc/data/signing/chain1pub.pem new file mode 100644 index 0000000..80c3a5f --- /dev/null +++ b/tests/cert-svc/data/signing/chain1pub.pem @@ -0,0 +1,6 @@ +-----BEGIN PUBLIC KEY----- +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCubdMYP7Jjq/tyzv+aiwdKUsWZ +Dp5caM6CZwd6JxGYp/46aD9OS3TUpXcVh36cnxCCLxzjwMceizWrOvYTRIFDIqf6 +BjacVVN6nRiboPSTWFAszavsMi/6T/9uamh1FXbhseFn+RMK0JvbErn93VEZ5GPQ +0Fa1agClA2jndyGw+QIDAQAB +-----END PUBLIC KEY----- diff --git a/tests/cert-svc/data/signing/msg b/tests/cert-svc/data/signing/msg new file mode 100644 index 0000000..9d8a4e7 --- /dev/null +++ b/tests/cert-svc/data/signing/msg @@ -0,0 +1 @@ +this is test file diff --git a/tests/cert-svc/data/signing/msg.sig b/tests/cert-svc/data/signing/msg.sig new file mode 100644 index 0000000..5139633 --- /dev/null +++ b/tests/cert-svc/data/signing/msg.sig @@ -0,0 +1,3 @@ ++Y‡K~Ÿ³bê”PP[íÀl‘ÈšÚâþ—áyH`3Ã\UŽA¬oJIˆQO-8®Õ¹¸ +|1mY· Š2U˜NJÒƒÂîvÍ&Ñïj
AƒTÃìñz;î)z«qºÏÂ#<2ÀYŒ4M4îà +!!(°:J˜
\ No newline at end of file diff --git a/tests/cert-svc/data/signing/msg.sig.enc b/tests/cert-svc/data/signing/msg.sig.enc new file mode 100644 index 0000000..fb2c0b8 --- /dev/null +++ b/tests/cert-svc/data/signing/msg.sig.enc @@ -0,0 +1,3 @@ +K1mHS36fs2LqApQRUFATW+3AE2yRyJra4v6X4XlIYDPDXJBVjgxBrG9KSYhRTy04 +j67VubgMCnwxEW0FDJBZtwmKMlWYTkrSg8Luds0bJtHvag1BHYOPVMOd7PF6ExU7 +7il6q3G6z8IjPDLAWRQFjH80TQQENO7gCiEhKLA6Spg= diff --git a/tests/cert-svc/data/signing/msg2 b/tests/cert-svc/data/signing/msg2 new file mode 100644 index 0000000..1af9cc6 --- /dev/null +++ b/tests/cert-svc/data/signing/msg2 @@ -0,0 +1 @@ +this is test2 diff --git a/tests/cert-svc/delete_test.c b/tests/cert-svc/delete_test.c new file mode 100644 index 0000000..35e84f1 --- /dev/null +++ b/tests/cert-svc/delete_test.c @@ -0,0 +1,102 @@ +#include <stdio.h> +#include <unistd.h> + +#include "cert-service.h" + +#define RELATIVE_PATH "./data/Broot.der" +#define ABSOLUTE_PATH "./data/Broot.der" // for target + +int tcase_1_success() +{ + int ret = CERT_SVC_ERR_NO_ERROR; + + // delete 'Broot.der' from '.../code-signing/java/operator' + ret = cert_svc_delete_certificate_from_store("Broot.der", "code-signing_java_operator"); + if(ret == CERT_SVC_ERR_NO_ERROR) { + if((access("/usr/share/cert-svc/certs/code-signing/java/operator/Broot.der", F_OK)) != 0) + return 0; + else + return -1; + } + else + return -1; +} + +int tcase_2_success() +{ + int ret = CERT_SVC_ERR_NO_ERROR; + + // delete 'Broot.der' from '.../ssl' + ret = cert_svc_delete_certificate_from_store("Broot.der", NULL); + if(ret == CERT_SVC_ERR_NO_ERROR) { + if((access("/usr/share/cert-svc/certs/ssl/Broot.der", F_OK)) != 0) + return 0; + else + return -1; + } + else + return -1; +} + +int tcase_3_fail() +{ + int ret = CERT_SVC_ERR_NO_ERROR; + + // delete NULL + ret = cert_svc_delete_certificate_from_store(NULL, "code-signing_java_operator"); + if(ret == CERT_SVC_ERR_INVALID_PARAMETER) + return 0; + else + return -1; +} + +int tcase_4_fail() +{ + int ret = CERT_SVC_ERR_NO_ERROR; + + // delete 'Broot.der' from invalid directory + ret = cert_svc_delete_certificate_from_store("Broot.der", "code-signing_debian"); + if(ret == CERT_SVC_ERR_FILE_IO) + return 0; + else + return -1; +} + +int main(void) +{ + int ret = -1; + + // store test files + cert_svc_add_certificate_to_store(RELATIVE_PATH, "code-signing_java_operator"); + cert_svc_add_certificate_to_store(RELATIVE_PATH, NULL); + + // test case 1 : success + ret = tcase_1_success(); + if(ret == 0) + fprintf(stdout, "** Success to delete test 1 - testpath: code-signing **\n"); + else + fprintf(stdout, "** Fail to delete test1 **\n"); + + // test case 2 : success - no location (ssl) + ret = tcase_2_success(); + if(ret == 0) + fprintf(stdout, "** Success to delete test 2 - testpath: ssl **\n"); + else + fprintf(stdout, "** Fail to delete test2 **\n"); + + // test case 3 : fail - no filename + ret = tcase_3_fail(); + if(ret == 0) + fprintf(stdout, "** Success to delete test 3 - no filename **\n"); + else + fprintf(stdout, "** Fail to delete test3 **\n"); + + // test case 4 : fail - invalid dir name + ret = tcase_4_fail(); + if(ret == 0) + fprintf(stdout, "** Success to delete test 4 - invalid dir path **\n"); + else + fprintf(stdout, "** Fail to delete test4 **\n"); + + return 0; +} diff --git a/tests/cert-svc/extract_test.c b/tests/cert-svc/extract_test.c new file mode 100644 index 0000000..eb1f2a5 --- /dev/null +++ b/tests/cert-svc/extract_test.c @@ -0,0 +1,175 @@ +#include <stdio.h> +#include <string.h> +#include <stdlib.h> + +#include "cert-service.h" + +#define DER_CERT "./data/Broot.pem" +#define PEM_CERT "./data/Broot.der" +#define PFX_CERT "./data/pfx/temp/server.pfx" +#define INVALID_CERT "./data/invalidCert.der" + +int tcase_1_success() +{ + int ret = CERT_SVC_ERR_NO_ERROR; + CERT_CONTEXT* ctx = NULL; + + // initialize cert context + ctx = cert_svc_cert_context_init(); + + // load certificate file to buffer + if((ret = cert_svc_load_file_to_context(ctx, DER_CERT)) != CERT_SVC_ERR_NO_ERROR) + goto err; + + // extract certificate data + if((ret = cert_svc_extract_certificate_data(ctx)) != CERT_SVC_ERR_NO_ERROR) + goto err; + +err: + // finalize cert context + cert_svc_cert_context_final(ctx); + return ret; +} + +int tcase_2_success() +{ + int ret = CERT_SVC_ERR_NO_ERROR; + CERT_CONTEXT* ctx = NULL; + + // initialize cert context + ctx = cert_svc_cert_context_init(); + + // load certificate file to buffer + if((ret = cert_svc_load_file_to_context(ctx, PEM_CERT)) != CERT_SVC_ERR_NO_ERROR) + goto err; + + // extract certificate data + if((ret = cert_svc_extract_certificate_data(ctx)) != CERT_SVC_ERR_NO_ERROR) + goto err; + +err: + // finalize cert context + cert_svc_cert_context_final(ctx); + return ret; +} + +int tcase_3_success() +{ + int ret = CERT_SVC_ERR_NO_ERROR; + CERT_CONTEXT* ctx = NULL; + unsigned char* prikey = NULL; + char* pass = "test\0"; + + // initialize cert context + ctx = cert_svc_cert_context_init(); + + // load certificate file to buffer + if((ret = cert_svc_load_PFX_file_to_context(ctx, &prikey, PFX_CERT, pass)) != CERT_SVC_ERR_NO_ERROR) + goto err; + printf(" ****** prikey: [%s]\n", prikey); + + // extract certificate data + if((ret = cert_svc_extract_certificate_data(ctx)) != CERT_SVC_ERR_NO_ERROR) + goto err; + +err: + // finalize cert context + cert_svc_cert_context_final(ctx); + if(prikey != NULL) + free(prikey); + return ret; +} + +int tcase_4_fail() +{ + int ret = CERT_SVC_ERR_NO_ERROR; + CERT_CONTEXT* ctx = NULL; + + // initialize cert context + ctx = cert_svc_cert_context_init(); + + // extract certificate data + if((ret = cert_svc_extract_certificate_data(ctx)) != CERT_SVC_ERR_INVALID_PARAMETER) + goto err; + ret = CERT_SVC_ERR_NO_ERROR; + +err: + // finalize cert context + cert_svc_cert_context_final(ctx); + return ret; +} + +int tcase_5_fail() +{ + int ret = CERT_SVC_ERR_NO_ERROR; + CERT_CONTEXT* ctx = NULL; + + // initialize cert context + ctx = cert_svc_cert_context_init(); + + // load certificate file to buffer + if((ret = cert_svc_load_file_to_context(ctx, INVALID_CERT)) != CERT_SVC_ERR_NO_ERROR) + goto err; + + // extract certificate data + if((ret = cert_svc_extract_certificate_data(ctx)) != CERT_SVC_ERR_INVALID_CERTIFICATE) + goto err; + ret = CERT_SVC_ERR_NO_ERROR; + +err: + // finalize cert context + cert_svc_cert_context_final(ctx); + return ret; +} + +int main(int argc, char* argv[]) +{ + int ret = -1; + + // store test certificate + cert_svc_add_certificate_to_store(DER_CERT, NULL); + cert_svc_add_certificate_to_store(PEM_CERT, NULL); + cert_svc_add_certificate_to_store(PFX_CERT, NULL); + + // extract test - success: PEM + ret = tcase_1_success(); + if(ret == 0) + fprintf(stdout, "** Success to extract certificate: DER type **\n"); + else + fprintf(stdout, "** Fail to extract certificate: DER type **\n"); + + // extract test - success: DER + ret = tcase_2_success(); + if(ret == 0) + fprintf(stdout, "** Success to extract certificate: PEM type **\n"); + else + fprintf(stdout, "** Fail to extract certificate: PEM type **\n"); + + // extract test - success: PFX + ret = tcase_3_success(); + if(ret == 0) + fprintf(stdout, "** Success to extract certificate: PFX type **\n"); + else + fprintf(stdout, "** Fail to extract certificate: PFX type **\n"); + + // extract test - fail: no file + ret = tcase_4_fail(); + if(ret == 0) + fprintf(stdout, "** Success to extract certificate: no certificate **\n"); + else + fprintf(stdout, "** Fail to extract certificate: no certificate **\n"); + + // extract test - fail: invalid certificate + ret = tcase_5_fail(); + if(ret == 0) + fprintf(stdout, "** Success to extract certificate: invalid certificate **\n"); + else + fprintf(stdout, "** Fail to extract certificate: invalid certificate **\n"); + + // delete test certificate + cert_svc_delete_certificate_from_store("Broot.pem", NULL); + cert_svc_delete_certificate_from_store("Broot.der", NULL); + cert_svc_delete_certificate_from_store("server.pfx", NULL); + + return 0; +} diff --git a/tests/cert-svc/extract_test_pfx.c b/tests/cert-svc/extract_test_pfx.c new file mode 100644 index 0000000..5869c1b --- /dev/null +++ b/tests/cert-svc/extract_test_pfx.c @@ -0,0 +1,111 @@ +#include <stdio.h> +#include <string.h> +#include <stdlib.h> + +#include "cert-service.h" + +int main(int argc, char* argv[]) +{ + int ret = CERT_SVC_ERR_NO_ERROR; + CERT_CONTEXT* ctx = NULL; + cert_svc_cert_descriptor* certDesc = NULL; + int i = 0, keyLen = 0; + int extNum = 0, j = 0; +// unsigned char* prikey = NULL; + + ctx = cert_svc_cert_context_init(); + + if((ret = cert_svc_load_file_to_context(ctx, argv[1])) != CERT_SVC_ERR_NO_ERROR) { + printf("file: [%s]\n", argv[1]); + printf("*** Fail to load file, ret: [%d]\n", ret); + } +// if((ret = cert_svc_load_PFX_file_to_context(ctx, &prikey, argv[1], "test")) != CERT_SVC_ERR_NO_ERROR) { +// printf("file: [%s]\n", argv[1]); +// printf("*** Fail to load file, ret: [%d]\n", ret); +// } + + if((ret = cert_svc_extract_certificate_data(ctx)) != CERT_SVC_ERR_NO_ERROR) + printf("*** Fail to extract certificate, ret: [%d]\n", ret); + +// printf("private key: [%s]\n", prikey); + + certDesc = ctx->certDesc; + + printf("type: [%s]\n", certDesc->type); + printf("version: [%d]\n", certDesc->info.version); + printf("serial number: [%d]\n", certDesc->info.serialNumber); + printf("signature algorithm: [%s]\n", certDesc->info.sigAlgo); + printf("issuer: [%s]\n", certDesc->info.issuerStr); + printf(" country name: [%s]\n", certDesc->info.issuer.countryName); + printf(" state or province name: [%s]\n", certDesc->info.issuer.stateOrProvinceName); + printf(" locality name: [%s]\n", certDesc->info.issuer.localityName); + printf(" organization name: [%s]\n", certDesc->info.issuer.organizationName); + printf(" organization unit name: [%s]\n", certDesc->info.issuer.organizationUnitName); + printf(" common name: [%s]\n", certDesc->info.issuer.commonName); + printf(" email address: [%s]\n", certDesc->info.issuer.emailAddress); + printf("validity:\n"); + printf(" not before: [%d].[%d].[%d]/[%d]:[%d]:[%d]\n", certDesc->info.validPeriod.firstYear, + certDesc->info.validPeriod.firstMonth, + certDesc->info.validPeriod.firstDay, + certDesc->info.validPeriod.firstHour, + certDesc->info.validPeriod.firstMinute, + certDesc->info.validPeriod.firstSecond); + printf(" not after: [%d].[%d].[%d]/[%d]:[%d]:[%d]\n", certDesc->info.validPeriod.secondYear, + certDesc->info.validPeriod.secondMonth, + certDesc->info.validPeriod.secondDay, + certDesc->info.validPeriod.secondHour, + certDesc->info.validPeriod.secondMinute, + certDesc->info.validPeriod.secondSecond); + printf("subject: [%s]\n", certDesc->info.subjectStr); + printf(" country name: [%s]\n", certDesc->info.subject.countryName); + printf(" state or province name: [%s]\n", certDesc->info.subject.stateOrProvinceName); + printf(" locality name: [%s]\n", certDesc->info.subject.localityName); + printf(" organization name: [%s]\n", certDesc->info.subject.organizationName); + printf(" organization unit name: [%s]\n", certDesc->info.subject.organizationUnitName); + printf(" common name: [%s]\n", certDesc->info.subject.commonName); + printf(" email address: [%s]\n", certDesc->info.subject.emailAddress); +// printf("public key:\n"); +// keyLen = certDesc->info.pubKeyLen; +// printf(" algorithm: [%s]\n", certDesc->info.pubKeyAlgo); +// printf(" key:\n"); +// for(i = 0; i < keyLen; i++) { +// printf("%02X", certDesc->info.pubKey[i]); +// if(i < (keyLen - 1)) +// printf(":"); +// if(((i+1) % 10) == 0) +// printf("\n"); +// } +// printf("\n"); +// printf("issuer UID: [%s]\n", certDesc->info.issuerUID); +// printf("subject UID: [%s]\n", certDesc->info.subjectUID); +// +// printf("extensions:\n"); +// extNum = certDesc->ext.numOfFields; +// for(i = 0; i < extNum; i++) { +// printf(" field : [%s]\n", certDesc->ext.fields[i].name); +// printf(" data : "); +// for(j = 0; j < certDesc->ext.fields[i].datasize; j++) { +// printf("%02X", certDesc->ext.fields[i].data[j]); +// if(j < (certDesc->ext.fields[i].datasize - 1)) +// printf(":"); +// } +// printf("\n"); +// } +// +// printf("signature:\n"); +// printf(" signature algorithm: [%s]\n", certDesc->signatureAlgo); +// printf(" signature data:\n"); +// for(i = 0; i < certDesc->signatureLen; i++) { +// printf("%02X", certDesc->signatureData[i]); +// if(i < (certDesc->signatureLen - 1)) +// printf(":"); +// if(((i+1) % 10) == 0) +// printf("\n"); +// } +// printf("\n"); + + if((ret = cert_svc_cert_context_final(ctx)) != CERT_SVC_ERR_NO_ERROR) + printf("*** Fail to finalize context, ret: [%d]\n", ret); + + return ret; +} diff --git a/tests/cert-svc/mem_test.c b/tests/cert-svc/mem_test.c new file mode 100644 index 0000000..501d015 --- /dev/null +++ b/tests/cert-svc/mem_test.c @@ -0,0 +1,39 @@ +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "cert-service.h" + +#define CERT_FILE "./data/Broot.pem" +#define PFX_FILE "./data/pfx/pfxtest.pfx" + +int main() +{ + int ret = CERT_SVC_ERR_NO_ERROR; + CERT_CONTEXT* ctx = NULL; + unsigned char* prikey = NULL; + char* passp = NULL; + + // initialize + ctx = cert_svc_cert_context_init(); + + // file load +// ret = cert_svc_load_file_to_context(ctx, CERT_FILE); + ret = cert_svc_load_PFX_file_to_context(ctx, &prikey, PFX_FILE, passp); + if(ret != CERT_SVC_ERR_NO_ERROR) + printf("\n!!!! FILE LOAD ERROR !!!!\n"); + + // extract +// ret = cert_svc_extract_certificate_data(ctx); +// if(ret != CERT_SVC_ERR_NO_ERROR) +// printf("\n!!!! EXTRACT CERT ERROR !!!!\n"); + + // finalize + if(prikey != NULL) + free(prikey); + ret = cert_svc_cert_context_final(ctx); + if(ret != CERT_SVC_ERR_NO_ERROR) + printf("\n!!!! CONTEXT FINAL ERROR !!!!\n"); + + return 0; +} diff --git a/tests/cert-svc/search_test.c b/tests/cert-svc/search_test.c new file mode 100644 index 0000000..4f20bde --- /dev/null +++ b/tests/cert-svc/search_test.c @@ -0,0 +1,40 @@ +#include <stdio.h> +#include <string.h> +#include <stdlib.h> + +#include "cert-service.h" + +int main(int argc, char* argv[]) +{ + int ret = CERT_SVC_ERR_NO_ERROR; + search_field fldNo = ISSUER_EMAILADDRESS; + char* fldData = "EmailR"; + cert_svc_filename_list* start = NULL; + CERT_CONTEXT* ctx = NULL; + + ctx = cert_svc_cert_context_init(); + + ret = cert_svc_search_certificate(ctx, fldNo, fldData); + if(ret != CERT_SVC_ERR_NO_ERROR) { + printf("[ERROR] error no: [%d]\n", ret); + goto err; + } + else { + start = ctx->fileNames; + if(start == NULL) { + printf("Cannot find any certificate.\n"); + goto err; + } + + while(1) { + printf("filename: [%s]\n", start->filename); + if(start->next == NULL) + break; + start = start->next; + } + } + +err: + cert_svc_cert_context_final(ctx); + return 0; +} diff --git a/tests/cert-svc/store_test.c b/tests/cert-svc/store_test.c new file mode 100644 index 0000000..fde4596 --- /dev/null +++ b/tests/cert-svc/store_test.c @@ -0,0 +1,118 @@ +#include <stdio.h> +#include <unistd.h> + +#include "cert-service.h" + +#define RELATIVE_PATH "./data/Broot.der" +#define ABSOLUTE_PATH "./data/Broot.der" + +int tcase_1_success() +{ + int ret = CERT_SVC_ERR_NO_ERROR; + + // store relative path + ret = cert_svc_add_certificate_to_store(RELATIVE_PATH, "code-signing_java_thirdparty"); + if(ret == CERT_SVC_ERR_NO_ERROR) { + if((access("/usr/share/cert-svc/certs/code-signing/java/thirdparty/Broot.der", F_OK)) != 0) // fail + return -1; + else + return 0; + } + else + return -1; + + // store absolute path - only be in target +} + +int tcase_2_success() +{ + int ret = CERT_SVC_ERR_NO_ERROR; + + // store into default path + ret = cert_svc_add_certificate_to_store(RELATIVE_PATH, NULL); + if(ret == CERT_SVC_ERR_NO_ERROR) { + if((access("/usr/share/cert-svc/certs/ssl/Broot.der", F_OK)) != 0) // fail + return -1; + else + return 0; + } + else + return -1; +} + +int tcase_3_fail() +{ + int ret = CERT_SVC_ERR_NO_ERROR; + + // store NULL + ret = cert_svc_add_certificate_to_store(NULL, "code-signing_wac"); + if(ret == CERT_SVC_ERR_INVALID_PARAMETER) + return 0; + else + return -1; +} + +int tcase_4_fail() +{ + int ret = CERT_SVC_ERR_NO_ERROR; + + // store into invalid directory + ret = cert_svc_add_certificate_to_store(RELATIVE_PATH, "code-signing_debian"); + if(ret == CERT_SVC_ERR_FILE_IO) + return 0; + else + return -1; +} + +int finalize_test() +{ + // delete files which be stored during testing + if((unlink("/usr/share/cert-svc/certs/code-signing/java/thirdparty/Broot.der")) != 0) // fail + return -1; + if((unlink("/usr/share/cert-svc/certs/ssl/Broot.der")) != 0) // fail + return -1; + + return 0; +} + +int main(void) +{ + int ret = -1; + + // test case 1 : success + ret = tcase_1_success(); + if(ret == 0) + fprintf(stdout, "** Success to store test 1 - testpath: code_signing **\n"); + else + fprintf(stdout, "** Fail to store test 1 **\n"); + + // test case 2 : success - no location (ssl) + ret = tcase_2_success(); + if(ret == 0) + fprintf(stdout, "** Success to store test 2 - testpath: ssl **\n"); + else + fprintf(stdout, "** Fail to store test 2 **\n"); + + // test case 3 : fail - no filename + ret = tcase_3_fail(); + if(ret == 0) + fprintf(stdout, "** Success to store test 3 - no filename **\n"); + else + fprintf(stdout, "** Fail to store test 3 **\n"); + + // test case 4 : fail - invalid dir name + ret = tcase_4_fail(); + if(ret == 0) + fprintf(stdout, "** Success to store test 4 - invalid dir path **\n"); + else + fprintf(stdout, "** Fail to store test 4 **\n"); + + // test finalize + ret = finalize_test(); + if(ret == 0) + fprintf(stdout, "** Finalize store test **\n"); + else + fprintf(stdout, "** Fail to finalize store test, ret: [%d] **\n", ret); + + return 0; +} diff --git a/tests/cert-svc/test_caflag.c b/tests/cert-svc/test_caflag.c new file mode 100644 index 0000000..741e939 --- /dev/null +++ b/tests/cert-svc/test_caflag.c @@ -0,0 +1,209 @@ +/* + * certification service + * + * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Dongsun Lee <ds73.lee@samsung.com> + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include <test_suite.h> +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include <cert-service.h> +#include <cert-service-util.h> + +#define CERT_FILE_ROOT_CA "/usr/share/cert-svc/tests/orig_c/data/caflag/root_ca.der" +#define CERT_FILE_SECOND_CA "/usr/share/cert-svc/tests/orig_c/data/caflag/second_ca.der" +#define CERT_FILE_SIGNER_AIA "/usr/share/cert-svc/tests/orig_c/data/caflag/aia_signer.der" +#define CERT_FILE_SIGNER_REVOKED "/usr/share/cert-svc/tests/orig_c/data/caflag/rev_signer.der" +#define CERT_FILE_SIGNER_NOAIA "/usr/share/cert-svc/tests/orig_c/data/caflag/noaia_signer.der" +#define CERT_FILE_ROOT_CA_V1 "/usr/share/cert-svc/tests/orig_c/data/caflag/root_ca_v1.der" +#define CERT_FILE_SIGNER_V1 "/usr/share/cert-svc/tests/orig_c/data/caflag/v1_signer.der" + + +int test_verify_certificate_succ_caflag_cert() { + int validity; + int ret = CERT_SVC_ERR_NO_ERROR; + CERT_CONTEXT* ctx = cert_svc_cert_context_init(); + + // load certificate to context + ret = cert_svc_load_file_to_context(ctx, CERT_FILE_SIGNER_AIA); + if(ret != CERT_SVC_ERR_NO_ERROR) { + printf("....fail..cert_svc_load_file_to_context. ret=%d\n", ret); fflush(stderr); + goto err; + } + + ret = cert_svc_push_file_into_context(ctx, CERT_FILE_SECOND_CA); + if(ret != CERT_SVC_ERR_NO_ERROR) { + printf("....fail..cert_svc_push_file_to_context. ret=%d\n", ret); fflush(stderr); + goto err; + } + + ret = cert_svc_verify_certificate(ctx, &validity); + if(ret != CERT_SVC_ERR_NO_ERROR) { + printf("....fail..cert_svc_verify_certificate. ret=%d\n", ret); fflush(stderr); + goto err; + } + + if(validity != 1) { + printf("....fail..cert_svc_verify_certificate. validity=%d\n", validity); fflush(stderr); + ret = -1; + goto err; + } + +err: + cert_svc_cert_context_final(ctx); + return ret; +} + +int test_verify_certificate_succ_nocaflag_cert() { + int validity; + int ret = CERT_SVC_ERR_NO_ERROR; + CERT_CONTEXT* ctx = cert_svc_cert_context_init(); + + // load certificate to context + ret = cert_svc_load_file_to_context(ctx, CERT_FILE_SIGNER_V1); + if(ret != CERT_SVC_ERR_NO_ERROR) { + printf("....fail..cert_svc_load_file_to_context. ret=%d\n", ret); fflush(stderr); + goto err; + } + + ret = cert_svc_verify_certificate(ctx, &validity); + if(ret != CERT_SVC_ERR_NO_ERROR) { + printf("....fail..cert_svc_verify_certificate. ret=%d\n", ret); fflush(stderr); + goto err; + } + + if(validity != 1) { + printf("....fail..cert_svc_verify_certificate. validity=%d\n", validity); fflush(stderr); + ret = -1; + goto err; + } + +err: + cert_svc_cert_context_final(ctx); + return ret; +} + +int test_verify_certificate_with_caflag_succ() { + int validity; + int ret = CERT_SVC_ERR_NO_ERROR; + CERT_CONTEXT* ctx = cert_svc_cert_context_init(); + + // load certificate to context + ret = cert_svc_load_file_to_context(ctx, CERT_FILE_SIGNER_AIA); + if(ret != CERT_SVC_ERR_NO_ERROR) { + printf("....fail..cert_svc_load_file_to_context. ret=%d\n", ret); fflush(stderr); + goto err; + } + + ret = cert_svc_push_file_into_context(ctx, CERT_FILE_SECOND_CA); + if(ret != CERT_SVC_ERR_NO_ERROR) { + printf("....fail..cert_svc_push_file_to_context. ret=%d\n", ret); fflush(stderr); + goto err; + } + + ret = cert_svc_verify_certificate_with_caflag(ctx, &validity); + if(ret != CERT_SVC_ERR_NO_ERROR) { + printf("....fail..cert_svc_verify_certificate. ret=%d\n", ret); fflush(stderr); + goto err; + } + + if(validity != 1) { + printf("....fail..cert_svc_verify_certificate. validity=%d\n", validity); fflush(stderr); + ret = -1; + goto err; + } + +err: + cert_svc_cert_context_final(ctx); + return ret; +} + + +int test_verify_certificate_with_caflag_fail() { + int validity; + int ret = CERT_SVC_ERR_NO_ERROR; + CERT_CONTEXT* ctx = cert_svc_cert_context_init(); + + // load certificate to context + ret = cert_svc_load_file_to_context(ctx, CERT_FILE_SIGNER_V1); + if(ret != CERT_SVC_ERR_NO_ERROR) { + printf("....fail..cert_svc_load_file_to_context. ret=%d\n", ret); fflush(stderr); + goto err; + } + + ret = cert_svc_verify_certificate_with_caflag(ctx, &validity); + if(ret != CERT_SVC_ERR_NO_ERROR) { + printf("....fail..cert_svc_verify_certificate. ret=%d\n", ret); fflush(stderr); + goto err; + } + + if(validity == 1) { + printf("....fail..cert_svc_verify_certificate. validity=%d\n", validity); fflush(stderr); + ret = -1; + goto err; + } + +err: + cert_svc_cert_context_final(ctx); + return ret; +} + + +int test_caflag(){ + int ret; + printf("\n[test_caflag started]\n"); + + printf("\n-- test_verify_certificate_succ_caflag_cert start\n"); + ret = test_verify_certificate_succ_caflag_cert(); + printf("---- result : "); + if(ret == 0) { + printf("success\n"); + }else { + printf("fail\n"); + } + + printf("\n-- test_verify_certificate_succ_nocaflag_cert start\n"); + ret = test_verify_certificate_succ_nocaflag_cert(); + printf("---- result : "); + if(ret == 0) { + printf("success\n"); + }else { + printf("fail\n"); + } + + printf("\n-- test_verify_certificate_with_caflag_succ start\n"); + ret = test_verify_certificate_with_caflag_succ(); + printf("---- result : "); + if(ret == 0) { + printf("success\n"); + }else { + printf("fail\n"); + } + + printf("\n-- test_verify_certificate_with_caflag_fail start\n"); + ret = test_verify_certificate_with_caflag_fail(); + printf("---- result : "); + if(ret == 0) { + printf("success\n"); + }else { + printf("fail\n"); + } + + return ret; +} diff --git a/tests/cert-svc/test_ocsp.c b/tests/cert-svc/test_ocsp.c new file mode 100644 index 0000000..8b460fa --- /dev/null +++ b/tests/cert-svc/test_ocsp.c @@ -0,0 +1,399 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + + + +#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL +#include <cert-service.h> +#include <openssl/bio.h> +#include <openssl/err.h> +#include <cert-service-util.h> +#include <stdio.h> +#include <string.h> +#include <stdlib.h> + + +#define CERT_FILE_ROOT_CA "/usr/share/cert-svc/tests/orig_c/data/ocsp/root_ca.der" +#define CERT_FILE_SECOND_CA "/usr/share/cert-svc/tests/orig_c/data/ocsp/second_ca.der" +#define CERT_FILE_SIGNER_AIA "/usr/share/cert-svc/tests/orig_c/data/ocsp/aia_signer.der" +#define CERT_FILE_SIGNER_REVOKED "/usr/share/cert-svc/tests/orig_c/data/ocsp/rev_signer.der" +#define CERT_FILE_SIGNER_NOAIA "/usr/share/cert-svc/tests/orig_c/data/ocsp/noaia_signer.der" + +#define CERT_FILE_NO_ROOT_CERT "/usr/share/cert-svc/tests/orig_c/data/ocsp/noroot_cert.pem" + +#define CERT_FILE_REAL_LEVEL1_CERT "/usr/share/cert-svc/tests/orig_c/data/ocsp/ocsp_level1.crt" +#define CERT_FILE_REAL_LEVEL2_CA "/usr/share/cert-svc/tests/orig_c/data/ocsp/ocsp_level2.crt" +#define CERT_FILE_REAL_ROOT_CA "/usr/share/cert-svc/tests/orig_c/data/ocsp/ocsp_rootca.crt" + +/* + * author: --- + * test: ocsp success:AIA information + * description: Test for the ocsp success case using certificate's AIA information + * expect: *.pem should load with no error. + */ +int ocsp_success_with_aia() { + int ret = CERT_SVC_ERR_NO_ERROR; + CERT_CONTEXT* ctx = cert_svc_cert_context_init(); + + // load certificate to context + ret = cert_svc_load_file_to_context(ctx, CERT_FILE_SIGNER_AIA); + if(ret != CERT_SVC_ERR_NO_ERROR) { + printf("....fail..cert_svc_push_file_to_context. ret=%d\n", ret); fflush(stderr); + goto err; + } + + // check ocsp + ret = cert_svc_check_ocsp_status(ctx, NULL); + if(ret != CERT_SVC_ERR_NO_ERROR) { + printf("....fail..cert_svc_check_ocsp_status. ret=%d\n", ret); fflush(stderr); + goto err; + } + +err: + cert_svc_cert_context_final(ctx); + return ret; +} + + +/* + * author: --- + * test: ocsp success:no AIA information + * description: Test for the ocsp success case using privided OCSP url + * expect: *.der file should load with no error. + */ +int ocsp_success_with_no_aia() +{ + int ret = CERT_SVC_ERR_NO_ERROR; + char *uri = "http://127.0.0.1:8888"; + CERT_CONTEXT* ctx = cert_svc_cert_context_init(); + + // load certificate to context + ret = cert_svc_load_file_to_context(ctx, CERT_FILE_SIGNER_NOAIA); + if(ret != CERT_SVC_ERR_NO_ERROR) { + printf("....fail..cert_svc_push_file_to_context. ret=%d\n", ret); fflush(stderr); + goto err; + } + + // check ocsp + ret = cert_svc_check_ocsp_status(ctx, uri); + if(ret != CERT_SVC_ERR_NO_ERROR) { + printf("....fail..cert_svc_check_ocsp_status. ret=%d\n", ret); fflush(stderr); + goto err; + } + +err: + cert_svc_cert_context_final(ctx); + return ret; +} + +/* + * author: --- + * test: ocsp fail: revokation. + * description: Test for the ocsp fail case due to the revokation + * expect: *.pom file should not load and return error. + */ +int ocsp_fail_revokation() +{ + int ret = CERT_SVC_ERR_NO_ERROR; + char *uri = "http://127.0.0.1:8888"; + CERT_CONTEXT* ctx = cert_svc_cert_context_init(); + + // load certificate to context + ret = cert_svc_load_file_to_context(ctx, CERT_FILE_SIGNER_REVOKED); + if(ret != CERT_SVC_ERR_NO_ERROR) { + printf("....fail..cert_svc_push_file_to_context. ret=%d\n", ret); fflush(stderr); + goto err; + } + + // check ocsp + ret = cert_svc_check_ocsp_status(ctx, uri); + if(ret != CERT_SVC_ERR_OCSP_REVOKED) { + printf("....fail..CERT_SVC_ERR_OCSP_REVOKED Error expected. ret=%d\n", ret); fflush(stderr); + goto err; + } + + ret = 0; +err: + cert_svc_cert_context_final(ctx); + return ret; +} + + +/* + * author: --- + * test: No URI + * description: Test for the ocsp fail case due to no OCSP URL and AIA Information + * expect: . + */ +int ocsp_fail_no_uri() +{ + int ret = CERT_SVC_ERR_NO_ERROR; + CERT_CONTEXT* ctx = cert_svc_cert_context_init(); + + // load certificate to context + ret = cert_svc_load_file_to_context(ctx, CERT_FILE_SIGNER_NOAIA); + if(ret != CERT_SVC_ERR_NO_ERROR) { + printf("....fail..cert_svc_push_file_to_context. ret=%d\n", ret); fflush(stderr); + goto err; + } + + // check ocsp + ret = cert_svc_check_ocsp_status(ctx, NULL); + if(ret != CERT_SVC_ERR_OCSP_NO_SUPPORT) { + printf("....fail..CERT_SVC_ERR_OCSP_NO_SUPPORT Error expected. ret=%d\n", ret); fflush(stderr); + goto err; + } + ret = 0; +err: + cert_svc_cert_context_final(ctx); + return ret; +} + +/* + * author: --- + * test: Invalid URI + * description: Test for the ocsp fail case due to Invalid OCSP URL + * expect: . + */ +int ocsp_fail_no_network() +{ + int ret = CERT_SVC_ERR_NO_ERROR; + char *uri = "http://127.0.0.1:7171"; + CERT_CONTEXT* ctx = cert_svc_cert_context_init(); + + // load certificate to context + ret = cert_svc_load_file_to_context(ctx, CERT_FILE_SIGNER_NOAIA); + if(ret != CERT_SVC_ERR_NO_ERROR) { + printf("....fail..cert_svc_push_file_to_context. ret=%d\n", ret); fflush(stderr); + goto err; + } + + // check ocsp + ret = cert_svc_check_ocsp_status(ctx, uri); + if(ret != CERT_SVC_ERR_OCSP_NETWORK_FAILED) { + printf("....fail..CERT_SVC_ERR_OCSP_NETWORK_FAILED Error expected. ret=%d\n", ret); fflush(stderr); + goto err; + } + ret = 0; +err: + cert_svc_cert_context_final(ctx); + return ret; +} + +/* + * author: --- + * test: Invalid Cert Chain + * description: Test for the ocsp fail case due to Invalid Cert Chain + * expect: . + */ +int ocsp_fail_invalid_cert_chain() +{ + int ret = CERT_SVC_ERR_NO_ERROR; + char *url = NULL; + CERT_CONTEXT* ctx = cert_svc_cert_context_init(); + + // load certificate to context + ret = cert_svc_load_file_to_context(ctx, CERT_FILE_NO_ROOT_CERT); + if(ret != CERT_SVC_ERR_NO_ERROR) { + printf("....fail..cert_svc_push_file_to_context. ret=%d\n", ret); fflush(stderr); + goto err; + } + + // check ocsp + ret = cert_svc_check_ocsp_status(ctx, NULL); + if(ret != CERT_SVC_ERR_NO_ROOT_CERT) { + printf("....fail..CERT_SVC_ERR_NO_ROOT_CERT Error expected. ret=%d\n", ret); fflush(stderr); + goto err; + } + ret = 0; +err: + cert_svc_cert_context_final(ctx); + return ret; +} + +/* + * author: --- + * test: Null Certificate + * description: Test for the ocsp fail case due to Null Certificate + * expect: . + */ +int ocsp_fail_null_cert() +{ + int ret = CERT_SVC_ERR_NO_ERROR; + char *uri = "http://127.0.0.1:8888"; + CERT_CONTEXT* ctx = cert_svc_cert_context_init(); + + // don't load certificate to context + + // check ocsp + ret = cert_svc_check_ocsp_status(ctx, uri); + if(ret != CERT_SVC_ERR_INVALID_PARAMETER) { + printf("....fail..CERT_SVC_ERR_INVALID_PARAMETER Error expected. ret=%d\n", ret); fflush(stderr); + goto err; + } + ret = 0; +err: + cert_svc_cert_context_final(ctx); + return ret; +} + +/* + * author: --- + * test: OCSP test. + * description: Testing OCSP for certificate list. + * expect: OCSP should return success. + */ +int ocsp_success_real_cert() +{ + + int ret = CERT_SVC_ERR_NO_ERROR; + char *url = NULL; + CERT_CONTEXT* ctx = cert_svc_cert_context_init(); + + // load certificate to context + ret = cert_svc_load_file_to_context(ctx, CERT_FILE_REAL_LEVEL1_CERT); + if(ret != CERT_SVC_ERR_NO_ERROR) { + printf("....fail..cert_svc_push_file_to_context. file=%s, ret=%d\n", CERT_FILE_REAL_LEVEL1_CERT, ret); fflush(stderr); + goto err; + } + + ret = cert_svc_push_file_into_context(ctx, CERT_FILE_REAL_LEVEL2_CA); + if(ret != CERT_SVC_ERR_NO_ERROR) { + printf("....fail..cert_svc_push_file_to_context. file=%s, ret=%d\n", CERT_FILE_REAL_LEVEL2_CA, ret); fflush(stderr); + goto err; + } + +// ret = cert_svc_push_file_into_context(ctx, CERT_FILE_REAL_ROOT_CA); +// if(ret != CERT_SVC_ERR_NO_ERROR) { +// printf("....fail..cert_svc_push_file_to_context. file=%s, ret=%d\n", CERT_FILE_REAL_ROOT_CA, ret); fflush(stderr); +// goto err; +// } + + // check ocsp + ret = cert_svc_check_ocsp_status(ctx, NULL); + if(ret != CERT_SVC_ERR_NO_ERROR) { + printf("....fail..cert_svc_check_ocsp_status. ret=%d\n", ret); fflush(stderr); + goto err; + } + +err: + cert_svc_cert_context_final(ctx); + return ret; +} + + +typedef struct { + unsigned long size,resident,share,text,lib,data,dt; +} statm_t; + +void read_off_memory_status(statm_t *result) +{ + unsigned long dummy; + const char* statm_path = "/proc/self/statm"; + +// /proc/[pid]/statm +// Provides information about memory usage, measured in pages. +// The columns are: +// size total program size(same as VmSize in /proc/[pid]/status) +// resident resident set size(same as VmRSS in /proc/[pid]/status) +// share shared pages (from shared mappings) +// text text (code) +// lib library (unused in Linux 2.6) +// data data + stack +// dt dirty pages (unused in Linux 2.6) + + + FILE *f = fopen(statm_path,"r"); + if(!f){ + perror(statm_path); + abort(); + } + if(7 != fscanf(f,"%ld %ld %ld %ld %ld %ld %ld", + &result->size,&result->resident,&result->share,&result->text,&result->lib,&result->data,&result->dt)) + { + perror(statm_path); + abort(); + } + fclose(f); +} + +/* + * author: --- + * test: Memory Leak Test + * description: Test for Memory Leak + * expect: . + */ +int ocsp_success_memory_leak() +{ + int ret = CERT_SVC_ERR_NO_ERROR; + statm_t memStatus; + cert_svc_linked_list* sorted = NULL; + int i; + + for(i=0; i<100; i++ ){ + ocsp_success_with_aia(); + ocsp_success_with_no_aia(); + ocsp_fail_revokation(); + ocsp_fail_no_uri(); + ocsp_fail_no_network(); + ocsp_fail_invalid_cert_chain(); + ocsp_fail_null_cert(); + read_off_memory_status(&memStatus); + printf("loop %d th : size=%d, resident=%d, share=%d, text=%d, lib=%d, data=%d, dt=%d\n", i, + memStatus.size, memStatus.resident, memStatus.share, memStatus.text, + memStatus.lib, memStatus.data, memStatus.dt); + } +} + +void run_test(int (*function)(), const char *function_name) { + int ret = 0; + + printf("\n-- %s start\n", function_name); + ret = (*function)(); + printf("---- result : "); + if(ret == 0) { + printf("success\n"); + }else { + printf("fail\n"); + } +} + +int test_ocsp(){ + int ret; + printf("\n[test_ocsp started]\n"); + + system("cert-svc-tests-start-ocsp-server.sh"); + sleep(1); + + run_test(&ocsp_success_with_aia, "ocsp_success_with_aia"); + run_test(&ocsp_success_with_no_aia, "ocsp_success_with_no_aia"); + run_test(&ocsp_fail_revokation, "ocsp_fail_revokation"); + run_test(&ocsp_fail_no_uri, "ocsp_fail_no_uri"); + run_test(&ocsp_fail_no_network, "ocsp_fail_no_network"); + run_test(&ocsp_fail_invalid_cert_chain, "ocsp_fail_invalid_cert_chain"); + run_test(&ocsp_fail_null_cert, "ocsp_fail_null_cert"); + run_test(&ocsp_success_real_cert, "ocsp_success_real_cert"); +// run_test(&ocsp_success_memory_leak, "ocsp_success_memory_leak"); + + printf("\n"); + system("cert-svc-tests-kill-ocsp-server.sh"); + + printf("\n[test_ocsp finished]\n"); + return ret; +} + +#endif diff --git a/tests/cert-svc/test_suite.h b/tests/cert-svc/test_suite.h new file mode 100644 index 0000000..f0e6a5c --- /dev/null +++ b/tests/cert-svc/test_suite.h @@ -0,0 +1,31 @@ +/* + * certification service + * + * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Dongsun Lee <ds73.lee@samsung.com> + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef TEST_SUITE_H_ +#define TEST_SUITE_H_ + +int test_caflag(); + +#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL +int test_ocsp(); +#endif + +#endif /* TEST_CAFLAG_H_ */ diff --git a/tests/cert-svc/test_suite_main.c b/tests/cert-svc/test_suite_main.c new file mode 100644 index 0000000..ea5f5c3 --- /dev/null +++ b/tests/cert-svc/test_suite_main.c @@ -0,0 +1,34 @@ +/* + * certification service + * + * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Dongsun Lee <ds73.lee@samsung.com> + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include <test_suite.h> +#include <stdio.h> +#include <string.h> +#include <stdlib.h> + +int main() { + int ret; + ret = test_caflag(); +#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL + ret = test_ocsp(); +#endif + return ret; +} diff --git a/tests/cert-svc/verify_sig.c b/tests/cert-svc/verify_sig.c new file mode 100644 index 0000000..98a088d --- /dev/null +++ b/tests/cert-svc/verify_sig.c @@ -0,0 +1,86 @@ +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "cert-service.h" + +#define CERT_PATH "./data/signing/chain1.crt" +#define MSG_PATH "./data/signing/msg" +//#define SIG_PATH "./data/signing/msg.sig" +#define SIG_PATH "./data/signing/msg.sig.enc" + +int main(int argc, char* argv[]) +{ + int ret = CERT_SVC_ERR_NO_ERROR; + int validity = 0; + CERT_CONTEXT* ctx = NULL; + unsigned char* msg = NULL; + int msgLen = 0; + unsigned char* sig = NULL; + unsigned char* tmpSig = NULL; + int sigLen = 0; + FILE* fp_msg = NULL; + FILE* fp_sig = NULL; + int i = 0, j = 0; + + ctx = cert_svc_cert_context_init(); + + // load certificate + if((ret = cert_svc_load_file_to_context(ctx, CERT_PATH)) != CERT_SVC_ERR_NO_ERROR) { + printf("Fail to load file to buffer, [%s]\n", CERT_PATH); + goto err; + } + + // load message + if(!(fp_msg = fopen(MSG_PATH, "rb"))) { + printf("Fail to open file, [%s]\n", MSG_PATH); + goto err; + } + fseek(fp_msg, 0L, SEEK_END); + msgLen = ftell(fp_msg); + fseek(fp_msg, 0L, SEEK_SET); + + msg = (unsigned char*)malloc(sizeof(unsigned char) * (msgLen + 1)); + memset(msg, 0x00, (msgLen + 1)); + fread(msg, sizeof(unsigned char), msgLen, fp_msg); + + // load signature + if(!(fp_sig = fopen(SIG_PATH, "rb"))) { + printf("Fail to open file, [%s]\n", SIG_PATH); + goto err; + } + fseek(fp_sig, 0L, SEEK_END); + sigLen = ftell(fp_sig); + fseek(fp_sig, 0L, SEEK_SET); + + sig = (unsigned char*)malloc(sizeof(unsigned char) * (sigLen + 1)); + tmpSig = (unsigned char*)malloc(sizeof(unsigned char) * (sigLen + 1)); + memset(sig, 0x00, (sigLen + 1)); + memset(tmpSig, 0x00, (sigLen + 1)); + + fread(sig, sizeof(unsigned char), sigLen, fp_sig); + for(i = 0; i < sigLen; i++) { + if(sig[i] != '\n') { + tmpSig[j] = sig[i]; + j++; + } + } + + // function call +// if((ret = cert_svc_verify_signature(ctx, msg, sig, sigLen, "SHA1", &validity)) != CERT_SVC_ERR_NO_ERROR) { + if((ret = cert_svc_verify_signature(ctx, msg, msgLen, tmpSig, NULL, &validity)) != CERT_SVC_ERR_NO_ERROR) { + printf("Fail to verify signature.\n"); + goto err; + } + printf("[RESULT] ret: [%d]\n", validity); + +err: + if(fp_msg != NULL) fclose(fp_msg); + if(fp_sig != NULL) fclose(fp_sig); + if(msg != NULL) free(msg); + if(sig != NULL) free(sig); + if(tmpSig != NULL) free(tmpSig); + cert_svc_cert_context_final(ctx); + + return 0; +} diff --git a/tests/cert-svc/verify_test.c b/tests/cert-svc/verify_test.c new file mode 100644 index 0000000..4dbe9c6 --- /dev/null +++ b/tests/cert-svc/verify_test.c @@ -0,0 +1,66 @@ +#include <stdio.h> +#include <string.h> +#include <stdlib.h> + +#include "cert-service.h" + +#define TARGET_CERT "./data/cert_chain/server.crt" +#define CHAIN1_CERT "./data/cert_chain/chain1.crt" +#define CHAIN2_CERT "./data/cert_chain/chain2.crt" +#define CHAIN3_CERT "./data/cert_chain/chain3.crt" +#define CHAIN4_CERT "./data/cert_chain/chain4.crt" +#define CHAIN5_CERT "./data/cert_chain/chain5.crt" + +int main() +{ + int ret = CERT_SVC_ERR_NO_ERROR; + int validity = 0; + CERT_CONTEXT* ctx = cert_svc_cert_context_init(); + + // load certificate to context +// if((ret = cert_svc_load_file_to_context(ctx, TARGET_CERT)) != CERT_SVC_ERR_NO_ERROR) { + if((ret = cert_svc_load_file_to_context(ctx, CHAIN1_CERT)) != CERT_SVC_ERR_NO_ERROR) { + printf("ERR!! ret: [%d]\n", ret); + goto err; + } + + // push certificates to context +// if((ret = cert_svc_push_file_into_context(ctx, CHAIN1_CERT)) != CERT_SVC_ERR_NO_ERROR) { +// printf("ERR!! ret: [%d]\n", ret); +// goto err; +// } +// if((ret = cert_svc_push_file_into_context(ctx, CHAIN2_CERT)) != CERT_SVC_ERR_NO_ERROR) { +// printf("ERR!! ret: [%d]\n", ret); +// goto err; +// } +// if((ret = cert_svc_push_file_into_context(ctx, CHAIN5_CERT)) != CERT_SVC_ERR_NO_ERROR) { +// printf("ERR!! ret: [%d]\n", ret); +// goto err; +// } +// if((ret = cert_svc_push_file_into_context(ctx, CHAIN4_CERT)) != CERT_SVC_ERR_NO_ERROR) { +// printf("ERR!! ret: [%d]\n", ret); +// goto err; +// } +// if((ret = cert_svc_push_file_into_context(ctx, CHAIN3_CERT)) != CERT_SVC_ERR_NO_ERROR) { +// printf("ERR!! ret: [%d]\n", ret); +// goto err; +// } +// +// // check linked list +// if(ctx->certLink == NULL) { +// printf("FAIL!!\n"); +// goto err; +// } + + // verify + ret = cert_svc_verify_certificate(ctx, &validity); + if(ret != CERT_SVC_ERR_NO_ERROR) + printf("ret: [%d]\n", ret); + + printf("[RESULT] validity: [%d]\n", validity); + printf("[RESULT] root CA path: [%s]\n", ctx->fileNames->filename); + +err: + cert_svc_cert_context_final(ctx); + return 0; +} diff --git a/tests/pkcs12/8956b9bc.0 b/tests/pkcs12/8956b9bc.0 new file mode 100644 index 0000000..39105b5 --- /dev/null +++ b/tests/pkcs12/8956b9bc.0 @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Root CA for PKCS12 Test/emailAddress=tt@gmail.com + Validity + Not Before: May 7 08:25:27 2015 GMT + Not After : May 4 08:25:27 2025 GMT + Subject: C=KR, ST=Seoul, O=Samsung, OU=Tizen Test, CN=Test Root CA for PKCS12 Test/emailAddress=tt@gmail.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:be:32:b4:73:08:76:e2:4a:1e:39:ac:43:31:20: + a6:5b:a2:a2:7c:95:c7:9a:1c:60:10:47:0e:d3:f0: + 50:52:6d:a2:a6:b2:b1:22:25:59:a3:7d:26:ab:3b: + b6:e5:4d:98:9e:47:f3:4f:b3:31:65:a1:16:72:71: + f9:56:64:7b:79:57:9e:f5:5f:d2:af:fa:14:fb:2d: + 3d:1f:40:e8:f7:1e:19:8c:d8:d5:9c:90:c7:f8:00: + 90:d2:a0:47:93:7b:2f:3a:38:7e:e3:f8:59:73:b7: + a4:06:f4:41:4a:0b:68:1e:2a:37:d5:de:91:55:6e: + d7:5c:7d:08:ee:be:1e:ba:1b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 2C:2D:C8:DC:D0:F1:12:04:33:70:4A:4B:4F:DA:92:E0:4D:02:B2:F8 + X509v3 Authority Key Identifier: + keyid:2C:2D:C8:DC:D0:F1:12:04:33:70:4A:4B:4F:DA:92:E0:4D:02:B2:F8 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + 91:7f:c8:cb:43:a6:e8:ee:47:9b:4b:31:c3:6f:c0:e5:3e:32: + 88:c8:4e:5d:96:85:20:8f:86:47:96:b7:c0:53:8d:4b:26:4b: + 01:2f:5a:4e:87:18:60:2c:25:d6:eb:d7:a9:74:44:bc:3f:60: + 7a:3b:14:7a:05:ca:f3:99:cb:d5:73:29:52:c5:b2:11:c0:ad: + e9:7a:c2:fd:c2:30:ac:f6:76:54:13:51:d6:d7:76:1d:56:58: + f0:c9:64:e1:cb:84:b8:af:65:f2:4a:dd:19:b5:05:03:ce:12: + 8a:9e:25:59:00:8b:d1:4f:25:87:66:bc:54:cc:d5:c8:43:5e: + 46:7c +-----BEGIN CERTIFICATE----- +MIIC2DCCAkGgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCS1Ix +DjAMBgNVBAgMBVNlb3VsMRAwDgYDVQQKDAdTYW1zdW5nMRMwEQYDVQQLDApUaXpl +biBUZXN0MSUwIwYDVQQDDBxUZXN0IFJvb3QgQ0EgZm9yIFBLQ1MxMiBUZXN0MRsw +GQYJKoZIhvcNAQkBFgx0dEBnbWFpbC5jb20wHhcNMTUwNTA3MDgyNTI3WhcNMjUw +NTA0MDgyNTI3WjCBiDELMAkGA1UEBhMCS1IxDjAMBgNVBAgMBVNlb3VsMRAwDgYD +VQQKDAdTYW1zdW5nMRMwEQYDVQQLDApUaXplbiBUZXN0MSUwIwYDVQQDDBxUZXN0 +IFJvb3QgQ0EgZm9yIFBLQ1MxMiBUZXN0MRswGQYJKoZIhvcNAQkBFgx0dEBnbWFp +bC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL4ytHMIduJKHjmsQzEg +pluionyVx5ocYBBHDtPwUFJtoqaysSIlWaN9Jqs7tuVNmJ5H80+zMWWhFnJx+VZk +e3lXnvVf0q/6FPstPR9A6PceGYzY1ZyQx/gAkNKgR5N7Lzo4fuP4WXO3pAb0QUoL +aB4qN9XekVVu11x9CO6+HrobAgMBAAGjUDBOMB0GA1UdDgQWBBQsLcjc0PESBDNw +SktP2pLgTQKy+DAfBgNVHSMEGDAWgBQsLcjc0PESBDNwSktP2pLgTQKy+DAMBgNV +HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4GBAJF/yMtDpujuR5tLMcNvwOU+MojI +Tl2WhSCPhkeWt8BTjUsmSwEvWk6HGGAsJdbr16l0RLw/YHo7FHoFyvOZy9VzKVLF +shHArel6wv3CMKz2dlQTUdbXdh1WWPDJZOHLhLivZfJK3Rm1BQPOEoqeJVkAi9FP +JYdmvFTM1chDXkZ8 +-----END CERTIFICATE----- diff --git a/tests/pkcs12/CMakeLists.txt b/tests/pkcs12/CMakeLists.txt new file mode 100644 index 0000000..50d2d84 --- /dev/null +++ b/tests/pkcs12/CMakeLists.txt @@ -0,0 +1,70 @@ +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Jacek Migacz (j.migacz@samsung.com) +# @version 1.0 +# @brief This package provides bacis check of internal OpenSSL's PKCS#12 routines. +# + +SET(PKCS12_TEST_SOURCES + ${PROJECT_SOURCE_DIR}/tests/pkcs12/pkcs12_test.cpp + ${PROJECT_SOURCE_DIR}/tests/pkcs12/new_test_cases.cpp + ) + +INCLUDE_DIRECTORIES( + ${PROJECT_SOURCE_DIR}/vcore/src + ${PROJECT_SOURCE_DIR}/tests/pkcs12 + ) + +ADD_EXECUTABLE(${TARGET_PKCS12_TEST} ${PKCS12_TEST_SOURCES}) + +TARGET_LINK_LIBRARIES(${TARGET_PKCS12_TEST} + ${TARGET_VCORE_LIB} + ${VCORE_TEST_DEP_LIBRARIES} + -ldl + ) + +INSTALL(TARGETS ${TARGET_PKCS12_TEST} + DESTINATION ${TZ_SYS_BIN} + PERMISSIONS OWNER_READ + OWNER_WRITE + OWNER_EXECUTE + GROUP_READ + GROUP_EXECUTE + WORLD_READ + WORLD_EXECUTE + ) + + +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/tests/pkcs12/without_pass.p12 + DESTINATION ${TZ_SYS_RO_APP}/widget/tests/pkcs12/ +) + +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/tests/pkcs12/without_pass.p12 + ${PROJECT_SOURCE_DIR}/tests/pkcs12/Invalidcrt.crt + ${PROJECT_SOURCE_DIR}/tests/pkcs12/Testing.crt + ${PROJECT_SOURCE_DIR}/tests/pkcs12/test.pfx + ${PROJECT_SOURCE_DIR}/tests/pkcs12/wifi-server.pem + ${PROJECT_SOURCE_DIR}/tests/pkcs12/wifiserver.pfx + ${PROJECT_SOURCE_DIR}/tests/pkcs12/wifiuser.p12 + DESTINATION ${TZ_SYS_SHARE}/cert-svc/tests/ +) + +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/tests/pkcs12/8956b9bc.0 + DESTINATION ${TZ_SYS_ETC}/ssl/certs/ +) diff --git a/tests/pkcs12/Invalidcrt.crt b/tests/pkcs12/Invalidcrt.crt new file mode 100644 index 0000000..6ac004f --- /dev/null +++ b/tests/pkcs12/Invalidcrt.crt @@ -0,0 +1,136 @@ + +package android.app.enterprise; + +import android.app.enterprise.BasePolicyParams.PolicyState; +import android.os.Parcel; +import android.os.Parcelable; + +public class WifiAdminProfile implements Parcelable { + + /** Wifi networks SSID */ + public String ssid = null; + + /** Pre-shared key for WPA-PSK network type */ + public String psk = null; + + /** User password for 802.1x EAP network type */ + public String password = null; + + /** Wifi network security type */ + public String security = null; + + /** Default WEP key index (0 to 3) */ + public int wepKeyId = -1; + + /** WEP key 1 (default wepKeyId should be 0)*/ + public String wepKey1 = null; + + /** WEP key 2 (default wepKeyId should be 1) */ + public String wepKey2 = null; + + /** WEP key 3 (default wepKeyId should be 2) */ + public String wepKey3 = null; + + /** WEP key 4 (default wepKeyId should be 3) */ + public String wepKey4 = null; + + /** User identity for 802.1x EAP network type */ + public String userIdentity = null; + + /** User anonymous identity for 802.1x EAP network type */ + public String anonymousIdentity = null; + + /** Phase 2 authentication type for 802.1x EAP network type */ + public String phase2 = null; + + /** Client (User) certicate for 802.1x EAP/TLS network type */ + public String clientCertification = null; + + /** CA certicate for 802.1x EAP/TLS network type */ + public String caCertificate = null; + + /** Private key for 802.1x EAP/TLS network type */ + public String privateKey = null; + + /** Common names used to match server certificate for 802.1x EAP/TLS network type + * Use ";" as separator for name list + */ + public String cnMatchList = null; + + /** SHA-1 fingerprints used to match server certificate for 802.1x EAP/TLS network type + * Use ";" as separator for name list + */ + public String fingerprintMatchList = null; + + /** Allow dynamic certificate authentication*/ + public PolicyState allowDynamicTrust = PolicyState.DEFAULT; + + public void writeToParcel(Parcel dest, int flags) { + dest.writeString(ssid); + dest.writeString(psk); + dest.writeString(password); + dest.writeString(security); + dest.writeInt(wepKeyId); + dest.writeString(wepKey1); + dest.writeString(wepKey2); + dest.writeString(wepKey3); + dest.writeString(wepKey4); + dest.writeString(userIdentity); + dest.writeString(anonymousIdentity); + dest.writeString(phase2); + dest.writeString(clientCertification); + dest.writeString(caCertificate); + dest.writeString(privateKey); + dest.writeString(cnMatchList); + dest.writeString(fingerprintMatchList); + dest.writeInt(allowDynamicTrust.ordinal()); + } + + public WifiAdminProfile() { + // do nothing + } + + private WifiAdminProfile(Parcel in) { + ssid = in.readString(); + psk = in.readString(); + password = in.readString(); + security = in.readString(); + wepKeyId = in.readInt(); + wepKey1 = in.readString(); + wepKey2 = in.readString(); + wepKey3 = in.readString(); + wepKey4 = in.readString(); + userIdentity = in.readString(); + anonymousIdentity = in.readString(); + phase2 = in.readString(); + clientCertification = in.readString(); + caCertificate = in.readString(); + privateKey = in.readString(); + cnMatchList = in.readString(); + fingerprintMatchList = in.readString(); + allowDynamicTrust = PolicyState.valueOf(in.readInt()); + } + + public static final Parcelable.Creator<WifiAdminProfile> CREATOR = new Parcelable.Creator<WifiAdminProfile>() { + public WifiAdminProfile createFromParcel(Parcel in) { + return new WifiAdminProfile(in); + } + + public WifiAdminProfile[] newArray(int size) { + return new WifiAdminProfile[size]; + } + }; + + @Override + public int describeContents() { + return 0; + } + + public PolicyState booleanToEnum(String text) { + if (Boolean.parseBoolean(text)) { + return PolicyState.TRUE; + } + // else: + return PolicyState.FALSE; + } +} diff --git a/tests/pkcs12/Testing.crt b/tests/pkcs12/Testing.crt new file mode 100644 index 0000000..35e2689 --- /dev/null +++ b/tests/pkcs12/Testing.crt @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGCDCCA/CgAwIBAgIBATANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 +IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB +IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA +Y2FjZXJ0Lm9yZzAeFw0wNTEwMTQwNzM2NTVaFw0zMzAzMjgwNzM2NTVaMFQxFDAS +BgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5v +cmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCrSTURSHzSJn5TlM9Dqd0o10Iqi/OHeBlYfA+e2ol9 +4fvrcpANdKGWZKufoCSZc9riVXbHF3v1BKxGuMO+f2SNEGwk82GcwPKQ+lHm9WkB +Y8MPVuJKQs/iRIwlKKjFeQl9RrmK8+nzNCkIReQcn8uUBByBqBSzmGXEQ+xOgo0J +0b2qW42S0OzekMV/CsLj6+YxWl50PpczWejDAz1gM7/30W9HxM3uYoNSbi4ImqTZ +FRiRpoWSR7CuSOtttyHshRpocjWr//AQXcD0lKdq1TuSfkyQBX6TwSyLpI5idBVx +bgtxA+qvFTia1NIFcm+M+SvrWnIl+TlG43IbPgTDZCciECqKT1inA62+tC4T7V2q +SNfVfdQqe1z6RgRQ5MwOQluM7dvyz/yWk+DbETZUYjQ4jwxgmzuXVjit89Jbi6Bb +6k6WuHzX1aCGcEDTkSm3ojyt9Yy7zxqSiuQ0e8DYbF/pCsLDpyCaWt8sXVJcukfV +m+8kKHA4IC/VfynAskEDaJLM4JzMl0tF7zoQCqtwOpiVcK01seqFK6QcgCExqa5g +eoAmSAC4AcCTY1UikTxW56/bOiXzjzFU6iaLgVn5odFTEcV7nQP2dBHgbbEsPyyG +kZlxmqZ3izRg0RS0LKydr4wQ05/EavhvE/xzWfdmQnQeiuP43NJvmJzLR5iVQAX7 +6QIDAQABo4G/MIG8MA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUHAQEEUTBPMCMG +CCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggrBgEFBQcwAoYc +aHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBBMD8GCCsGAQQB +gZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5w +aHA/aWQ9MTAwDQYJKoZIhvcNAQEEBQADggIBAH8IiKHaGlBJ2on7oQhy84r3HsQ6 +tHlbIDCxRd7CXdNlafHCXVRUPIVfuXtCkcKZ/RtRm6tGpaEQU55tiKxzbiwzpvD0 +nuB1wT6IRanhZkP+VlrRekF490DaSjrxC1uluxYG5sLnk7mFTZdPsR44Q4Dvmw2M +77inYACHV30eRBzLI++bPJmdr7UpHEV5FpZNJ23xHGzDwlVks7wU4vOkHx4y/CcV +Bc/dLq4+gmF78CEQGPZE6lM5+dzQmiDgxrvgu1pPxJnIB721vaLbLmINQjRBvP+L +ivVRIqqIMADisNS8vmW61QNXeZvo3MhN+FDtkaVSKKKs+zZYPumUK5FQhxvWXtaM +zPcPEAxSTtAWYeXlCmy/F8dyRlecmPVsYGN6b165Ti/Iubm7aoW8mA3t+T6XhDSU +rgCvoeXnkm5OvfPi2RSLXNLrAWygF6UtEOucekq9ve7O/e0iQKtwOIj1CodqwqsF +YMlIBdpTwd5Ed2qz8zw87YC8pjhKKSRf/lk7myV6VmMAZLldpGJ9VzZPrYPvH5JT +oI53V93lYRE9IwCQTDz6o2CTBKOvNfYOao9PSmCnhQVsRqGP9Md246FZV/dxssRu +FFxtbUFm3xuTsdQAw+7Lzzw9IYCpX2Nl/N3gX6T0K/CFcUHUZyX7GrGXrtaZghNB +0m6lG5kngOcLqagA +-----END CERTIFICATE----- diff --git a/tests/pkcs12/new_test_cases.cpp b/tests/pkcs12/new_test_cases.cpp new file mode 100644 index 0000000..2b32898 --- /dev/null +++ b/tests/pkcs12/new_test_cases.cpp @@ -0,0 +1,1532 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file new_test_cases.cpp + * @author Madhan A K (madhan.ak@samsung.com) + * @version 1.0 + * @brief PKCS#12 test cases. + */ + +#include <string.h> +#include <unistd.h> +#include <stdlib.h> +#include <sys/types.h> +#include <sys/wait.h> +#include <dpl/test/test_runner.h> +#include <cert-svc/cinstance.h> +#include <cert-svc/ccert.h> +#include <glib.h> +#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL +#include <cert-svc/ccrl.h> +#include <cert-svc/cocsp.h> +#endif +#include <cert-svc/cpkcs12.h> +#include <cert-svc/cerror.h> +#include <cert-svc/cprimitives.h> +#include <cert-service.h> +#include <cert-service-debug.h> +#include <openssl/err.h> +#include <openssl/pkcs12.h> +#include <openssl/sha.h> +#include <openssl/x509.h> +#include <openssl/pem.h> +#include <time.h> + +static CertSvcInstance instance; + +#define CREATE_INSTANCE \ + certsvc_instance_new(&instance); +#define FREE_INSTANCE \ + certsvc_instance_free(instance); + +/* Getting the certificate list from system_store */ +RUNNER_TEST(CERTSVC_PKCS12_1001_certsvc_get_root_cert_list) { + + CertStoreType storeType = SYSTEM_STORE; + CertSvcStoreCertList* certList = NULL; + CertSvcStoreCertList* tmpNode = NULL; + int length = 0; + int result; + int count = 0; + CREATE_INSTANCE + + //start time + clock_t tic = clock(); + result = certsvc_pkcs12_get_certificate_list_from_store(instance, storeType, DISABLED, &certList, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting certificate list from system store failed"); + clock_t toc = clock(); + //time end + if(result == CERTSVC_SUCCESS) + { + tmpNode = certList; + while(tmpNode != NULL) + { + count++; + tmpNode = tmpNode->next; + } + + result = certsvc_pkcs12_free_certificate_list_loaded_from_store(instance, &certList); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Freeing certificate list from system store failed"); + } + + FREE_INSTANCE +} + +/* Set the status of the certificate to disabled/enabled in system store and get the status */ +RUNNER_TEST(CERTSVC_PKCS12_1002_certsvc_set_cert_to_disabled_and_get_status_for_system_store) { + + char *gname = "Certum_Root_CA.pem"; + CertStoreType storeType = SYSTEM_STORE; + CertStatus Status; + int status = -1; + int result; + CertSvcString Alias; + + CREATE_INSTANCE + + Alias.privateHandler = gname; + Alias.privateLength = strlen((const char*)gname); + + result = certsvc_pkcs12_get_certificate_status_from_store(instance, storeType, Alias, &status); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Get certificate status from system store failed."); + + // if status is already disabled, roll it back to enable and go on + if (status == DISABLED) { + result = certsvc_pkcs12_set_certificate_status_to_store(instance, storeType, DISABLED, Alias, ENABLED); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Roll back certificate status to system store failed."); + } + + Status=DISABLED; + result = certsvc_pkcs12_set_certificate_status_to_store(instance, storeType, DISABLED, Alias, Status); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Set certificate status to system store failed."); + + result = certsvc_pkcs12_get_certificate_status_from_store(instance, storeType, Alias, &status); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Get certificate status from system store failed."); + + Status=ENABLED; + result = certsvc_pkcs12_set_certificate_status_to_store(instance, storeType, DISABLED, Alias, Status); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Set certificate status to system store failed."); + + result = certsvc_pkcs12_get_certificate_status_from_store(instance, storeType, Alias, &status); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Get certificate status from system store failed."); + + FREE_INSTANCE +} + +/* Install a CRT file to individual stores */ +RUNNER_TEST(CERTSVC_PKCS12_1003_add_pem_file_in_individual_store) { + + char path[] = "/usr/share/cert-svc/tests/wifi-server.pem"; + CertSvcStoreCertList* certList = NULL; + CertSvcStoreCertList* tmpNode = NULL; + CertSvcStoreCertList* tmp = NULL; + char* pass = NULL; + CertStoreType type; + int result; + int length = 0; + int count = 0; + + CertSvcStoreCertList* certList1 = NULL; + CertSvcString buffer1, gname; + CertSvcString buffer2; + const char *temp = NULL; + CertSvcCertificate certificate; + + CREATE_INSTANCE + CertSvcString Alias, Path, Pass; + + Pass.privateHandler = pass; + Path.privateHandler = path; + Path.privateLength = strlen(path); + + type = WIFI_STORE; + Alias.privateHandler = "PEM-wifi-server-1"; + Alias.privateLength = strlen(Alias.privateHandler); + result = certsvc_pkcs12_import_from_file_to_store(instance, type, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Importing PEM file to WIFI store failed."); + + type = VPN_STORE; + Alias.privateHandler = "PEM-wifi-server-2"; + Alias.privateLength = strlen(Alias.privateHandler); + result = certsvc_pkcs12_import_from_file_to_store(instance, type, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Importing PEM file to VPN store failed."); + + type = EMAIL_STORE; + Alias.privateHandler = "PEM-wifi-server-3"; + Alias.privateLength = strlen(Alias.privateHandler); + result = certsvc_pkcs12_import_from_file_to_store(instance, type, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Importing PEM file to EMAIL store failed."); + + type = (CertStoreType) (WIFI_STORE | VPN_STORE | EMAIL_STORE); + result = certsvc_pkcs12_get_certificate_list_from_store(instance, type, DISABLED, &certList, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting certificate list from system store failed"); + + if(result == CERTSVC_SUCCESS) + { + + tmpNode = certList; + while(tmpNode != NULL) + { + count++; + tmp = tmpNode; + tmpNode = tmpNode->next; + } + result = certsvc_pkcs12_free_certificate_list_loaded_from_store(instance, &certList); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Freeing certificate list from system store failed"); + + } + + certList = NULL; + type = (CertStoreType) (WIFI_STORE | VPN_STORE | EMAIL_STORE); + result = certsvc_pkcs12_get_certificate_list_from_store(instance, type, DISABLED, &certList, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting certificate list from store failed."); + certList1=certList; + count = 0; + while(certList!=NULL) + { + gname.privateHandler = (char *)certList->gname; + gname.privateLength = strlen(certList->gname); + result = certsvc_pkcs12_get_certificate_from_store(instance, certList->storeType, certList->gname, &certificate); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Failed to get certificate from store."); + + result = certsvc_certificate_get_string_field(certificate, CERTSVC_SUBJECT, &buffer1); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Failed to get string field."); + + result = certsvc_certificate_get_string_field(certificate, CERTSVC_ISSUER_COMMON_NAME, &buffer2); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Failed to get string field."); + + certsvc_string_to_cstring(buffer1, &temp, &length); + certsvc_string_to_cstring(buffer2, &temp, &length); + + certsvc_string_free(buffer1); + certsvc_string_free(buffer2); + certsvc_certificate_free(certificate); + certList = certList->next; + count++; + } + certsvc_pkcs12_free_certificate_list_loaded_from_store(instance, &certList1); + if (certList1 != NULL) + + certList=NULL; + certList1=NULL; + + FREE_INSTANCE +} + +/* Installing pem file in all store at once */ +RUNNER_TEST(CERTSVC_PKCS12_1004_add_pem_file_in_all_store) { + + const char path[] = "/usr/share/cert-svc/tests/wifi-server.pem"; + CertSvcStoreCertList* certList = NULL; + CertSvcStoreCertList* tmpNode = NULL; + CertSvcStoreCertList* tmp = NULL; + char* pass = NULL; + char *alias = "PEM-wifi-server-all-store"; + CertStoreType type; + int result; + int count = 0; + int length = 0; + + CREATE_INSTANCE + CertSvcString Alias, Path, Pass; + + Alias.privateHandler = alias; + Alias.privateLength = strlen(alias); + Pass.privateHandler = pass; + Path.privateHandler = (char *)path; + Path.privateLength = strlen(path); + + type = (CertStoreType) (VPN_STORE | EMAIL_STORE | WIFI_STORE); + result = certsvc_pkcs12_import_from_file_to_store(instance, type, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Importing PEM file to all store failed."); + + type = (CertStoreType) (WIFI_STORE | VPN_STORE | EMAIL_STORE); + result = certsvc_pkcs12_get_certificate_list_from_store(instance, type, DISABLED, &certList, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting certificate list from system store failed"); + + if(result == CERTSVC_SUCCESS) + { + tmpNode = certList; + while(tmpNode != NULL) + { + count++; + tmp = tmpNode; + tmpNode = tmpNode->next; + } + result = certsvc_pkcs12_free_certificate_list_loaded_from_store(instance, &certList); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Freeing certificate list from system store failed"); + } + + FREE_INSTANCE +} + +/* Install a CRT file to individual stores */ +RUNNER_TEST(CERTSVC_PKCS12_1005_add_crt_file_in_individual_store) { + + const char path[] = "/usr/share/cert-svc/tests/Testing.crt"; + CertSvcStoreCertList* certList = NULL; + CertSvcStoreCertList* tmpNode = NULL; + CertSvcStoreCertList* tmp = NULL; + char* pass = NULL; + char *alias = "CRT-TestingCRT1"; + CertStoreType type; + int result; + int length = 0; + int count = 0; + + CertSvcStoreCertList* certList1 = NULL; + CertSvcString buffer1, gname; + CertSvcString buffer2; + const char *temp = NULL; + CertSvcCertificate certificate; + + CREATE_INSTANCE + CertSvcString Alias, Path, Pass; + + Alias.privateHandler = alias; + Alias.privateLength = strlen(alias); + Pass.privateHandler = pass; + Path.privateHandler = (char *)path; + Path.privateLength = strlen(path); + + type = WIFI_STORE; + result = certsvc_pkcs12_import_from_file_to_store(instance, type, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Importing CRT file to WIFI store failed."); + + type = VPN_STORE; + result = certsvc_pkcs12_import_from_file_to_store(instance, type, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Importing CRT file to VPN store failed."); + + type = EMAIL_STORE; + result = certsvc_pkcs12_import_from_file_to_store(instance, type, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Importing CRT file to EMAIL store failed."); + + type = (CertStoreType) (WIFI_STORE | VPN_STORE | EMAIL_STORE); + result = certsvc_pkcs12_get_certificate_list_from_store(instance, type, DISABLED, &certList, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting certificate list from system store failed"); + + if(result == CERTSVC_SUCCESS) + { + tmpNode = certList; + while(tmpNode != NULL) + { + count++; + tmp = tmpNode; + tmpNode = tmpNode->next; + } + result = certsvc_pkcs12_free_certificate_list_loaded_from_store(instance, &certList); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Freeing certificate list from system store failed"); + } + + certList = NULL; + type = (CertStoreType) (WIFI_STORE | VPN_STORE | EMAIL_STORE); + result = certsvc_pkcs12_get_certificate_list_from_store(instance, type, DISABLED, &certList, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting certificate list from store failed."); + certList1=certList; + count = 0; + while(certList!=NULL) + { + gname.privateHandler = (char *)certList->gname; + gname.privateLength = strlen(certList->gname); + result = certsvc_pkcs12_get_certificate_from_store(instance, certList->storeType, certList->gname, &certificate); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Failed to get certificate from store."); + + result = certsvc_certificate_get_string_field(certificate, CERTSVC_SUBJECT, &buffer1); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Failed to get string field."); + + result = certsvc_certificate_get_string_field(certificate, CERTSVC_ISSUER_COMMON_NAME, &buffer2); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Failed to get string field."); + + certsvc_string_to_cstring(buffer1, &temp, &length); + certsvc_string_to_cstring(buffer2, &temp, &length); + + certsvc_string_free(buffer1); + certsvc_string_free(buffer2); + certsvc_certificate_free(certificate); + certList = certList->next; + count++; + } + certsvc_pkcs12_free_certificate_list_loaded_from_store(instance, &certList1); + certList=NULL; + certList1=NULL; + + FREE_INSTANCE +} + +/* Install a CRT file to all store at once */ +RUNNER_TEST(CERTSVC_PKCS12_1006_add_crt_file_in_all_store) { + + const char path[] = "/usr/share/cert-svc/tests/Testing.crt"; + CertSvcStoreCertList* certList = NULL; + CertSvcStoreCertList* tmpNode = NULL; + CertSvcStoreCertList* tmp = NULL; + char* pass = NULL; + char *alias = "CRT-TestingCRT1-all-store"; + CertStoreType type; + int result; + int count = 0; + int length = 0; + + CREATE_INSTANCE + CertSvcString Alias, Path, Pass; + + Alias.privateHandler = alias; + Alias.privateLength = strlen(alias); + Pass.privateHandler = pass; + Path.privateHandler = (char *)path; + Path.privateLength = strlen(path); + + type = (CertStoreType )(WIFI_STORE | VPN_STORE | EMAIL_STORE); + result = certsvc_pkcs12_import_from_file_to_store(instance, type, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Importing CRT file to all store failed."); + + type = (CertStoreType) (WIFI_STORE | VPN_STORE | EMAIL_STORE); + result = certsvc_pkcs12_get_certificate_list_from_store(instance, type, DISABLED, &certList, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting certificate list from system store failed"); + + if(result == CERTSVC_SUCCESS) + { + tmpNode = certList; + while(tmpNode != NULL) + { + count++; + tmp = tmpNode; + tmpNode = tmpNode->next; + } + result = certsvc_pkcs12_free_certificate_list_loaded_from_store(instance, &certList); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Freeing certificate list from system store failed"); + + } + + FREE_INSTANCE +} + +/* Import a P12 file to individual store */ +RUNNER_TEST(CERTSVC_PKCS12_1007_install_p12_file_to_individual_store) { + + const char path[] = "/usr/share/cert-svc/tests/wifiuser.p12"; + CertSvcStoreCertList* certList = NULL; + CertSvcStoreCertList* tmpNode = NULL; + CertSvcStoreCertList* tmp = NULL; + const char pass[] = "wifi"; + char *alias = "P12-WifiUser"; + CertStoreType storeType; + int result; + int length = 0; + int count = 0; + + CREATE_INSTANCE + CertSvcString Alias, Path, Pass; + + Alias.privateHandler = (char *)alias; + Alias.privateLength = strlen(alias); + Pass.privateHandler = (char *)pass; + Pass.privateLength = strlen(pass); + Path.privateHandler = (char *)path; + Path.privateLength = strlen(path); + +/* + result = certsvc_pkcs12_import_from_file(instance, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result == CERTSVC_SUCCESS, "certsvc_pkcs12_import_from_file failed."); +*/ + + storeType = WIFI_STORE; + result = certsvc_pkcs12_import_from_file_to_store(instance, storeType, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Importing p12 file to WIFI store failed."); + + storeType = VPN_STORE; + result = certsvc_pkcs12_import_from_file_to_store(instance, storeType, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Importing p12 file to VPN store failed."); + + storeType = EMAIL_STORE; + result = certsvc_pkcs12_import_from_file_to_store(instance, storeType, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Importing p12 file to EMAIL store failed."); + + storeType = (CertStoreType) (WIFI_STORE | VPN_STORE | EMAIL_STORE); + result = certsvc_pkcs12_get_certificate_list_from_store(instance, storeType, DISABLED, &certList, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting certificate list from system store failed"); + + if(result == CERTSVC_SUCCESS) + { + tmpNode = certList; + while(tmpNode != NULL) + { + count++; + tmp = tmpNode; + tmpNode = tmpNode->next; + } + result = certsvc_pkcs12_free_certificate_list_loaded_from_store(instance, &certList); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Freeing certificate list from system store failed"); + } + + FREE_INSTANCE +} + +/* Import a P12 file to all store */ +RUNNER_TEST(CERTSVC_PKCS12_1008_install_p12_file_to_all_store) { + + const char path[] = "/usr/share/cert-svc/tests/wifiuser.p12"; + CertSvcStoreCertList* certList = NULL; + CertSvcStoreCertList* tmpNode = NULL; + CertSvcStoreCertList* tmp = NULL; + const char pass[] = "wifi"; + char *alias = "P12-WifiUser-all-store"; + CertStoreType storeType; + int result; + int length = 0; + int count =0; + + CREATE_INSTANCE + CertSvcString Alias, Path, Pass; + + Alias.privateHandler = (char *)alias; + Alias.privateLength = strlen(alias); + Pass.privateHandler = (char *)pass; + Pass.privateLength = strlen(pass); + Path.privateHandler = (char *)path; + Path.privateLength = strlen(path); + + storeType = (CertStoreType )(WIFI_STORE | VPN_STORE | EMAIL_STORE); + result = certsvc_pkcs12_import_from_file_to_store(instance, storeType, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Importing p12 file to WIFI store failed."); + + storeType = (CertStoreType) (WIFI_STORE | VPN_STORE | EMAIL_STORE); + result = certsvc_pkcs12_get_certificate_list_from_store(instance, storeType, DISABLED, &certList, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting certificate list from system store failed"); + + if(result == CERTSVC_SUCCESS) + { + tmpNode = certList; + while(tmpNode != NULL) + { + count++; + tmp = tmpNode; + tmpNode = tmpNode->next; + } + result = certsvc_pkcs12_free_certificate_list_loaded_from_store(instance, &certList); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Freeing certificate list from system store failed"); + } + + FREE_INSTANCE +} + +/* Import a P12 file to individual store */ +RUNNER_TEST(CERTSVC_PKCS12_1009_install_pfx_file_to_individual_store) { + + const char path[] = "/usr/share/cert-svc/tests/wifiserver.pfx"; + CertSvcStoreCertList* certList = NULL; + CertSvcStoreCertList* tmpNode = NULL; + CertSvcStoreCertList* tmp = NULL; + const char pass[] = "wifi"; + char *alias = "PFX-WifiServer"; + CertStoreType storeType; + int result; + int count = 0; + int length = 0; + + CREATE_INSTANCE + CertSvcString Alias, Path, Pass; + + Alias.privateHandler = (char *)alias; + Alias.privateLength = strlen(alias); + Pass.privateHandler = (char *)pass; + Pass.privateLength = strlen(pass); + Path.privateHandler = (char *)path; + Path.privateLength = strlen(path); + + storeType = WIFI_STORE; + result = certsvc_pkcs12_import_from_file_to_store(instance, storeType, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Importing PFX file to WIFI store failed."); + + storeType = VPN_STORE; + result = certsvc_pkcs12_import_from_file_to_store(instance, storeType, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Importing PFX file to VPN store failed."); + + storeType = EMAIL_STORE; + result = certsvc_pkcs12_import_from_file_to_store(instance, storeType, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Importing PFX file to EMAIL store failed."); + + storeType = (CertStoreType) (WIFI_STORE | VPN_STORE | EMAIL_STORE); + result = certsvc_pkcs12_get_certificate_list_from_store(instance, storeType, DISABLED, &certList, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting certificate list from system store failed"); + + if(result == CERTSVC_SUCCESS) + { + tmpNode = certList; + while(tmpNode != NULL) + { + count++; + tmp = tmpNode; + tmpNode = tmpNode->next; + } + result = certsvc_pkcs12_free_certificate_list_loaded_from_store(instance, &certList); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Freeing certificate list from system store failed"); + } + + FREE_INSTANCE +} + +RUNNER_TEST(CERTSVC_PKCS12_1010_install_pfx_file_to_all_store) { + + const char path[] = "/usr/share/cert-svc/tests/wifiserver.pfx"; + const char pass[] = "wifi"; + char *alias = "PFX-WifiServer-all-store"; + CertStoreType storeType; + CertSvcStoreCertList* certList = NULL; + CertSvcStoreCertList* tmpNode = NULL; + CertSvcStoreCertList* tmp = NULL; + int length = 0; + int count = 0; + int result; + + CREATE_INSTANCE + CertSvcString Alias, Path, Pass; + + Alias.privateHandler = (char *)alias; + Alias.privateLength = strlen(alias); + Pass.privateHandler = (char *)pass; + Pass.privateLength = strlen(pass); + Path.privateHandler = (char *)path; + Path.privateLength = strlen(path); + + storeType = (CertStoreType) (VPN_STORE | EMAIL_STORE | WIFI_STORE); + result = certsvc_pkcs12_import_from_file_to_store(instance, storeType, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Importing PFX file to WIFI store failed."); + + storeType = (CertStoreType) (WIFI_STORE | VPN_STORE | EMAIL_STORE); + result = certsvc_pkcs12_get_certificate_list_from_store(instance, storeType, DISABLED, &certList, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting certificate list from system store failed"); + + if(result == CERTSVC_SUCCESS) + { + + tmpNode = certList; + while(tmpNode != NULL) + { + count++; + tmp = tmpNode; + tmpNode = tmpNode->next; + } + result = certsvc_pkcs12_free_certificate_list_loaded_from_store(instance, &certList); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Freeing certificate list from system store failed"); + } + + FREE_INSTANCE +} + +/* Getting all end user & root certificate list from WIFI,VPN,EMAIL store */ +RUNNER_TEST(CERTSVC_PKCS12_1011_get_all_end_user_certificate_from_store) { + + CertSvcStoreCertList* certList = NULL; + CertSvcStoreCertList* tmpNode = NULL; + CertStoreType storeType = (CertStoreType) (WIFI_STORE); + int result; + int length; + + CREATE_INSTANCE + + result = certsvc_pkcs12_get_end_user_certificate_list_from_store(instance, storeType, &certList, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting end user certificate list from store failed."); + tmpNode=certList; + while(tmpNode!=NULL) + { + tmpNode = tmpNode->next; + } + certsvc_pkcs12_free_certificate_list_loaded_from_store(instance, &certList); + certList = NULL; + tmpNode = NULL; + + storeType = (CertStoreType) (VPN_STORE); + result = certsvc_pkcs12_get_end_user_certificate_list_from_store(instance, storeType, &certList, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting end user certificate list from store failed."); + tmpNode=certList; + while(tmpNode!=NULL) + { + tmpNode = tmpNode->next; + } + certsvc_pkcs12_free_certificate_list_loaded_from_store(instance, &certList); + certList = NULL; + tmpNode = NULL; + + storeType = (CertStoreType) (EMAIL_STORE); + result = certsvc_pkcs12_get_end_user_certificate_list_from_store(instance, storeType, &certList, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting end user certificate list from store failed."); + tmpNode=certList; + while(tmpNode!=NULL) + { + tmpNode = tmpNode->next; + } + certsvc_pkcs12_free_certificate_list_loaded_from_store(instance, &certList); + certList = NULL; + tmpNode = NULL; + + storeType = (CertStoreType) (WIFI_STORE); + result = certsvc_pkcs12_get_root_certificate_list_from_store(instance, storeType, &certList, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting end user certificate list from store failed."); + tmpNode=certList; + while(tmpNode!=NULL) + { + tmpNode = tmpNode->next; + } + certsvc_pkcs12_free_certificate_list_loaded_from_store(instance, &certList); + certList = NULL; + tmpNode = NULL; + + storeType = (CertStoreType) (VPN_STORE); + result = certsvc_pkcs12_get_root_certificate_list_from_store(instance, storeType, &certList, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting end user certificate list from store failed."); + tmpNode=certList; + while(tmpNode!=NULL) + { + tmpNode = tmpNode->next; + } + certsvc_pkcs12_free_certificate_list_loaded_from_store(instance, &certList); + certList = NULL; + tmpNode = NULL; + + storeType = (CertStoreType) (EMAIL_STORE); + result = certsvc_pkcs12_get_root_certificate_list_from_store(instance, storeType, &certList, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting end user certificate list from store failed."); + tmpNode=certList; + while(tmpNode!=NULL) + { + tmpNode = tmpNode->next; + } + certsvc_pkcs12_free_certificate_list_loaded_from_store(instance, &certList); + certList = NULL; + tmpNode = NULL; + + FREE_INSTANCE +} + +/* Delete all certificate from WIFI,VPN,EMAIL store */ +RUNNER_TEST(CERTSVC_PKCS12_1012_delete_all_cert_from_multiple_store) { + + CertSvcStoreCertList* certList = NULL; + CertSvcStoreCertList* certList1 = NULL; + CertStoreType storeType = (CertStoreType) (WIFI_STORE | VPN_STORE | EMAIL_STORE); + int result; + int length; + CertSvcString gname; + + CREATE_INSTANCE + + result = certsvc_pkcs12_get_certificate_list_from_store(instance, storeType, DISABLED, &certList, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting certificate list from store failed."); + certList1=certList; + while(certList1!=NULL) + { + gname.privateHandler = (char *)certList1->gname; + gname.privateLength = strlen(certList1->gname); + result = certsvc_pkcs12_delete_certificate_from_store(instance, (CertStoreType) certList1->storeType, gname); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Deleting certificate from store failed."); + certList1 = certList1->next; + } + certsvc_pkcs12_free_certificate_list_loaded_from_store(instance, &certList); + certList=NULL; + + FREE_INSTANCE +} + +/* Import the file to one store and try to get the certlist from all store */ +RUNNER_TEST(CERTSVC_PKCS12_1013_install_pfx_file_to_one_store_and_get_list_from_multiple_store) { + + const char path[] = "/usr/share/cert-svc/tests/wifiserver.pfx"; + const char pass[] = "wifi"; + char *alias = "PFX-WifiServer-one-store"; + CertStoreType storeType; + CertSvcStoreCertList* certList = NULL; + CertSvcStoreCertList* tmpNode = NULL; + CertSvcStoreCertList* tmp = NULL; + int length = 0; + int count = 0; + int result = -1; + gboolean exists = FALSE; + + CREATE_INSTANCE + CertSvcString Alias, Path, Pass; + + Alias.privateHandler = (char *)alias; + Alias.privateLength = strlen(alias); + Pass.privateHandler = (char *)pass; + Pass.privateLength = strlen(pass); + Path.privateHandler = (char *)path; + Path.privateLength = strlen(path); + + storeType = (CertStoreType) (VPN_STORE | WIFI_STORE | EMAIL_STORE); + result = certsvc_pkcs12_check_alias_exists_in_store(instance, storeType, Alias, &exists); + if (exists==TRUE) { + /* installing the pfx in one store and getting the list from multiple store */ + storeType = (CertStoreType) ( EMAIL_STORE ); + result = certsvc_pkcs12_import_from_file_to_store(instance, storeType, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Importing PFX file to WIFI store failed."); + + storeType = (CertStoreType) ( VPN_STORE | WIFI_STORE ); + result = certsvc_pkcs12_import_from_file_to_store(instance, storeType, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Importing PFX file to WIFI store failed."); + + storeType = (CertStoreType) ( VPN_STORE | WIFI_STORE | EMAIL_STORE); + result = certsvc_pkcs12_get_certificate_list_from_store(instance, storeType, DISABLED, &certList, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting certificate list from system store failed"); + + if(result == CERTSVC_SUCCESS) + { + tmpNode = certList; + while(tmpNode != NULL) + { + count++; + tmp = tmpNode; + tmpNode = tmpNode->next; + } + result = certsvc_pkcs12_free_certificate_list_loaded_from_store(instance, &certList); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Freeing certificate list from system store failed"); + } + } + + FREE_INSTANCE +} + +/* Set the status of the certificate to disabled and trying to delete store */ +RUNNER_TEST(CERTSVC_PKCS12_1014_installing_pfx_without_password_to_individual_store) { + + const char path[] = "/usr/share/cert-svc/tests/without_pass.p12"; + const char pass[] = ""; + char *alias = "PFX-WifiServer-without-password"; + CertStoreType storeType; + int result; + gboolean exists = FALSE; + + CREATE_INSTANCE + CertSvcString Alias, Path, Pass; + + Alias.privateHandler = (char *)alias; + Alias.privateLength = strlen(alias); + Pass.privateHandler = (char *)pass; + Pass.privateLength = strlen(pass); + Path.privateHandler = (char *)path; + Path.privateLength = strlen(path); + + storeType = (CertStoreType) (VPN_STORE | WIFI_STORE | EMAIL_STORE); + result = certsvc_pkcs12_check_alias_exists_in_store(instance, storeType, Alias, &exists); + if (exists==TRUE) { + storeType = (CertStoreType) (VPN_STORE | WIFI_STORE | EMAIL_STORE); + result = certsvc_pkcs12_import_from_file_to_store(instance, storeType, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Importing PFX file to WIFI store failed."); + } + + FREE_INSTANCE +} + +/* Get certificate from WIFI,VPN,EMAIL store */ +RUNNER_TEST(CERTSVC_PKCS12_1015_get_certificate_from_store) { + + CertSvcStoreCertList* certList = NULL; + CertSvcStoreCertList* certList1 = NULL; + CertStoreType storeType = (CertStoreType) (WIFI_STORE | VPN_STORE | EMAIL_STORE); + int result; + int length; + CertSvcString buffer1, gname; + CertSvcString buffer2; + const char *temp = NULL; + CertSvcCertificate certificate; + + CREATE_INSTANCE + + result = certsvc_pkcs12_get_certificate_list_from_store(instance, storeType, DISABLED, &certList, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting certificate list from store failed."); + certList1=certList; + while(certList!=NULL) + { + gname.privateHandler = (char *)certList->gname; + gname.privateLength = strlen(certList->gname); + result = certsvc_pkcs12_get_certificate_from_store(instance, certList->storeType, certList->gname, &certificate); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Failed to get certificate from store."); + + result = certsvc_certificate_get_string_field(certificate, CERTSVC_SUBJECT, &buffer1); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Failed to get string field."); + + certsvc_string_to_cstring(buffer1, &temp, &length); + + result = certsvc_certificate_get_string_field(certificate, CERTSVC_ISSUER_COMMON_NAME, &buffer2); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Failed to get string field."); + + certsvc_string_to_cstring(buffer2, &temp, &length); + + certsvc_string_free(buffer1); + certsvc_string_free(buffer2); + certsvc_certificate_free(certificate); + certList = certList->next; + } + certsvc_pkcs12_free_certificate_list_loaded_from_store(instance, &certList1); + certList=NULL; + certList1=NULL; + + FREE_INSTANCE +} + +/* Get certificate from system store */ +RUNNER_TEST(CERTSVC_PKCS12_1016_get_certificate_from_system_store) { + + CertSvcStoreCertList* certList = NULL; + CertSvcStoreCertList* certList1 = NULL; + CertStoreType storeType = (CertStoreType) (SYSTEM_STORE); + int result = CERTSVC_SUCCESS; + int length = 0; + int count = 0; + CertSvcString buffer1, gname; + CertSvcString buffer2; + const char *temp = NULL; + CertSvcCertificate certificate; + + CREATE_INSTANCE + + result = certsvc_pkcs12_get_certificate_list_from_store(instance, storeType, DISABLED, &certList, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting certificate list from store failed."); + certList1=certList; + while(certList!=NULL) + { + gname.privateHandler = (char *)certList->gname; + gname.privateLength = strlen(certList->gname); + result = certsvc_pkcs12_get_certificate_from_store(instance, certList->storeType, certList->gname, &certificate); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Failed to get certificate from store."); + + result = certsvc_certificate_get_string_field(certificate, CERTSVC_SUBJECT, &buffer1); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Failed to get string field."); + + result = certsvc_certificate_get_string_field(certificate, CERTSVC_ISSUER_COMMON_NAME, &buffer2); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Failed to get string field."); + + certsvc_string_to_cstring(buffer1, &temp, &length); + certsvc_string_to_cstring(buffer2, &temp, &length); + + certsvc_string_free(buffer1); + certsvc_string_free(buffer2); + certsvc_certificate_free(certificate); + certList = certList->next; + count++; + } + certsvc_pkcs12_free_certificate_list_loaded_from_store(instance, &certList1); + + certList=NULL; + certList1=NULL; + + FREE_INSTANCE +} + +/* Load certificate list form store for a certificate */ +RUNNER_TEST(CERTSVC_PKCS12_1017_load_cert_list_from_store) { + + CertStoreType storeType; + CertSvcCertificateList certList; + CertSvcStoreCertList* certList1 = NULL; + CertSvcCertificate cert; + int result = CERTSVC_SUCCESS; + int length = 0; + int i=0; + int certListlength = 0; + const char *temp = NULL; + CertSvcString buffer1,buffer2, gname; + + CREATE_INSTANCE + + storeType = (CertStoreType) (VPN_STORE); + result = certsvc_pkcs12_get_certificate_list_from_store(instance, storeType, DISABLED, &certList1, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting certificate list from store failed."); + while(certList1!=NULL) + { + gname.privateHandler = (char *)certList1->gname; + gname.privateLength = strlen(certList1->gname); + + result = certsvc_pkcs12_load_certificate_list_from_store(instance, storeType, gname, &certList); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Load certificate list form store failed."); + + result = certsvc_certificate_list_get_length(certList, &certListlength); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Get certificate list get length failed."); + + for(i=0; i<certListlength; i++) + { + result = certsvc_certificate_list_get_one(certList, i, &cert); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "certsvc_certificate_list_get_one returned not CERTSVC_SUCCESS"); + + result = certsvc_certificate_get_string_field(cert, CERTSVC_SUBJECT, &buffer1); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Failed to get string field."); + + certsvc_string_to_cstring(buffer1, &temp, &length); + + result = certsvc_certificate_get_string_field(cert, CERTSVC_ISSUER_COMMON_NAME, &buffer2); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Failed to get string field."); + + certsvc_string_to_cstring(buffer2, &temp, &length); + } + break; // Should run for only one time // + } + + FREE_INSTANCE +} + +/* Load certificate list form store for a certificate */ +RUNNER_TEST(CERTSVC_PKCS12_1018_get_duplicate_private_key) { + + CertStoreType storeType; + CertSvcStoreCertList* certList1 = NULL; + FILE *fp = NULL; + int result = CERTSVC_SUCCESS; + int length = 0; + CertSvcString gname; + gchar *privatekey_path = NULL; + EVP_PKEY *privatekey = NULL; + + CREATE_INSTANCE + + storeType = (CertStoreType) (VPN_STORE); + result = certsvc_pkcs12_get_certificate_list_from_store(instance, storeType, DISABLED, &certList1, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting certificate list from store failed."); + while(certList1!=NULL) + { + gname.privateHandler = (char *)certList1->gname; + gname.privateLength = strlen(certList1->gname); + result = certsvc_pkcs12_dup_evp_pkey_from_store(instance, storeType, gname, &privatekey); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting duplicate private key from store failed."); + + privatekey_path = g_strdup_printf("%s", "/usr/share/cert-svc/pkcs12/temp.txt"); + if ((fp = fopen(privatekey_path, "w")) == NULL) { + result = CERTSVC_FAIL; + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Failed to open file for writing."); + } + + result = PEM_write_PrivateKey(fp, privatekey, NULL, NULL, 0, NULL, NULL); + RUNNER_ASSERT_MSG(result!=0, "Failed to write private key onto file."); + fclose(fp); + + certsvc_pkcs12_free_evp_pkey(privatekey); + + break; // Should run for only one time // + } + + FREE_INSTANCE +} + +/* Get certificate from system store */ +RUNNER_TEST(CERTSVC_PKCS12_1019_check_alias_exists) { + + char *alias = "PFX-WifiServer-without-password"; + CertStoreType storeType; + int result = CERTSVC_SUCCESS; + gboolean exists = FALSE; + + CREATE_INSTANCE + CertSvcString Alias; + + Alias.privateHandler = (char *)alias; + Alias.privateLength = strlen(alias); + storeType = (CertStoreType) (VPN_STORE | WIFI_STORE | EMAIL_STORE); + result = certsvc_pkcs12_check_alias_exists_in_store(instance, storeType, Alias, &exists); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting certificate list from store failed."); + + FREE_INSTANCE +} + +/* Set the status of the certificate to disabled/enabled in wifi,vpn,email store */ +RUNNER_TEST(CERTSVC_PKCS12_1020_certsvc_set_cert_to_disabled_and_get_status_for_individual_store) { + + CertSvcStoreCertList* certList = NULL; + CertSvcStoreCertList* tmpNode = NULL; + int array[3]={VPN_STORE,WIFI_STORE,EMAIL_STORE}; + int result = CERTSVC_SUCCESS; + CertSvcString Alias; + CertStatus Status; + int status = -1; + int length = 0; + int count = 0; + int i; + + CREATE_INSTANCE + + for(int j=0;j<3;j++) + { + i = array[j]; + + result = certsvc_pkcs12_get_certificate_list_from_store(instance, (CertStoreType)i, DISABLED, &certList, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting certificate list from store failed."); + tmpNode = certList; + while(certList!=NULL) + { + count++; + Alias.privateHandler = certList->gname; + Alias.privateLength = strlen((const char*)certList->gname); + + result = certsvc_pkcs12_get_certificate_status_from_store(instance, (CertStoreType)i, Alias, &status); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Get certificate status from system store failed."); + + Status=DISABLED; + result = certsvc_pkcs12_set_certificate_status_to_store(instance, (CertStoreType)i, DISABLED, Alias, Status); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Set certificate status to system store failed."); + + result = certsvc_pkcs12_get_certificate_status_from_store(instance, (CertStoreType)i, Alias, &status); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Get certificate status from system store failed."); + + Status=ENABLED; + result = certsvc_pkcs12_set_certificate_status_to_store(instance, (CertStoreType)i, DISABLED, Alias, Status); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Set certificate status to system store failed."); + + result = certsvc_pkcs12_get_certificate_status_from_store(instance, (CertStoreType)i, Alias, &status); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Get certificate status from system store failed."); + + certList = certList->next; + } + + certsvc_pkcs12_free_certificate_list_loaded_from_store(instance, &tmpNode); + } + + FREE_INSTANCE +} + +/* Negative test case */ +/* Install a PEM file to invalid store */ +RUNNER_TEST(CERTSVC_PKCS12_1021_add_pem_file_to_invalid_store) { + + const char path[] = "/usr/share/cert-svc/tests/wifi-server.pem"; + char* pass = NULL; + char *alias = "PFX-WifiServer-one-store"; + int result; + CertStoreType storeType = (CertStoreType) (-1); + CertSvcString Alias, Path, Pass; + + CREATE_INSTANCE + + Alias.privateHandler = alias; + Alias.privateLength = strlen(alias); + Pass.privateHandler = pass; + Path.privateHandler = (char *)path; + Path.privateLength = strlen(path); + + result = certsvc_pkcs12_import_from_file_to_store(instance, storeType, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result==CERTSVC_INVALID_STORE_TYPE, "Importing certifcate with existing alias to WIFI store failed."); + + result = certsvc_pkcs12_import_from_file_to_store(instance, storeType, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result==CERTSVC_INVALID_STORE_TYPE, "Importing certifcate with existing alias to VPN store failed."); + + result = certsvc_pkcs12_import_from_file_to_store(instance, storeType, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result==CERTSVC_INVALID_STORE_TYPE, "Importing certifcate with existing alias to EMAIL store failed."); + + /* Installing a PEM certificate to system store should fail */ + storeType = SYSTEM_STORE; + result = certsvc_pkcs12_import_from_file_to_store(instance, storeType, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Importing PEM file to EMAIL store failed."); + + /* Removing certificate to system store should fail */ + result = certsvc_pkcs12_delete_certificate_from_store(instance, storeType, Alias); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Deleting certificate from store failed."); + + + FREE_INSTANCE +} + +/* Set the status of the certificate to disabled/enabled from invalid store */ +RUNNER_TEST(CERTSVC_PKCS12_1022_certsvc_set_cert_to_disabled_and_get_status_for_invalid_store) { + + char* gname = "eb375c3e.0"; + CertStoreType storeType = (CertStoreType) (DISABLED); + CertStatus Status; + int status = -1; + int result; + CertSvcString Alias; + + CREATE_INSTANCE + + Alias.privateHandler = gname; + Alias.privateLength = strlen((const char*)gname); + + /* getting status from a invalid store should fail */ + result = certsvc_pkcs12_get_certificate_status_from_store(instance, storeType, Alias, &status); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Get certificate status from system store failed."); + + /* setting status to a invalid store should fail */ + Status=DISABLED; + result = certsvc_pkcs12_set_certificate_status_to_store(instance, storeType, DISABLED, Alias, Status); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Set certificate status to system store failed."); + + /* getting status from a invalid store should fail */ + result = certsvc_pkcs12_get_certificate_status_from_store(instance, storeType, Alias, &status); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Get certificate status from system store failed."); + + /* setting status to a invalid store should fail */ + Status=ENABLED; + result = certsvc_pkcs12_set_certificate_status_to_store(instance, storeType, DISABLED, Alias, Status); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Set certificate status to system store failed."); + + /* setting status to a invalid store should fail */ + result = certsvc_pkcs12_get_certificate_status_from_store(instance, storeType, Alias, &status); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Get certificate status from system store failed."); + + + FREE_INSTANCE +} + +/* Set the status of the certificate to disabled/enabled in wifi,vpn,email store */ +RUNNER_TEST(CERTSVC_PKCS12_1023_certsvc_set_cert_to_disabled_and_get_status_for_invalid_store) { + + CertStoreType storeType = (CertStoreType) (0); + CertSvcStoreCertList* certList = NULL; + CertStatus Status; + int status = -1; + int length; + int result; + CertSvcString Alias; + + CREATE_INSTANCE + + /* Getting certificate list from invalid store should fail */ + result = certsvc_pkcs12_get_certificate_list_from_store(instance, storeType, DISABLED, &certList, &length); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Getting certificate list from store failed."); + while(certList!=NULL) + { + Alias.privateHandler = certList->gname; + Alias.privateLength = strlen((const char*)certList->gname); + + result = certsvc_pkcs12_get_certificate_status_from_store(instance, storeType, Alias, &status); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Get certificate status from system store failed."); + + Status=DISABLED; + result = certsvc_pkcs12_set_certificate_status_to_store(instance, storeType, DISABLED, Alias, Status); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Set certificate status to system store failed."); + + result = certsvc_pkcs12_get_certificate_status_from_store(instance, storeType, Alias, &status); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Get certificate status from system store failed."); + + Status=ENABLED; + result = certsvc_pkcs12_set_certificate_status_to_store(instance, storeType, DISABLED, Alias, Status); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Set certificate status to system store failed."); + + result = certsvc_pkcs12_get_certificate_status_from_store(instance, storeType, Alias, &status); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Get certificate status from system store failed."); + + certList = certList->next; + } + + FREE_INSTANCE +} + +/* Intsalling an invalid crt file to valid store & invalid store*/ +RUNNER_TEST(CERTSVC_PKCS12_1024_certsvc_set_and_get_for_invalid_store) { + + const char path[] = "/usr/share/cert-svc/tests/Invalidcrt.crt"; + char* pass = NULL; + char *alias = "TestingCRT1"; + CertStoreType type; + int result; + + CREATE_INSTANCE + CertSvcString Alias, Path, Pass; + + Alias.privateHandler = alias; + Alias.privateLength = strlen(alias); + Pass.privateHandler = pass; + Path.privateHandler = (char *)path; + Path.privateLength = strlen(path); + + /* Installing an invalid CRT file to valid store should fail */ + type = WIFI_STORE; + result = certsvc_pkcs12_import_from_file_to_store(instance, type, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Importing CRT file to WIFI store failed."); + + /* Installing an invalid CRT file to valid store should fail */ + type = VPN_STORE; + result = certsvc_pkcs12_import_from_file_to_store(instance, type, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Importing CRT file to VPN store failed."); + + /* Installing an invalid CRT file to valid store should fail */ + type = EMAIL_STORE; + result = certsvc_pkcs12_import_from_file_to_store(instance, type, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Importing CRT file to EMAIL store failed."); + + /* Installing an invalid CRT file to valid store should fail */ + type = (CertStoreType) 0; + result = certsvc_pkcs12_import_from_file_to_store(instance, type, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Importing CRT file to EMAIL store failed."); + + FREE_INSTANCE +} + +/* Import a invalid P12 file to individual and all store */ +RUNNER_TEST(CERTSVC_PKCS12_1025_install_invalid_pfx_file_to_individual_and_all_store) { + + const char path[] = "/usr/share/cert-svc/tests/test.pfx"; + const char pass[] = "wifi"; + char *alias = "WifiServer-123"; + CertStoreType storeType; + int result; + + CREATE_INSTANCE + CertSvcString Alias, Path, Pass; + + Alias.privateHandler = (char *)alias; + Alias.privateLength = strlen(alias); + Pass.privateHandler = (char *)pass; + Pass.privateLength = strlen(pass); + Path.privateHandler = (char *)path; + Path.privateLength = strlen(path); + + /* importing p12/pfx to system store should fail */ + storeType = SYSTEM_STORE; + result = certsvc_pkcs12_import_from_file_to_store(instance, storeType, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Importing PFX file to WIFI store failed."); + + /* Importing invalid pfx file to valid store should fail */ + storeType = WIFI_STORE; + result = certsvc_pkcs12_import_from_file_to_store(instance, storeType, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Importing PFX file to WIFI store failed."); + + /* Importing invalid pfx file to valid store should fail */ + storeType = VPN_STORE; + result = certsvc_pkcs12_import_from_file_to_store(instance, storeType, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Importing PFX file to VPN store failed."); + + /* Importing invalid pfx file to valid store should fail */ + storeType = EMAIL_STORE; + result = certsvc_pkcs12_import_from_file_to_store(instance, storeType, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Importing PFX file to EMAIL store failed."); + + /* Importing invalid pfx file to valid store should fail */ + storeType = (CertStoreType) (EMAIL_STORE | VPN_STORE | WIFI_STORE); + result = certsvc_pkcs12_import_from_file_to_store(instance, storeType, Path, Pass, Alias); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Importing PFX file to EMAIL store failed."); + + FREE_INSTANCE +} + +/* Set the status of the certificate to disabled/enabled in wifi,vpn,email store */ +RUNNER_TEST(CERTSVC_PKCS12_1026_deleting_a_certificate_from_invalid_store) { + + CertStoreType storeType = (CertStoreType) (WIFI_STORE); + CertSvcStoreCertList* certList = NULL; + CertStatus Status; + int status = -1; + int length; + int result; + CertSvcString Alias; + + CREATE_INSTANCE + + /* Getting certificate list from invalid store should fail */ + result = certsvc_pkcs12_get_certificate_list_from_store(instance, storeType, DISABLED, &certList, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting certificate list from store failed."); + while(certList!=NULL) + { + Alias.privateHandler = certList->gname; + Alias.privateLength = strlen((const char*)certList->gname); + + result = certsvc_pkcs12_get_certificate_status_from_store(instance, (CertStoreType)-1, Alias, &status); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Get certificate status from system store failed."); + + Status=DISABLED; + result = certsvc_pkcs12_set_certificate_status_to_store(instance, (CertStoreType)-1, DISABLED, Alias, Status); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Set certificate status to system store failed."); + + result = certsvc_pkcs12_get_certificate_status_from_store(instance, (CertStoreType)-1, Alias, &status); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Get certificate status from system store failed."); + + Status=ENABLED; + result = certsvc_pkcs12_set_certificate_status_to_store(instance, (CertStoreType)-1, DISABLED, Alias, Status); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Set certificate status to system store failed."); + + result = certsvc_pkcs12_get_certificate_status_from_store(instance, (CertStoreType)-1, Alias, &status); + RUNNER_ASSERT_MSG(result!=CERTSVC_SUCCESS, "Get certificate status from system store failed."); + + certList = certList->next; + } + + FREE_INSTANCE +} + +#define EAP_TLS_USER_CERT_PATH "user_cert.pem" +#define EAP_TLS_PATH "/tmp/" +#define EAP_TLS_CA_CERT_PATH "ca_cert.pem" +#define EAP_TLS_PRIVATEKEY_PATH "privatekey.pem" + +/* Set the status of the certificate to disabled/enabled in wifi,vpn,email store */ +RUNNER_TEST(CERTSVC_PKCS12_1027_get_alias_name_from_gname_from_store) { + + CertStoreType storeType = (CertStoreType) (WIFI_STORE); + CertSvcStoreCertList* certList = NULL; + CertSvcCertificate user_certificate; + CertSvcCertificateList cert_list; + CertSvcCertificate ca_certificate; + CertSvcCertificate *selected_certificate = NULL; + int length; + int result; + int count=1; + int validity; + int cert_counts = 0; + CertSvcString Alias; + char *alias = NULL; + X509 *x509 = NULL; + FILE *fp = NULL; + EVP_PKEY *privatekey = NULL; + gchar *privatekey_path = NULL; + gchar *ca_cert_path = NULL; + gchar *user_cert_path = NULL; + int cert_index = 0; + + CREATE_INSTANCE + + /* Getting certificate list from invalid store should fail */ + result = certsvc_pkcs12_get_certificate_list_from_store(instance, storeType, DISABLED, &certList, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting certificate list from store failed."); + while(certList!=NULL) { + Alias.privateHandler = certList->gname; + Alias.privateLength = strlen((const char*)certList->gname); + + result = certsvc_pkcs12_get_alias_name_for_certificate_in_store(instance, certList->storeType, Alias, &alias); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting alias name from gname failed."); + + result = certsvc_pkcs12_load_certificate_list_from_store(instance, certList->storeType, Alias, &cert_list); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "failed to certsvc_pkcs12_load_certificate_list"); + + result = certsvc_certificate_list_get_length(cert_list, &cert_counts); + RUNNER_ASSERT_MSG(cert_counts >= 1, "there is no certificates"); + + selected_certificate = g_try_new0(CertSvcCertificate, cert_counts); + RUNNER_ASSERT_MSG(selected_certificate != NULL, "failed to allocate memory"); + + result = certsvc_certificate_list_get_one(cert_list, 0, &user_certificate); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "failed to certsvc_certificate_list_get_one"); + + result = certsvc_certificate_dup_x509(user_certificate, &x509); + + user_cert_path = g_strdup_printf("/usr/share/cert-svc/pkcs12/file_%d", count++); + fp = fopen(user_cert_path, "w"); + RUNNER_ASSERT_MSG(fp != NULL, "Failed to open the file for writing"); + + if (count==5) break; + + result = PEM_write_X509(fp, x509); + fclose(fp); + certsvc_certificate_free_x509(x509); + certList = certList->next; + + cert_index = cert_counts - 1; + selected_certificate[0] = user_certificate; + + ca_cert_path = g_strdup_printf("%s%s_%s", EAP_TLS_PATH, certList->gname, EAP_TLS_CA_CERT_PATH); + while (cert_index) { + result = certsvc_certificate_list_get_one(cert_list, cert_index, &ca_certificate); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Failed to certsvc_certificate_list_get_one"); + + selected_certificate[cert_counts-cert_index] = ca_certificate; + cert_index--; + + result = certsvc_certificate_dup_x509(ca_certificate, &x509); + + fp = fopen(ca_cert_path, "a"); + RUNNER_ASSERT_MSG(fp != NULL, "Failed to open the file for writing"); + + result = PEM_write_X509(fp, x509); + fclose(fp); + certsvc_certificate_free_x509(x509); + } + result = certsvc_certificate_verify(selected_certificate[0], selected_certificate, cert_counts, NULL, 0, &validity); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Failed to verify ca_certificate"); + RUNNER_ASSERT_MSG(validity != 0, "Invalid certificate"); + + result = certsvc_pkcs12_dup_evp_pkey_from_store(instance, WIFI_STORE, Alias, &privatekey); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Failed to duplicate the private key for a certificate from wifi store"); + + privatekey_path = g_strdup_printf("%s%s_%s", EAP_TLS_PATH, certList->gname, EAP_TLS_PRIVATEKEY_PATH); + + fp = fopen(privatekey_path, "w"); + RUNNER_ASSERT_MSG(fp != NULL, "Failed to open the file for writing"); + + result = PEM_write_PrivateKey(fp, privatekey, NULL, NULL, 0, NULL, NULL); + fclose(fp); + certsvc_pkcs12_free_evp_pkey(privatekey); + } + + FREE_INSTANCE +} + +/* Set the status of the certificate to disabled/enabled in wifi,vpn,email store */ +RUNNER_TEST(CERTSVC_PKCS12_1028_certsvc_set_cert_to_disabled_and_get_status_for_individual_store) { + + CertSvcStoreCertList* certList = NULL; + CertSvcStoreCertList* tmpNode = NULL; + int array[3]={VPN_STORE,WIFI_STORE,EMAIL_STORE}; + int result = CERTSVC_SUCCESS; + CertSvcString Alias; + CertStatus Status; + int status = -1; + int length = 0; + int count = 0; + int i; + + CREATE_INSTANCE + + for(int j=0;j<3;j++) + { + i = array[j]; + + result = certsvc_pkcs12_get_certificate_list_from_store(instance, (CertStoreType)i, ENABLED, &certList, &length); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Getting certificate list from store failed."); + tmpNode = certList; + while(certList!=NULL) + { + count++; + Alias.privateHandler = certList->gname; + Alias.privateLength = strlen((const char*)certList->gname); + + result = certsvc_pkcs12_get_certificate_status_from_store(instance, (CertStoreType)i, Alias, &status); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Get certificate status from store failed."); + + Status=DISABLED; + result = certsvc_pkcs12_set_certificate_status_to_store(instance, (CertStoreType)i, ENABLED, Alias, Status); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Set certificate status to store failed."); + + status = DISABLED; + result = certsvc_pkcs12_get_certificate_status_from_store(instance, (CertStoreType)i, Alias, &status); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Get certificate status from store failed."); + + Status=ENABLED; + result = certsvc_pkcs12_set_certificate_status_to_store(instance, (CertStoreType)i, ENABLED, Alias, Status); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Set certificate status to store failed."); + + status = DISABLED; + result = certsvc_pkcs12_get_certificate_status_from_store(instance, (CertStoreType)i, Alias, &status); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Get certificate status from store failed."); + + Status=DISABLED; + result = certsvc_pkcs12_set_certificate_status_to_store(instance, (CertStoreType)i, DISABLED, Alias, Status); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Set certificate status to store failed."); + + status = DISABLED; + result = certsvc_pkcs12_get_certificate_status_from_store(instance, (CertStoreType)i, Alias, &status); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Get certificate status from store failed."); + + Status=ENABLED; + result = certsvc_pkcs12_set_certificate_status_to_store(instance, (CertStoreType)i, DISABLED, Alias, Status); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Set certificate status to store failed."); + + status = DISABLED; + result = certsvc_pkcs12_get_certificate_status_from_store(instance, (CertStoreType)i, Alias, &status); + RUNNER_ASSERT_MSG(result==CERTSVC_SUCCESS, "Get certificate status from store failed."); + + certList = certList->next; + } + + certsvc_pkcs12_free_certificate_list_loaded_from_store(instance, &tmpNode); + } + + FREE_INSTANCE +} diff --git a/tests/pkcs12/pkcs12_test.cpp b/tests/pkcs12/pkcs12_test.cpp new file mode 100644 index 0000000..95debc4 --- /dev/null +++ b/tests/pkcs12/pkcs12_test.cpp @@ -0,0 +1,32 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file pkcs12_test.cpp + * @author Jacek Migacz (j.migacz@samsung.com) + * @version 1.0 + * @brief PKCS#12 test runner. + */ +#include <dpl/test/test_runner.h> +#include <cert-svc/ccert.h> + +CertSvcInstance vinstance; + +int main (int argc, char *argv[]) { + certsvc_instance_new(&vinstance); + int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv); + certsvc_instance_free(vinstance); + return status; +} diff --git a/tests/pkcs12/test.pfx b/tests/pkcs12/test.pfx new file mode 100644 index 0000000..35e2689 --- /dev/null +++ b/tests/pkcs12/test.pfx @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGCDCCA/CgAwIBAgIBATANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 +IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB +IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA +Y2FjZXJ0Lm9yZzAeFw0wNTEwMTQwNzM2NTVaFw0zMzAzMjgwNzM2NTVaMFQxFDAS +BgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5v +cmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCrSTURSHzSJn5TlM9Dqd0o10Iqi/OHeBlYfA+e2ol9 +4fvrcpANdKGWZKufoCSZc9riVXbHF3v1BKxGuMO+f2SNEGwk82GcwPKQ+lHm9WkB +Y8MPVuJKQs/iRIwlKKjFeQl9RrmK8+nzNCkIReQcn8uUBByBqBSzmGXEQ+xOgo0J +0b2qW42S0OzekMV/CsLj6+YxWl50PpczWejDAz1gM7/30W9HxM3uYoNSbi4ImqTZ +FRiRpoWSR7CuSOtttyHshRpocjWr//AQXcD0lKdq1TuSfkyQBX6TwSyLpI5idBVx +bgtxA+qvFTia1NIFcm+M+SvrWnIl+TlG43IbPgTDZCciECqKT1inA62+tC4T7V2q +SNfVfdQqe1z6RgRQ5MwOQluM7dvyz/yWk+DbETZUYjQ4jwxgmzuXVjit89Jbi6Bb +6k6WuHzX1aCGcEDTkSm3ojyt9Yy7zxqSiuQ0e8DYbF/pCsLDpyCaWt8sXVJcukfV +m+8kKHA4IC/VfynAskEDaJLM4JzMl0tF7zoQCqtwOpiVcK01seqFK6QcgCExqa5g +eoAmSAC4AcCTY1UikTxW56/bOiXzjzFU6iaLgVn5odFTEcV7nQP2dBHgbbEsPyyG +kZlxmqZ3izRg0RS0LKydr4wQ05/EavhvE/xzWfdmQnQeiuP43NJvmJzLR5iVQAX7 +6QIDAQABo4G/MIG8MA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUHAQEEUTBPMCMG +CCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggrBgEFBQcwAoYc +aHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBBMD8GCCsGAQQB +gZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5w +aHA/aWQ9MTAwDQYJKoZIhvcNAQEEBQADggIBAH8IiKHaGlBJ2on7oQhy84r3HsQ6 +tHlbIDCxRd7CXdNlafHCXVRUPIVfuXtCkcKZ/RtRm6tGpaEQU55tiKxzbiwzpvD0 +nuB1wT6IRanhZkP+VlrRekF490DaSjrxC1uluxYG5sLnk7mFTZdPsR44Q4Dvmw2M +77inYACHV30eRBzLI++bPJmdr7UpHEV5FpZNJ23xHGzDwlVks7wU4vOkHx4y/CcV +Bc/dLq4+gmF78CEQGPZE6lM5+dzQmiDgxrvgu1pPxJnIB721vaLbLmINQjRBvP+L +ivVRIqqIMADisNS8vmW61QNXeZvo3MhN+FDtkaVSKKKs+zZYPumUK5FQhxvWXtaM +zPcPEAxSTtAWYeXlCmy/F8dyRlecmPVsYGN6b165Ti/Iubm7aoW8mA3t+T6XhDSU +rgCvoeXnkm5OvfPi2RSLXNLrAWygF6UtEOucekq9ve7O/e0iQKtwOIj1CodqwqsF +YMlIBdpTwd5Ed2qz8zw87YC8pjhKKSRf/lk7myV6VmMAZLldpGJ9VzZPrYPvH5JT +oI53V93lYRE9IwCQTDz6o2CTBKOvNfYOao9PSmCnhQVsRqGP9Md246FZV/dxssRu +FFxtbUFm3xuTsdQAw+7Lzzw9IYCpX2Nl/N3gX6T0K/CFcUHUZyX7GrGXrtaZghNB +0m6lG5kngOcLqagA +-----END CERTIFICATE----- diff --git a/tests/pkcs12/wifi-server.pem b/tests/pkcs12/wifi-server.pem new file mode 100644 index 0000000..d960df3 --- /dev/null +++ b/tests/pkcs12/wifi-server.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC0DCCAjmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMCS1Ix +FDASBgNVBAgTC0t5dW5nLWdpIGRvMRIwEAYDVQQHEwlTdS13b24gc2kxEDAOBgNV +BAoTB1NhbXN1bmcxDDAKBgNVBAsTA0RNQzEQMA4GA1UEAxMHQ0EgY2VydDEdMBsG +CSqGSIb3DQEJARYOY2FAc2Ftc3VuZy5jb20wHhcNMTEwNDAxMDgyNDAyWhcNMTIw +MzMxMDgyNDAyWjBWMQswCQYDVQQGEwJLUjEUMBIGA1UECBMLS3l1bmctZ2kgZG8x +EDAOBgNVBAoTB1NhbXN1bmcxDDAKBgNVBAsTA0RNQzERMA8GA1UEAxMIdGVzdHRl +c3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOP+k1tVoVt6Sbvv/y41PP/2 +abO0S3EJW2p/twZ164Dzd7g21r63zUkBfD3pET0x2IL1N48QlTYwDj7bmzRH+i1v +7Jxk4w6Op7Oho0mPjJ+Plvjfz5LCuwOOupw5V6TpZ2FtGaFcNWIK20BaLuZOyDAl +m0HXGbfkuESZ9dayHvEtAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgEN +BB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQ6leM2 +NG1RdqMk7cmJ1IVi2Zjk+DAfBgNVHSMEGDAWgBTNauriVKaL7CMpmNmXIOmNU7GR +hTANBgkqhkiG9w0BAQUFAAOBgQCU+c0daLk+AHvSOetVRVFkkY3VMnWw7RURD8CU +FDkb+Kz6huYlvh9pfkGn7HmxjUARJ6UpxokZ69toOv1UB0Ix4kyT3CCvf0EcnrjG +1fAYrROOhNYlntSTDcgwB2VzXSZ9WEAOBj/B+/nGb7gkkAmf++4FKTMQLZvg5gQr +700V7Q== +-----END CERTIFICATE----- diff --git a/tests/pkcs12/wifiserver.pfx b/tests/pkcs12/wifiserver.pfx Binary files differnew file mode 100644 index 0000000..18cb6d2 --- /dev/null +++ b/tests/pkcs12/wifiserver.pfx diff --git a/tests/pkcs12/wifiuser.p12 b/tests/pkcs12/wifiuser.p12 Binary files differnew file mode 100644 index 0000000..b7d56db --- /dev/null +++ b/tests/pkcs12/wifiuser.p12 diff --git a/tests/pkcs12/without_pass.p12 b/tests/pkcs12/without_pass.p12 Binary files differnew file mode 100644 index 0000000..4b58ba9 --- /dev/null +++ b/tests/pkcs12/without_pass.p12 diff --git a/tests/vcore/CMakeLists.txt b/tests/vcore/CMakeLists.txt new file mode 100644 index 0000000..53160db --- /dev/null +++ b/tests/vcore/CMakeLists.txt @@ -0,0 +1,196 @@ +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) +# @author Pawel Sikorski (p.sikorski@samsung.com) +# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) +# @version 1.0 +# @brief +# + +SET(VCORE_TESTS_SOURCES + ${PROJECT_SOURCE_DIR}/tests/vcore/vcore_tests.cpp + ${PROJECT_SOURCE_DIR}/tests/vcore/TestCases.cpp + ${PROJECT_SOURCE_DIR}/tests/vcore/TestEnv.cpp + ) + +INCLUDE_DIRECTORIES( + ${PROJECT_SOURCE_DIR}/vcore/src + ${PROJECT_SOURCE_DIR}/tests/vcore + ) + +ADD_EXECUTABLE(${TARGET_VCORE_TEST} ${VCORE_TESTS_SOURCES}) +TARGET_LINK_LIBRARIES(${TARGET_VCORE_TEST} + ${SYS_EFL_LIBRARIES} + ${TARGET_VCORE_LIB} + ${VCORE_TEST_DEP_LIBRARIES} + -ldl + ) + +INSTALL(TARGETS ${TARGET_VCORE_TEST} + DESTINATION ${TZ_SYS_BIN} + PERMISSIONS OWNER_READ + OWNER_WRITE + OWNER_EXECUTE + GROUP_READ + GROUP_EXECUTE + WORLD_READ + WORLD_EXECUTE + ) + +IF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) +INSTALL(FILES ${PROJECT_SOURCE_DIR}/tests/vcore/cert-svc-tests-vcore-ocsp-server.sh + DESTINATION ${TZ_SYS_BIN} + PERMISSIONS OWNER_READ + OWNER_WRITE + OWNER_EXECUTE + GROUP_READ + GROUP_EXECUTE + WORLD_READ + WORLD_EXECUTE + ) +ENDIF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) + +ADD_CUSTOM_COMMAND(TARGET ${TARGET_VCORE_TEST} POST_BUILD + COMMAND ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/create_certs.sh + WORKING_DIRECTORY ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/ + COMMENT "Generate certificate chains" + ) + +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget/author-signature.xml + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget/signature1.xml + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget/signature22.xml + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget/config.xml + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget/index.html + DESTINATION + ${TZ_SYS_RO_APP}/widget/tests/vcore_widget_uncompressed + ) + +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_hash/author-signature.xml + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_hash/signature1.xml + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_hash/signature22.xml + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_hash/config.xml + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_hash/index.html + DESTINATION + ${TZ_SYS_RO_APP}/widget/tests/vcore_widget_uncompressed_negative_hash + ) + +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_signature/author-signature.xml + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_signature/signature1.xml + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_signature/signature22.xml + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_signature/config.xml + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_signature/index.html + DESTINATION + ${TZ_SYS_RO_APP}/widget/tests/vcore_widget_uncompressed_negative_signature + ) + +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_certificate/author-signature.xml + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_certificate/signature1.xml + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_certificate/config.xml + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_negative_certificate/index.html + DESTINATION + ${TZ_SYS_RO_APP}/widget/tests/vcore_widget_uncompressed_negative_certificate + ) + +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner/author-signature.xml + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner/signature1.xml + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner/config.xml + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner/index.html + DESTINATION + ${TZ_SYS_RO_APP}/widget/tests/vcore_widget_uncompressed_partner + ) + +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner_operator/author-signature.xml + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner_operator/signature1.xml + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner_operator/config.xml + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/widget_partner_operator/index.html + DESTINATION + ${TZ_SYS_RO_APP}/widget/tests/vcore_widget_uncompressed_partner_operator + ) + +INSTALL(FILES + "${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/reference/encoding test.empty" + DESTINATION + ${TZ_SYS_RO_APP}/widget/tests/reference + ) + +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/operator.root.cert.pem + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/root_cacert0.pem + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/CAbundle.crt + DESTINATION + ${TZ_SYS_RO_APP}/widget/tests/vcore_keys + ) + +IF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/ocsp_level0deprecated.crt + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/ocsp_level1.crt + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/ocsp_level2.crt + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/ocsp_rootca.crt + DESTINATION + ${TZ_SYS_RO_APP}/widget/tests/vcore_keys + ) +ENDIF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) + +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/config/fin_list.xml + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/config/fin_list.xsd + DESTINATION + ${TZ_SYS_RO_APP}/widget/tests/vcore_config/ +) + +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/tests/vcore/test-cases/keys/root_cacert0.pem + DESTINATION + ${TZ_SYS_SHARE}/ca-certificates/wac/ + ) + +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/demoCA/cacert.pem + ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/1second_level.pem + ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/1third_level.pem + ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/2second_level.pem + ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/2third_level.pem + ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/3second_level.pem + ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/3third_level.pem + ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/respcert.pem + ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/respcert.key + ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/openssl.cnf + DESTINATION + ${TZ_SYS_RO_APP}/widget/tests/vcore_certs/ +) + +IF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/cacrl1.pem + ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/cacrl2.pem + DESTINATION + ${TZ_SYS_RO_APP}/widget/tests/vcore_certs/ + ) +ENDIF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) + +INSTALL(DIRECTORY + ${PROJECT_SOURCE_DIR}/tests/vcore/certificate-generator/demoCA + DESTINATION + ${TZ_SYS_RO_APP}/widget/tests/vcore_certs/ +) + diff --git a/tests/vcore/TestCRL.cpp b/tests/vcore/TestCRL.cpp new file mode 100644 index 0000000..6d76978 --- /dev/null +++ b/tests/vcore/TestCRL.cpp @@ -0,0 +1,95 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include <algorithm> +#include <cstring> +#include <openssl/x509v3.h> +#include <file_input_mapping.h> +#include <dpl/log/log.h> +#include "TestCRL.h" + +using namespace ValidationCore; +using namespace std; + + +namespace { +const char *CRL_LOOKUP_DIR = "/opt/etc/ssl/certs/"; +const char *beginCertificate = "-----BEGIN CERTIFICATE-----"; +const char *endCertificate = "-----END CERTIFICATE-----"; +const char *beginTrustedCertificate = "-----BEGIN TRUSTED CERTIFICATE-----"; +const char *endTrustedCertificate = "-----END TRUSTED CERTIFICATE-----"; + + +bool whiteCharacter(char a){ + return a == '\n'; +} + +} + +TestCRL::TestCRL() + : CRLImpl (new CRLCacheDAO) +{ + //Add additional lookup dir + int rv = X509_LOOKUP_add_dir(m_lookup, CRL_LOOKUP_DIR, X509_FILETYPE_PEM); + if (!rv) { + LogError("Failed to add lookup dir for PEM files."); + ThrowMsg(CRLException::StorageError, + "Failed to add lookup dir for PEM files."); + } + LogInfo("CRL storage initialization complete."); +} + +std::string TestCRL::getFileContent(const std::string &filename) +{ + //Only PEM formatted files allowed + LogInfo("Read file: " << filename); + FileInputMapping file(filename); + string content(reinterpret_cast<const char*>(file.GetAddress()), + file.GetSize()); + + size_t posBegin = content.find(beginCertificate); + size_t posEnd = content.find(endCertificate); + if (posBegin != string::npos && + posEnd != string::npos) { + posBegin += strlen(beginCertificate); + } else { + posBegin = content.find(beginTrustedCertificate); + posEnd = content.find(endTrustedCertificate); + if (posBegin != string::npos && + posEnd != string::npos) { + posBegin += strlen(beginTrustedCertificate); + } else { + LogError("Failed to parse PEM file"); + return string(); + } + } + //Remove whitespaces + string cert(content, posBegin, posEnd - posBegin); + cert.erase(std::remove_if(cert.begin(), cert.end(), whiteCharacter), + cert.end()); + + return cert; +} + +void TestCRL::addCRLToStore(const string &filename, const string &uri) +{ + LogInfo("Read file: " << filename); + //Only PEM formatted files allowed + FileInputMapping file(filename); + char *buffer = new char[file.GetSize()]; + memcpy(buffer, file.GetAddress(), file.GetSize()); + CRLDataPtr crl(new CRLData(buffer, file.GetSize(), uri)); + updateCRL(crl); +} diff --git a/tests/vcore/TestCRL.h b/tests/vcore/TestCRL.h new file mode 100644 index 0000000..9fd910b --- /dev/null +++ b/tests/vcore/TestCRL.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef _TEST_CRL_H +#define _TEST_CRL_H + +#include <string> +#include <vcore/CRLImpl.h> +#include <vcore/CRLCacheDAO.h> + +class TestCRL : public ValidationCore::CRLImpl +{ + public: + TestCRL(); + + void addCRLToStore(const std::string &filename, const std::string &uri); + + //convinient function + std::string getFileContent(const std::string &filename); +}; + +#endif diff --git a/tests/vcore/TestCases.cpp b/tests/vcore/TestCases.cpp new file mode 100644 index 0000000..bba411d --- /dev/null +++ b/tests/vcore/TestCases.cpp @@ -0,0 +1,1995 @@ +/* + * + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include <string> + + +#include <dpl/test/test_runner.h> +#include <vcore/CryptoHash.h> +#include <vcore/SignatureFinder.h> +#include <vcore/SignatureReader.h> +#include <vcore/SignatureValidator.h> +#include <vcore/WrtSignatureValidator.h> +#include "TestEnv.h" +#include <vcore/RevocationCheckerBase.h> + +#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL +#include <vcore/OCSP.h> +#include <vcore/CachedOCSP.h> +#include <vcore/SSLContainers.h> +#include <vcore/CRL.h> +#include <vcore/CachedCRL.h> +#include <vcore/CertificateCacheDAO.h> +#endif + +namespace { + +const std::string widget_path = + "/usr/apps/widget/tests/vcore_widget_uncompressed/"; +const std::string widget_negative_hash_path = + "/usr/apps/widget/tests/vcore_widget_uncompressed_negative_hash/"; +const std::string widget_negative_signature_path = + "/usr/apps/widget/tests/vcore_widget_uncompressed_negative_signature/"; +const std::string widget_negative_certificate_path = + "/usr/apps/widget/tests/vcore_widget_uncompressed_negative_certificate/"; +const std::string widget_partner_path = + "/usr/apps/widget/tests/vcore_widget_uncompressed_partner/"; +const std::string widget_partner_operator_path = + "/usr/apps/widget/tests/vcore_widget_uncompressed_partner_operator/"; + +inline const char* GetSignatureXmlSchema() +{ + return "/usr/share/wrt-engine/schema.xsd"; +} + + +const std::string keys_path = "/usr/apps/widget/tests/vcore_keys/"; +const std::string widget_store_path = "/usr/apps/widget/tests/vcore_widgets/"; +const std::string cert_store_path = "/usr/apps/widget/tests/vcore_certs/"; +#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL +const std::string crl_URI = "http://localhost/my.crl"; +#endif + +const std::string anka_ec_key_type = "urn:oid:1.2.840.10045.3.1.7"; +const std::string anka_ec_public_key = + "BGi9RmTUjpqCpQjx6SSiKdfmtjQBFNSN7ghm6TuaH9r4x73WddeLxLioH3VEmFLC+QLiR"\ + "kPxDxL/6YmQdgfGrqk="; + +const std::string rsa_modulus = + "ocwjKEFaPxLNcPTz2PtT2Gyu5jzkWaPo4thjZo3rXuNbD4TzjY02UGnTxvflNeORLpSS1"\ + "PeYr/1E/Nhr7qQAzj9g0DwW7p8zQEdOUi3v76VykeB0pFJH+0Fxp6LVBX9Z+EvZk+dbOy"\ + "GJ4Njm9B6M09axXlV11Anj9B/HYUDfDX8="; +const std::string rsa_exponent = "AQAB"; + +const std::string magda_dsa_p = + "2BYIQj0ePUVxzrdBT41eCblraa9Dqag7QXFMCRM2PtyS22JPDKuV77tBc/jg0V3htHWdR"\ + "q9n6/kQDwrP7FIPoLATLIiC3oAYWj46Mr6d9k/tt/JZU6PvULmB2k1wrrmvKUi+U+I5Ro"\ + "qe8ui8lqR9pp9u2WCh2QmFfCohKNjN5qs="; +const std::string magda_dsa_q = "4p4JcDqz+S7CbWyd8txApZw0sik="; +const std::string magda_dsa_g = + "AQrLND1ZGFvzwBpPPXplmPh1ijPx1O2gQEvPvyjR88guWcGqQc0m7dTb6PEvbI/oZ0o91"\ + "k7VEkfthURnNR1WtOLT8dmAuKQfwTQLPwCwUM/QiuWSlCyKLTE4Ev8aOG7ZqWudsKm/td"\ + "n9pUNGtcod1wo1ZtP7PfEJ6rYZGQDOlz8="; + +const std::string tizen_partner = +"MIICozCCAgwCCQD9IBoOxzq2hjANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC" +"S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6" +"ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEq" +"MCgGA1UEAwwhVGl6ZW4gUGFydG5lciBEaXN0cmlidXRvciBSb290IENBMB4XDTEy" +"MTAyNjA4MTIzMVoXDTIyMTAyNDA4MTIzMVowgZUxCzAJBgNVBAYTAktSMQ4wDAYD" +"VQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3Qg" +"Q0ExIjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0ExKjAoBgNVBAMM" +"IVRpemVuIFBhcnRuZXIgRGlzdHJpYnV0b3IgUm9vdCBDQTCBnzANBgkqhkiG9w0B" +"AQEFAAOBjQAwgYkCgYEAnIBA2qQEaMzGalP0kzvwUxdCC6ybSC/fb+M9iGvt8QXp" +"ic2yARQB+bIhfbEu1XHwE1jCAGxKd6uT91b4FWr04YwnBPoRX4rBGIYlqo/dg+pS" +"rGyFjy7vfr0BOdWp2+WPlTe7SOS6bVauncrSoHxX0spiLaU5LU686BKr7YaABV0C" +"AwEAATANBgkqhkiG9w0BAQUFAAOBgQAX0Tcfmxcs1TUPBdr1U1dx/W/6Y4PcAF7n" +"DnMrR0ZNRPgeSCiVLax1bkHxcvW74WchdKIb24ZtAsFwyrsmUCRV842YHdfddjo6" +"xgUu7B8n7hQeV3EADh6ft/lE8nalzAl9tALTxAmLtYvEYA7thvDoKi1k7bN48izL" +"gS9G4WEAUg=="; + +const std::string tizen_partner_operator = +"MIICzDCCAjWgAwIBAgIJAJrv22F9wyp/MA0GCSqGSIb3DQEBBQUAMIGeMQswCQYD" +"VQQGEwJLUjEOMAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQK" +"DA1UaXplbiBUZXN0IENBMSIwIAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0" +"IENBMTMwMQYDVQQDDCpUaXplbiBQYXJ0bmVyLU9wZXJhdG9yIERpc3RyaWJ1dG9y" +"IFJvb3QgQ0EwHhcNMTIxMjEzMDUzOTMyWhcNMjIxMjExMDUzOTMyWjCBnjELMAkG" +"A1UEBhMCS1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UE" +"CgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVz" +"dCBDQTEzMDEGA1UEAwwqVGl6ZW4gUGFydG5lci1PcGVyYXRvciBEaXN0cmlidXRv" +"ciBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9X0Hw0EfAuagg" +"De9h6Jtvh8Df4fyVbvLm9VNea/iVP3/qTbG8tNqoQ32lu0SwzAZBnjpvpbxzsWs9" +"pSYo7Ys1fymHlu+gf+kmTGTVscBrAHWkr4O0m33x2FYfy/wmu+IImnRDYDud83rN" +"tjQmMO6BihN9Lb6kLiEtVIa8ITwdQwIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G" +"CSqGSIb3DQEBBQUAA4GBAHS2M2UnfEsZf80/sT84xTcfASXgpFL/1M5HiAVpR+1O" +"UwLpLyqHiGQaASuADDeGEfcIqEf8gP1SzvnAZqLx9GchbOrOKRleooVFH7PRxFBS" +"VWJ5Fq46dJ1mCgTWSkrL6dN5j9hWCzzGfv0Wco+NAf61n9kVbCv7AScIJwQNltOy"; + +const std::string googleCA = +"MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG" +"A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz" +"cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2" +"MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV" +"BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt" +"YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN" +"ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE" +"BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is" +"I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G" +"CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do" +"lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc" +"AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k"; + +const std::string google2nd = +"MIIDIzCCAoygAwIBAgIEMAAAAjANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJV" +"UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDMgUHVi" +"bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNTEzMDAw" +"MDAwWhcNMTQwNTEyMjM1OTU5WjBMMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh" +"d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBD" +"QTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1NNn0I0Vf67NMf59HZGhPwtx" +"PKzMyGT7Y/wySweUvW+Aui/hBJPAM/wJMyPpC3QrccQDxtLN4i/1CWPN/0ilAL/g" +"5/OIty0y3pg25gqtAHvEZEo7hHUD8nCSfQ5i9SGraTaEMXWQ+L/HbIgbBpV8yeWo" +"3nWhLHpo39XKHIdYYBkCAwEAAaOB/jCB+zASBgNVHRMBAf8ECDAGAQH/AgEAMAsG" +"A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwKAYDVR0RBCEwH6QdMBsxGTAX" +"BgNVBAMTEFByaXZhdGVMYWJlbDMtMTUwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDov" +"L2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsG" +"AQUFBzABhhZodHRwOi8vb2NzcC50aGF3dGUuY29tMDQGA1UdJQQtMCsGCCsGAQUF" +"BwMBBggrBgEFBQcDAgYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEB" +"BQUAA4GBAFWsY+reod3SkF+fC852vhNRj5PZBSvIG3dLrWlQoe7e3P3bB+noOZTc" +"q3J5Lwa/q4FwxKjt6lM07e8eU9kGx1Yr0Vz00YqOtCuxN5BICEIlxT6Ky3/rbwTR" +"bcV0oveifHtgPHfNDs5IAn8BL7abN+AqKjbc1YXWrOU/VG+WHgWv"; + +const std::string google3rd = +"MIIDIjCCAougAwIBAgIQK59+5colpiUUIEeCdTqbuTANBgkqhkiG9w0BAQUFADBM" +"MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg" +"THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x" +"MzA5MzAyMzU5NTlaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh" +"MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRgw" +"FgYDVQQDFA9tYWlsLmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ" +"AoGBAK85FZho5JL+T0/xu/8NLrD+Jaq9aARnJ+psQ0ynbcvIj36B7ocmJRASVDOe" +"qj2bj46Ss0sB4/lKKcMP/ay300yXKT9pVc9wgwSvLgRudNYPFwn+niAkJOPHaJys" +"Eb2S5LIbCfICMrtVGy0WXzASI+JMSo3C2j/huL/3OrGGvvDFAgMBAAGjgecwgeQw" +"DAYDVR0TAQH/BAIwADA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3JsLnRoYXd0" +"ZS5jb20vVGhhd3RlU0dDQ0EuY3JsMCgGA1UdJQQhMB8GCCsGAQUFBwMBBggrBgEF" +"BQcDAgYJYIZIAYb4QgQBMHIGCCsGAQUFBwEBBGYwZDAiBggrBgEFBQcwAYYWaHR0" +"cDovL29jc3AudGhhd3RlLmNvbTA+BggrBgEFBQcwAoYyaHR0cDovL3d3dy50aGF3" +"dGUuY29tL3JlcG9zaXRvcnkvVGhhd3RlX1NHQ19DQS5jcnQwDQYJKoZIhvcNAQEF" +"BQADgYEANYARzVI+hCn7wSjhIOUCj19xZVgdYnJXPOZeJWHTy60i+NiBpOf0rnzZ" +"wW2qkw1iB5/yZ0eZNDNPPQJ09IHWOAgh6OKh+gVBnJzJ+fPIo+4NpddQVF4vfXm3" +"fgp8tuIsqK7+lNfNFjBxBKqeecPStiSnJavwSI4vw6e7UN0Pz7A="; + +const std::string certVerisign = +"MIIG+DCCBeCgAwIBAgIQU9K++SSnJF6DygHkbKokdzANBgkqhkiG9w0BAQUFADCB" +"vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL" +"ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug" +"YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv" +"VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew" +"HhcNMTAwNTI2MDAwMDAwWhcNMTIwNTI1MjM1OTU5WjCCASkxEzARBgsrBgEEAYI3" +"PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVsYXdhcmUxGzAZBgNVBA8TElYx" +"LjAsIENsYXVzZSA1LihiKTEQMA4GA1UEBRMHMjQ5Nzg4NjELMAkGA1UEBhMCVVMx" +"DjAMBgNVBBEUBTk0MDQzMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHFA1N" +"b3VudGFpbiBWaWV3MSIwIAYDVQQJFBk0ODcgRWFzdCBNaWRkbGVmaWVsZCBSb2Fk" +"MRcwFQYDVQQKFA5WZXJpU2lnbiwgSW5jLjEmMCQGA1UECxQdIFByb2R1Y3Rpb24g" +"U2VjdXJpdHkgU2VydmljZXMxGTAXBgNVBAMUEHd3dy52ZXJpc2lnbi5jb20wggEi" +"MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj+PvvK+fZOXwno0yT/OTy2Zm9" +"ehnZjTtO/X2IWBEa3jG30C52uHFQI4NmXiQVNvJHkBaAj0ilVjvGdxXmkyyFsugt" +"IWOTZ8pSKdX1tmGFIon6Ko9+lBFkVkudA1ogAUbtTB8IcdeOlpK78T4SjdVMhY18" +"150YzSw6hRKlw52wBaDxtGZElvOth41K7TUcaDnQVzz5SBPW5MUhi7AWrdoSk17O" +"BozOzmB/jkYDVDnwLcbR89SLHEOle/idSYSDQUmab3y0JS8RyQV1+DB70mnFALnD" +"fLiL47nMQQCGxXgp5voQ2YmSXhevKmEJ9vvtC6C7yv2W6yomfS/weUEce9pvAgMB" +"AAGjggKCMIICfjCBiwYDVR0RBIGDMIGAghB3d3cudmVyaXNpZ24uY29tggx2ZXJp" +"c2lnbi5jb22CEHd3dy52ZXJpc2lnbi5uZXSCDHZlcmlzaWduLm5ldIIRd3d3LnZl" +"cmlzaWduLm1vYmmCDXZlcmlzaWduLm1vYmmCD3d3dy52ZXJpc2lnbi5ldYILdmVy" +"aXNpZ24uZXUwCQYDVR0TBAIwADAdBgNVHQ4EFgQU8oBwK/WBXCZDWi0dbuDgPyTK" +"iJIwCwYDVR0PBAQDAgWgMD4GA1UdHwQ3MDUwM6AxoC+GLWh0dHA6Ly9FVkludGwt" +"Y3JsLnZlcmlzaWduLmNvbS9FVkludGwyMDA2LmNybDBEBgNVHSAEPTA7MDkGC2CG" +"SAGG+EUBBxcGMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNv" +"bS9ycGEwKAYDVR0lBCEwHwYIKwYBBQUHAwEGCCsGAQUFBwMCBglghkgBhvhCBAEw" +"HwYDVR0jBBgwFoAUTkPIHXbvN1N6T/JYb5TzOOLVvd8wdgYIKwYBBQUHAQEEajBo" +"MCsGCCsGAQUFBzABhh9odHRwOi8vRVZJbnRsLW9jc3AudmVyaXNpZ24uY29tMDkG" +"CCsGAQUFBzAChi1odHRwOi8vRVZJbnRsLWFpYS52ZXJpc2lnbi5jb20vRVZJbnRs" +"MjAwNi5jZXIwbgYIKwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJaW1hZ2UvZ2lmMCEw" +"HzAHBgUrDgMCGgQUS2u5KJYGDLvQUjibKaxLB4shBRgwJhYkaHR0cDovL2xvZ28u" +"dmVyaXNpZ24uY29tL3ZzbG9nbzEuZ2lmMA0GCSqGSIb3DQEBBQUAA4IBAQB9VZxB" +"wDMRGyhFWYkY5rwUVGuDJiGeas2xRJC0G4+riQ7IN7pz2a2BhktmZ5HbxXL4ZEY4" +"yMN68DEVErhtKiuL02ng27alhlngadKQzSL8pLdmQ+3jEwm9nva5C/7pbeqy+qGF" +"is4IWNYOc4HKNkABxXm5v0ouys8HPNkTLFLep0gLqRXW3gYN2XbKUWMs7z7hJpkY" +"GxP8YQSxi513O2dWVCXB8S6erIz9E/bcfdXoCPyQdn42y3IEoJvPvBS3S55fD4+Q" +"Q43GPhumSg9a6S3hnyw8DX5OiUGmqgQrtSeDRsNmWqtWizEQbe+fotZpEn/7zYTa" +"tk1ni/k5jDH/QeuG"; + +const std::string crlExampleCertificate = +"MIIFlDCCBHygAwIBAgIBADANBgkqhkiG9w0BAQUFADBDMRIwEAYKCZImiZPyLGQB" +"GRYCZXMxGDAWBgoJkiaJk/IsZAEZFghpcmlzZ3JpZDETMBEGA1UEAxMKSVJJU0dy" +"aWRDQTAeFw0wNTA2MjgwNTAyMjhaFw0xNTA2MjYwNTAyMjhaMEMxEjAQBgoJkiaJ" +"k/IsZAEZFgJlczEYMBYGCgmSJomT8ixkARkWCGlyaXNncmlkMRMwEQYDVQQDEwpJ" +"UklTR3JpZENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CQiWlff" +"ajoMSTuismKqLQ+Mt33Tq4bBpCZvCBXhqan1R0ksILPtK1L7C8QWqPk6AZZpuNmY" +"cNVtJGc8ksgDWvX0EB3GKwZTZ8RrSRlSEe9Otq+Ur7S9uxM1JMmCr6zZTMFANzBS" +"4btnduV78C09IhFYG4OW8IPhNrbfPaeOR+PRPAa/qdSONAwTrM1sZkIvGpAkBWM6" +"Pn7TK9BAK6GLvwgii780fWj3Cwgmp8EDCTievBbWj+z8/apMEy9R0vyB2dWNNCnk" +"6q8VvrjgMsJt33O3BqOoBuZ8R/SS9OFWLFSU3s7cfrRaUSJk/Mx8OGFizRkcXSzX" +"0Nidcg7hX5i78wIDAQABo4ICkTCCAo0wDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E" +"FgQUnUJkLlupXvH/bMg8NtPxtkOYrRowawYDVR0jBGQwYoAUnUJkLlupXvH/bMg8" +"NtPxtkOYrRqhR6RFMEMxEjAQBgoJkiaJk/IsZAEZFgJlczEYMBYGCgmSJomT8ixk" +"ARkWCGlyaXNncmlkMRMwEQYDVQQDEwpJUklTR3JpZENBggEAMA4GA1UdDwEB/wQE" +"AwIBxjARBglghkgBhvhCAQEEBAMCAAcwOwYJYIZIAYb4QgENBC4WLElSSVNHcmlk" +"IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IENlcnRpZmljYXRlMIGZBgNVHR8EgZEw" +"gY4wLqAsoCqGKGh0dHA6Ly93d3cuaXJpc2dyaWQuZXMvcGtpL2NybC9jYWNybC5w" +"ZW0wXKBaoFiGVmxkYXA6Ly9sZGFwLmlyaXNncmlkLmVzOjEzODAvY249SVJJU0dy" +"aWRDQSxkYz1pcmlzZ3JpZCxkYz1lcz9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0" +"MDcGCWCGSAGG+EIBAwQqFihodHRwOi8vd3d3LmlyaXNncmlkLmVzL3BraS9jcmwv" +"Y2FjcmwucGVtME4GCWCGSAGG+EIBCARBFj9odHRwOi8vd3d3LmlyaXNncmlkLmVz" +"L3BraS9wb2xpY3kvMS4zLjYuMS40LjEuNzU0Ny4yLjIuNC4xLjEuMS8waQYDVR0g" +"BGIwYDBeBg0rBgEEAbp7AgIEAQEBME0wSwYIKwYBBQUHAgEWP2h0dHA6Ly93d3cu" +"aXJpc2dyaWQuZXMvcGtpL3BvbGljeS8xLjMuNi4xLjQuMS43NTQ3LjIuMi40LjEu" +"MS4xLzANBgkqhkiG9w0BAQUFAAOCAQEAaqRfyLER+P2QOZLLdz66m7FGsgtFsAEx" +"wiNrIChFWfyHVZG7Ph1fn/GDD5LMsrU23lx3NBN5/feHuut1XNYKNs8vtV07D70r" +"DKjUlPbmWV0B+/GDxe1FDGop/tKQfyHSUaBuauXChFU/2INu5lhBerNl7QxNJ1ws" +"cWGiT7R+L/2EjgzWgH1V/0zmIOMep6kY7MUs8rlyF0O5MNFs232cA1trl9kvhAGU" +"9p58Enf5DWMrh17SPH586yIJeiWZtPez9G54ftY+XIqfn0X0zso0dnoXNJQYS043" +"/5vSnoHdRx/EmN8yjeEavZtC48moN0iJ38eB44uKgCD77rZW5s1XqA=="; + +//class TestCleanup +//{ +// public: +// explicit TestCleanup(bool bCheckForFakeVerification = false) +// { +// if (bCheckForFakeVerification) { +// bool bUnsetEnvVar = true; +// +// m_strEnvVar = "CHECK_ONLY_DOMAIN_INSTEAD_OF_VALIDATION"; +// if (getenv(m_strEnvVar.c_str()) != NULL) { +// bUnsetEnvVar = false; +// } else { +// setenv(m_strEnvVar.c_str(), "1", 0); +// } +// } +// } +// +// ~TestCleanup() +// { +// if (!m_strRootCAPath.empty()) { +// removeCertGivenByFilename(m_strRootCAPath.c_str()); +// } +// +// if (!m_strEnvVar.empty()) { +// unsetenv(m_strEnvVar.c_str()); +// } +// } +// +// void setRootCAPath(const std::string& strRootCAPath) +// { +// m_strRootCAPath = strRootCAPath; +// } +// +// private: +// std::string m_strRootCAPath; +// std::string m_strEnvVar; +//}; +// +//class PolicyChanger : public VcoreDPL::Event::EventListener<AceUpdateResponseEvent> +//{ +// public: +// PolicyChanger() +// { +// VcoreDPL::Event::EventDeliverySystem::AddListener<AceUpdateResponseEvent>(this); +// } +// +// ~PolicyChanger() +// { +// VcoreDPL::Event::EventDeliverySystem::RemoveListener<AceUpdateResponseEvent>(this); +// } +// +// void OnEventReceived(const AceUpdateResponseEvent& event) +// { +// if (0 != event.GetArg0()) { +// LogError("Policy change failed"); +// } +// Assert(0 == event.GetArg0() && "Policy change failed"); +// LoopControl::finish_wait_for_wrt_init(); +// } +// +// void updatePolicy(const std::string& path) +// { +// AceUpdateRequestEvent event(path); +// VcoreDPL::Event::EventDeliverySystem::Publish(event); +// LoopControl::wait_for_wrt_init(); +// } +//}; + +} // namespace anonymous + +using namespace ValidationCore; + +////////////////////////////////////////////////// +//////// VALIDATION CORE TEST SUITE //////////// +////////////////////////////////////////////////// + +/* + * test: Class SignatureFinder + * description: SignatureFinder should search directory passed as + * param of constructor. + * expected: Signature finder should put information about 3 + * signture files in SinatureFileInfoSet. + */ +RUNNER_TEST(test01_signature_finder) +{ + SignatureFileInfoSet signatureSet; + SignatureFinder signatureFinder(widget_path); + RUNNER_ASSERT_MSG( + SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet), + "SignatureFinder failed"); + RUNNER_ASSERT_MSG(signatureSet.size() == 3, + "Some signature has not been found"); + + SignatureFileInfo first = *(signatureSet.begin()); + RUNNER_ASSERT_MSG( + std::string("author-signature.xml") == first.getFileName(), + "Author Signature"); + RUNNER_ASSERT_MSG(-1 == first.getFileNumber(), "Wrong signature number."); + first = *(signatureSet.rbegin()); + RUNNER_ASSERT_MSG(std::string("signature22.xml") == first.getFileName(), + "Wrong signature fileName."); + RUNNER_ASSERT_MSG(22 == first.getFileNumber(), "Wrong signature number."); +} + +/* + * test: Class SignatureReader + * description: SignatureReader should parse widget digigal signaturesignature + * without any errors. Path to signature is passed to constructor. + * param of destructor. + * expected: SignatureReader should not throw any exception. + */ +RUNNER_TEST(test02_signature_reader) +{ + SignatureFileInfoSet signatureSet; + SignatureFinder signatureFinder(widget_path); + RUNNER_ASSERT_MSG( + SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet), + "SignatureFinder failed"); + + SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin(); + + for (; iter != signatureSet.rend(); ++iter) { + SignatureData data(widget_path + iter->getFileName(), + iter->getFileNumber()); + SignatureReader xml; + xml.initialize(data, GetSignatureXmlSchema()); + xml.read(data); + } +} + +/* + * test: Integration test of SignatureFinder, SignatureReader, + * SignatureValidator + * description: Directory passed to SignatureFinded constructor should be searched + * and 3 signature should be find. All signature should be parsed and verified. + * expected: Verificator should DISREGARD author signature and VERIFY + * distrubutor signature. + */ +RUNNER_TEST(test03t01_wrtsignature_validator) +{ + SignatureFileInfoSet signatureSet; + SignatureFinder signatureFinder(widget_path); + RUNNER_ASSERT_MSG( + SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet), + "SignatureFinder failed"); + + SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin(); + for (; iter != signatureSet.rend(); ++iter) { + SignatureData data(widget_path + iter->getFileName(), + iter->getFileNumber()); + SignatureReader xml; + xml.initialize(data, GetSignatureXmlSchema()); + xml.read(data); + + WrtSignatureValidator validator( + WrtSignatureValidator::WAC20, + false, + false, + false); + + if (data.isAuthorSignature()) { + RUNNER_ASSERT_MSG( + WrtSignatureValidator::SIGNATURE_DISREGARD == + validator.check(data, widget_path), + "Validation failed"); + } else { + if (data.getSignatureNumber() == 1) + { + WrtSignatureValidator::Result temp = validator.check(data, widget_path); + + RUNNER_ASSERT_MSG( + WrtSignatureValidator::SIGNATURE_DISREGARD == + temp, + "Validation failed"); + + } + else + { + WrtSignatureValidator::Result temp = validator.check(data, widget_path); + + RUNNER_ASSERT_MSG( + WrtSignatureValidator::SIGNATURE_VERIFIED == + temp, + "Validation failed"); + } + } + } +} + +RUNNER_TEST(test03t02_wrtsignature_validator_negative_hash_input) +{ + SignatureFileInfoSet signatureSet; + SignatureFinder signatureFinder(widget_negative_hash_path); + RUNNER_ASSERT_MSG( + SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet), + "SignatureFinder failed"); + + SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin(); + for (; iter != signatureSet.rend(); ++iter) { + SignatureData data(widget_negative_hash_path + iter->getFileName(), + iter->getFileNumber()); + SignatureReader xml; + xml.initialize(data, GetSignatureXmlSchema()); + xml.read(data); + + WrtSignatureValidator validator( + WrtSignatureValidator::WAC20, + false, + false, + false); + + int temp = validator.check(data, widget_negative_hash_path); + RUNNER_ASSERT_MSG( + (WrtSignatureValidator::SIGNATURE_INVALID == temp + || WrtSignatureValidator::SIGNATURE_DISREGARD == temp), + "Wrong input file but success.. Errorcode : " << wrtValidatorErrorToString(temp)); + } +} + +RUNNER_TEST(test03t03_wrtsignature_validator_negative_signature_input) +{ + SignatureFileInfoSet signatureSet; + SignatureFinder signatureFinder(widget_negative_signature_path); + RUNNER_ASSERT_MSG( + SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet), + "SignatureFinder failed"); + + SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin(); + for (; iter != signatureSet.rend(); ++iter) { + SignatureData data(widget_negative_signature_path + iter->getFileName(), + iter->getFileNumber()); + SignatureReader xml; + xml.initialize(data, GetSignatureXmlSchema()); + xml.read(data); + + WrtSignatureValidator validator( + WrtSignatureValidator::WAC20, + false, + false, + false); + + int temp = validator.check(data, widget_negative_signature_path); + RUNNER_ASSERT_MSG( + (WrtSignatureValidator::SIGNATURE_INVALID == temp + || WrtSignatureValidator::SIGNATURE_DISREGARD == temp), + "Wrong input file but success.. Errorcode : " << wrtValidatorErrorToString(temp)); + } +} + +RUNNER_TEST(test03t04_wrtsignature_validator_partner) +{ + SignatureFileInfoSet signatureSet; + SignatureFinder signatureFinder(widget_partner_path); + RUNNER_ASSERT_MSG( + SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet), + "SignatureFinder failed"); + + SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin(); + for (; iter != signatureSet.rend(); ++iter) { + SignatureData data(widget_partner_path + iter->getFileName(), + iter->getFileNumber()); + SignatureReader xml; + xml.initialize(data, GetSignatureXmlSchema()); + xml.read(data); + + WrtSignatureValidator validator( + WrtSignatureValidator::WAC20, + false, + false, + false); + + int temp = validator.check(data, widget_partner_path); + RUNNER_ASSERT_MSG( + WrtSignatureValidator::SIGNATURE_VERIFIED == temp, + "Wrong input file but success.. Errorcode : " << wrtValidatorErrorToString(temp)); + if (!data.isAuthorSignature()) { + RUNNER_ASSERT_MSG( + data.getVisibilityLevel() == CertStoreId::VIS_PARTNER, + "visibility check failed."); + } + } +} +/* // no partner_operator certificate in kiran emlulator +RUNNER_TEST(test03t05_wrtsignature_validator_partner_operator) +{ + SignatureFileInfoSet signatureSet; + SignatureFinder signatureFinder(widget_partner_operator_path); + LogError("Size: " << signatureSet.size()); + RUNNER_ASSERT_MSG( + SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet), + "SignatureFinder failed"); + + SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin(); + LogError("Size: " << signatureSet.size()); + for (; iter != signatureSet.rend(); ++iter) { + SignatureData data(widget_partner_operator_path + iter->getFileName(), + iter->getFileNumber()); + SignatureReader xml; + xml.initialize(data, GetSignatureXmlSchema()); + xml.read(data); + + WrtSignatureValidator validator( + WrtSignatureValidator::WAC20, + false, + false, + false); + + if (data.isAuthorSignature()) { + LogError("Author"); + RUNNER_ASSERT_MSG( + WrtSignatureValidator::SIGNATURE_VERIFIED == + validator.check(data, widget_partner_operator_path), + "Wrong input file but success.."); + } else { + LogError("Distributor"); + RUNNER_ASSERT_MSG( + WrtSignatureValidator::SIGNATURE_VERIFIED == + validator.check(data, widget_partner_operator_path), + "Wrong input file but success.."); + + RUNNER_ASSERT_MSG( + data.getVisibilityLevel() == CertStoreId::VIS_PLATFORM, + "visibility check failed."); + } + } +} +*/ + +/* +RUNNER_TEST(test03t04_wrtsignature_validator_negative_certificate_input) +{ + SignatureFileInfoSet signatureSet; + SignatureFinder signatureFinder(widget_negative_certificate_path); + LogError("Size: " << signatureSet.size()); + RUNNER_ASSERT_MSG( + SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet), + "SignatureFinder failed"); + + SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin(); + LogError("Size: " << signatureSet.size()); + for (; iter != signatureSet.rend(); ++iter) { + SignatureData data(widget_negative_certificate_path + iter->getFileName(), + iter->getFileNumber()); + SignatureReader xml; + xml.initialize(data, GetSignatureXmlSchema()); + xml.read(data); + + WrtSignatureValidator validator( + WrtSignatureValidator::WAC20, + false, + false, + false); + + if (data.isAuthorSignature()) { + LogError("Author"); + RUNNER_ASSERT_MSG( + WrtSignatureValidator::SIGNATURE_INVALID == + validator.check(data, widget_negative_certificate_path), + "Wrong input file but success.."); + } else { + LogError("Distributor"); + RUNNER_ASSERT_MSG( + WrtSignatureValidator::SIGNATURE_DISREGARD == + validator.check(data, widget_negative_certificate_path), + "Wrong input file but success.."); + } + } +} +*/ + +/* + * test: Integration test of SignatureFinder, SignatureReader, + * SignatureValidator + * description: Directory passed to SignatureFinded constructor should be searched + * and 3 signature should be find. All signature should be parsed and verified. + * expected: Verificator should DISREGARD author signature and VERIFY + * distrubutor signature. + */ +RUNNER_TEST(test04t01_signature_validator) +{ + SignatureFileInfoSet signatureSet; + SignatureFinder signatureFinder(widget_path); + RUNNER_ASSERT_MSG( + SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet), + "SignatureFinder failed"); + + SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin(); + for (; iter != signatureSet.rend(); ++iter) { + SignatureData data(widget_path + iter->getFileName(), + iter->getFileNumber()); + SignatureReader xml; + xml.initialize(data, GetSignatureXmlSchema()); + xml.read(data); + + SignatureValidator validator( + SignatureValidator::WAC20, + false, + false, + false); + + if (data.isAuthorSignature()) { + RUNNER_ASSERT_MSG( + SignatureValidator::SIGNATURE_DISREGARD == + validator.check(data, widget_path), + "Validation failed"); + } else { + if (data.getSignatureNumber() == 1) + { + SignatureValidator::Result temp = validator.check(data, widget_path); + + RUNNER_ASSERT_MSG( + SignatureValidator::SIGNATURE_DISREGARD == + temp, + "Validation failed"); + } + else + { + SignatureValidator::Result temp = validator.check(data, widget_path); + + RUNNER_ASSERT_MSG( + SignatureValidator::SIGNATURE_VERIFIED == + temp, + "Validation failed"); + } + } + } +} + +RUNNER_TEST(test04t02_signature_validator_negative_hash_input) +{ + SignatureFileInfoSet signatureSet; + SignatureFinder signatureFinder(widget_negative_hash_path); + RUNNER_ASSERT_MSG( + SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet), + "SignatureFinder failed"); + + SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin(); + for (; iter != signatureSet.rend(); ++iter) { + SignatureData data(widget_negative_hash_path + iter->getFileName(), + iter->getFileNumber()); + SignatureReader xml; + xml.initialize(data, GetSignatureXmlSchema()); + xml.read(data); + + SignatureValidator validator( + SignatureValidator::WAC20, + false, + false, + false); + + int temp = validator.check(data, widget_negative_hash_path); + RUNNER_ASSERT_MSG( + (WrtSignatureValidator::SIGNATURE_INVALID == temp + || WrtSignatureValidator::SIGNATURE_DISREGARD == temp), + "Wrong input file but success.. Errorcode : " << wrtValidatorErrorToString(temp)); + } +} + +RUNNER_TEST(test04t03_signature_validator_negative_signature_input) +{ + SignatureFileInfoSet signatureSet; + SignatureFinder signatureFinder(widget_negative_signature_path); + RUNNER_ASSERT_MSG( + SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet), + "SignatureFinder failed"); + + SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin(); + for (; iter != signatureSet.rend(); ++iter) { + SignatureData data(widget_negative_signature_path + iter->getFileName(), + iter->getFileNumber()); + SignatureReader xml; + xml.initialize(data, GetSignatureXmlSchema()); + xml.read(data); + + SignatureValidator validator( + SignatureValidator::WAC20, + false, + false, + false); + + int temp = validator.check(data, widget_negative_signature_path); + RUNNER_ASSERT_MSG( + (WrtSignatureValidator::SIGNATURE_INVALID == temp + || WrtSignatureValidator::SIGNATURE_DISREGARD == temp), + "Wrong input file but success.. Errorcode : " << wrtValidatorErrorToString(temp)); + } +} + +RUNNER_TEST(test04t04_signature_validator_partner) +{ + SignatureFileInfoSet signatureSet; + SignatureFinder signatureFinder(widget_partner_path); + RUNNER_ASSERT_MSG( + SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet), + "SignatureFinder failed"); + + SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin(); + for (; iter != signatureSet.rend(); ++iter) { + SignatureData data(widget_partner_path + iter->getFileName(), + iter->getFileNumber()); + SignatureReader xml; + xml.initialize(data, GetSignatureXmlSchema()); + xml.read(data); + + SignatureValidator validator( + SignatureValidator::TIZEN, + false, + false, + false); + + int temp = validator.check(data, widget_partner_path); + RUNNER_ASSERT_MSG(SignatureValidator::SIGNATURE_VERIFIED == temp, + "Wrong input file but success.. Errorcode : " << wrtValidatorErrorToString(temp)); + + if (!data.isAuthorSignature()) { + RUNNER_ASSERT_MSG( + data.getVisibilityLevel() == CertStoreId::VIS_PARTNER, + "visibility check failed."); + } + } +} +/* // no partner_operator certificate in kiran emulator +RUNNER_TEST(test04t05_signature_validator_partner_operator) +{ + SignatureFileInfoSet signatureSet; + SignatureFinder signatureFinder(widget_partner_operator_path); + LogError("Size: " << signatureSet.size()); + RUNNER_ASSERT_MSG( + SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet), + "SignatureFinder failed"); + + SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin(); + LogError("Size: " << signatureSet.size()); + for (; iter != signatureSet.rend(); ++iter) { + SignatureData data(widget_partner_operator_path + iter->getFileName(), + iter->getFileNumber()); + SignatureReader xml; + xml.initialize(data, GetSignatureXmlSchema()); + xml.read(data); + + SignatureValidator validator( + SignatureValidator::TIZEN, + false, + false, + false); + + if (data.isAuthorSignature()) { + LogError("Author"); + RUNNER_ASSERT_MSG( + SignatureValidator::SIGNATURE_VERIFIED == + validator.check(data, widget_partner_operator_path), + "Wrong input file but success.."); + } else { + LogError("Distributor"); + RUNNER_ASSERT_MSG( + SignatureValidator::SIGNATURE_VERIFIED == + validator.check(data, widget_partner_operator_path), + "Wrong input file but success.."); + + RUNNER_ASSERT_MSG( + data.getVisibilityLevel() == CertStoreId::VIS_PLATFORM, + "visibility check failed."); + } + } +} +*/ + +/* +RUNNER_TEST(test04t04_signature_validator_negative_certificate_input) +{ + SignatureFileInfoSet signatureSet; + SignatureFinder signatureFinder(widget_negative_certificate_path); + LogError("Size: " << signatureSet.size()); + RUNNER_ASSERT_MSG( + SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet), + "SignatureFinder failed"); + + SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin(); + LogError("Size: " << signatureSet.size()); + for (; iter != signatureSet.rend(); ++iter) { + SignatureData data(widget_negative_certificate_path + iter->getFileName(), + iter->getFileNumber()); + SignatureReader xml; + xml.initialize(data, GetSignatureXmlSchema()); + xml.read(data); + + SignatureValidator validator( + SignatureValidator::WAC20, + false, + false, + false); + + if (data.isAuthorSignature()) { + LogError("Author"); + RUNNER_ASSERT_MSG( + SignatureValidator::SIGNATURE_DISREGARD == + validator.check(data, widget_negative_certificate_path), + "Wrong input file but success.."); + } else { + LogError("Distributor"); + RUNNER_ASSERT_MSG( + SignatureValidator::SIGNATURE_DISREGARD == + validator.check(data, widget_negative_certificate_path), + "Wrong input file but success.."); + } + } +} +*/ + +/* + * test: Integration test of SignatureFinder, SignatureReader, + * SignatureValidator, ReferenceValidator + * description: As above but this test also checks reference from signatures. + * expected: All reference checks should return NO_ERROR. + */ +RUNNER_TEST(test05t01_signature_reference) +{ + SignatureFileInfoSet signatureSet; + SignatureFinder signatureFinder(widget_path); + RUNNER_ASSERT_MSG( + SignatureFinder::NO_ERROR == signatureFinder.find(signatureSet), + "SignatureFinder failed"); + + SignatureFileInfoSet::reverse_iterator iter = signatureSet.rbegin(); + + for (; iter != signatureSet.rend(); ++iter) { + SignatureData data(widget_path + iter->getFileName(), + iter->getFileNumber()); + SignatureReader xml; + xml.initialize(data, GetSignatureXmlSchema()); + xml.read(data); + + WrtSignatureValidator sval( + WrtSignatureValidator::WAC20, + false, + false, + false); + + if (data.isAuthorSignature()) { + RUNNER_ASSERT_MSG( + WrtSignatureValidator::SIGNATURE_DISREGARD == + sval.check(data, widget_path), + "Validation failed"); + } else { + if (data.getSignatureNumber() == 1) + { + RUNNER_ASSERT_MSG( + WrtSignatureValidator::SIGNATURE_DISREGARD == + sval.check(data, widget_path), + "Validation failed"); + } + else + { + RUNNER_ASSERT_MSG( + WrtSignatureValidator::SIGNATURE_VERIFIED == + sval.check(data, widget_path), + "Validation failed"); + } + } + +/* + ReferenceValidator val(widget_path); + int temp = val.checkReferences(data); + RUNNER_ASSERT_MSG(ReferenceValidator::NO_ERROR == temp, + "File[" << iter->getFileName() + << "] FileNumber[" << iter->getFileNumber() + << "] Errorcode : " << refValidatorErrorToString(temp)); +*/ + } +} + +/* + * test: ReferenceValidator::checkReference + * description: Simple test. File "encoding test.empty" exists. + * expected: checkReference should return NO_ERROR. + */ +/* +RUNNER_TEST(test05t02_signature_reference_encoding_dummy) +{ + ReferenceSet referenceSet; + SignatureData data; + ReferenceValidator val("/usr/apps/widget/tests/reference"); + referenceSet.insert("encoding test.empty"); + data.setReference(referenceSet); + + int temp = val.checkReferences(data); + RUNNER_ASSERT_MSG(ReferenceValidator::NO_ERROR == temp, + "Errorcode : " << refValidatorErrorToString(temp)); +} +*/ + +/* + * test: ReferenceValidator::checkReference + * description: Negative test. File "encoding test" does not exists. + * expected: checkReference should return ERROR_REFERENCE_NOT_FOUND + */ +/* +RUNNER_TEST(test05t03_signature_reference_encoding_negative) +{ + ReferenceSet referenceSet; + SignatureData data; + ReferenceValidator val("/usr/apps/widget/tests/reference"); + referenceSet.insert("encoding test"); + data.setReference(referenceSet); + + int temp = val.checkReferences(data); + RUNNER_ASSERT_MSG(ReferenceValidator::ERROR_REFERENCE_NOT_FOUND == temp, + "Errorcode : " << refValidatorErrorToString(temp)); +} +*/ + +/* + * test: ReferenceValidator::checkReference, ReferenceValidator::decodeProcent + * description: File "encoding test.empty" exists. Name set in referenceSet must + * be encoded first by decodeProcent function. + * expected: checkReference should return NO_ERROR + */ +/* +RUNNER_TEST(test05t04_signature_reference_encoding_space) +{ + ReferenceSet referenceSet; + SignatureData data; + ReferenceValidator val("/usr/apps/widget/tests/reference"); + referenceSet.insert("encoding%20test.empty"); + data.setReference(referenceSet); + + int temp = val.checkReferences(data); + RUNNER_ASSERT_MSG(ReferenceValidator::NO_ERROR == temp, + "Errorcode : " << refValidatorErrorToString(temp)); +} +*/ + +/* + * test: ReferenceValidator::checkReference, ReferenceValidator::decodeProcent + * description: Negative test. File "encoding test" does not exists. Name set in + * referenceSet must be encoded first by decodeProcent function. + * expected: checkReference should return ERROR_REFERENCE_NOT_FOUND + */ +/* +RUNNER_TEST(test05t05_signature_reference_encoding_space_negative) +{ + ReferenceSet referenceSet; + SignatureData data; + ReferenceValidator val("/usr/apps/widget/tests/reference"); + referenceSet.insert("encoding%20test"); + data.setReference(referenceSet); + + int temp = val.checkReferences(data); + RUNNER_ASSERT_MSG(ReferenceValidator::ERROR_REFERENCE_NOT_FOUND == temp, + "Errorcode : " << refValidatorErrorToString(temp)); +} +*/ + +/* + * test: ReferenceValidator::checkReference, ReferenceValidator::decodeProcent + * description: File "encoding test.empty" exists. Name set in + * referenceSet must be encoded first by decodeProcent function. + * expected: checkReference should return NO_ERROR + */ +/* +RUNNER_TEST(test05t06_signature_reference_encoding) +{ + ReferenceSet referenceSet; + SignatureData data; + ReferenceValidator val("/usr/apps/widget/tests/reference"); + referenceSet.insert("e%6Ec%6Fding%20te%73%74.e%6d%70ty"); + data.setReference(referenceSet); + + int temp = val.checkReferences(data); + RUNNER_ASSERT_MSG(ReferenceValidator::NO_ERROR == temp, + "Errorcode : " << refValidatorErrorToString(temp)); +} +*/ + +/* + * test: ReferenceValidator::checkReference, ReferenceValidator::decodeProcent + * description: Negative test. "%%" is illegal combination of char. decodeProcent + * should throw exception. + * expected: checkReference should return ERROR_DECODING_URL + */ +/* +RUNNER_TEST(test05t07_signature_reference_encoding_negative) +{ + ReferenceSet referenceSet; + SignatureData data; + ReferenceValidator val("/usr/apps/widget/tests/reference"); + referenceSet.insert("e%6Ec%6Fding%%0test%2ete%73%74"); + data.setReference(referenceSet); + + int temp = val.checkReferences(data); + RUNNER_ASSERT_MSG(ReferenceValidator::ERROR_DECODING_URL == temp, + "Errorcode : " << refValidatorErrorToString(temp)); +} +*/ + +/* + * test: class Certificate + * description: Certificate should parse data passed to object constructor. + * expected: Getters should be able to return certificate information. + */ +RUNNER_TEST(test08t01_Certificate) +{ + Certificate cert(certVerisign, Certificate::FORM_BASE64); + std::string result; + + result = cert.getCommonName(Certificate::FIELD_SUBJECT); + RUNNER_ASSERT_MSG(!result.empty(), "No common name"); + RUNNER_ASSERT_MSG(!result.compare("www.verisign.com"), "CommonName mismatch"); + + result = cert.getCommonName(Certificate::FIELD_ISSUER); + RUNNER_ASSERT_MSG(!result.empty(), "No common name"); + RUNNER_ASSERT_MSG(!result.compare("VeriSign Class 3 Extended Validation SSL SGC CA"), + "CommonName mismatch"); + + result = cert.getCountryName(); + RUNNER_ASSERT_MSG(!result.empty(), "No country"); + RUNNER_ASSERT_MSG(!result.compare("US"), "Country mismatch"); +} + +/* + * test: Certificate::getFingerprint + * description: Certificate should parse data passed to object constructor. + * expected: Function fingerprint should return valid fingerprint. + */ +RUNNER_TEST(test08t02_Certificate) +{ + Certificate cert(certVerisign, Certificate::FORM_BASE64); + + Certificate::Fingerprint fin = + cert.getFingerprint(Certificate::FINGERPRINT_SHA1); + + unsigned char buff[20] = { + 0xb9, 0x72, 0x1e, 0xd5, 0x49, + 0xed, 0xbf, 0x31, 0x84, 0xd8, + 0x27, 0x0c, 0xfe, 0x03, 0x11, + 0x19, 0xdf, 0xc2, 0x2b, 0x0a}; + RUNNER_ASSERT_MSG(fin.size() == 20, "Wrong size of fingerprint"); + + for (size_t i = 0; i<20; ++i) { + RUNNER_ASSERT_MSG(fin[i] == buff[i], "Fingerprint mismatch"); + } +} + +/* + * test: Certificate::getAlternativeNameDNS + * description: Certificate should parse data passed to object constructor. + * expected: Function getAlternativeNameDNS should return list of + * alternativeNames hardcoded in certificate. + */ +RUNNER_TEST(test08t03_Certificate) +{ + Certificate cert(certVerisign, Certificate::FORM_BASE64); + + Certificate::AltNameSet nameSet = cert.getAlternativeNameDNS(); + + RUNNER_ASSERT(nameSet.size() == 8); + + std::string str("verisign.com"); + RUNNER_ASSERT(nameSet.find(str) != nameSet.end()); + + str = std::string("fake.com"); + RUNNER_ASSERT(nameSet.find(str) == nameSet.end()); + +} + +/* + * test: Certificate::isCA + * description: Certificate should parse data passed to object constructor. + * expected: 1st and 2nd certificate should be identified as CA. + */ +RUNNER_TEST(test08t04_Certificate_isCA) +{ + Certificate cert1(googleCA, Certificate::FORM_BASE64); + RUNNER_ASSERT(cert1.isCA() > 0); + + Certificate cert2(google2nd, Certificate::FORM_BASE64); + RUNNER_ASSERT(cert2.isCA() > 0); + + Certificate cert3(google3rd, Certificate::FORM_BASE64); + RUNNER_ASSERT(cert3.isCA() == 0); +} + +#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL +/* + * test: class CertificateCollection + * description: It's not allowed to call function isChain before funciton sort. + * expected: Function isChain should throw exception WrongUsage because + * function sort was not called before. + */ +RUNNER_TEST(test09t01_CertificateCollection) +{ + CertificateList list; + list.push_back(CertificatePtr( + new Certificate(google2nd, Certificate::FORM_BASE64))); + list.push_back(CertificatePtr( + new Certificate(googleCA, Certificate::FORM_BASE64))); + list.push_back(CertificatePtr( + new Certificate(google3rd, Certificate::FORM_BASE64))); + + CertificateCollection collection; + collection.load(list); + + bool exception = false; + + Try { + RUNNER_ASSERT(collection.isChain()); + } Catch (CertificateCollection::Exception::WrongUsage) { + exception = true; + } + + RUNNER_ASSERT_MSG(exception, "Exception expected!"); + + RUNNER_ASSERT_MSG(collection.sort(), "Sort failed"); + + RUNNER_ASSERT(collection.isChain()); + + std::string encoded = collection.toBase64String(); + + collection.clear(); + + RUNNER_ASSERT_MSG(collection.size() == 0, "Function clear failed."); + + collection.load(encoded); + + RUNNER_ASSERT_MSG(collection.sort(), "Sort failed"); + + list = collection.getChain(); + + RUNNER_ASSERT(!list.front().get()->getCommonName().compare("mail.google.com")); + RUNNER_ASSERT(!list.back().get()->getOrganizationName().compare("VeriSign, Inc.")); +} + +/* + * test: class OCSP, VerificationStatusSet + * description: OCSP should check certificate chain. One of the certificate + * is GOOD and one is broken. + * expected: Status from OCSP check should contain status GOOD and status + * VERIFICATION_ERROR. + */ +RUNNER_TEST(test51t01_ocsp_validation_negative) +{ + CertificateCacheDAO::clearCertificateCache(); + + CertificateList lOCSPCertificates; + CertificatePtr certificatePtr; + CertificatePtr pCert0; + CertificatePtr pCert1; + CertificatePtr pCert2; + CertificatePtr pRootCert; + std::string caRootPath(keys_path + "ocsp_rootca.crt"), + certLevel0Path(keys_path + "ocsp_level0deprecated.crt"), + certLevel1Path(keys_path + "ocsp_level1.crt"), + certLevel2Path(keys_path + "ocsp_level2.crt"); + + pRootCert = RevocationCheckerBase::loadPEMFile(caRootPath.c_str()); + if (!pRootCert) { + RUNNER_ASSERT_MSG(false, "Couldn't load ocsp_rootca.crt"); + } + lOCSPCertificates.push_back(pRootCert); + + pCert0 = RevocationCheckerBase::loadPEMFile(certLevel0Path.c_str()); + if (!pCert0) { + RUNNER_ASSERT_MSG(false, "Couldn't load ocsp_level0.crt"); + } + lOCSPCertificates.push_back(CertificatePtr(pCert0)); + + pCert1 = RevocationCheckerBase::loadPEMFile(certLevel1Path.c_str()); + if (!pCert1) { + RUNNER_ASSERT_MSG(false, "Couldn't load ocsp_level1.crt"); + } + lOCSPCertificates.push_back(CertificatePtr(pCert1)); + + pCert2 = RevocationCheckerBase::loadPEMFile(certLevel2Path.c_str()); + if (!pCert2) { + RUNNER_ASSERT_MSG(false, "Couldn't load ocsp_level2.crt"); + } + lOCSPCertificates.push_back(CertificatePtr(pCert2)); + + OCSP ocsp; + ocsp.setDigestAlgorithmForCertId(ValidationCore::OCSP::SHA1); + ocsp.setDigestAlgorithmForRequest(ValidationCore::OCSP::SHA1); + + CertificateCollection collection; + collection.load(lOCSPCertificates); + RUNNER_ASSERT(collection.sort()); + CertificateList sorted = collection.getChain(); + + ocsp.setTrustedStore(sorted); + VerificationStatusSet status = ocsp.validateCertificateList(sorted); + + RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_CONNECTION_FAILED), + "Caught OCSP connection error from store exception"); + RUNNER_ASSERT_MSG(status.contains(VERIFICATION_STATUS_GOOD), + "Caught OCSP verification error exception"); + RUNNER_ASSERT_MSG(status.contains(VERIFICATION_STATUS_VERIFICATION_ERROR), + "Caught OCSP verification error exception"); + + CertificateCacheDAO::clearCertificateCache(); +} + +/* + * test: class OCSP, VerificationStatusSet + * description: OCSP should check certificate chain. All certificates are GOOD. + * expected: Status from OCSP check should contain only status GOOD. + */ +RUNNER_TEST(test51t02_ocsp_validation_positive) +{ + CertificateCacheDAO::clearCertificateCache(); + + CertificateList lOCSPCertificates; + CertificatePtr certificatePtr; + CertificatePtr pCert0; + CertificatePtr pCert1; + CertificatePtr pCert2; + CertificatePtr pRootCert; + std::string caRootPath(keys_path + "ocsp_rootca.crt"), + certLevel1Path(keys_path + "ocsp_level1.crt"), + certLevel2Path(keys_path + "ocsp_level2.crt"); + + pRootCert = RevocationCheckerBase::loadPEMFile(caRootPath.c_str()); + if (!pRootCert) { + RUNNER_ASSERT_MSG(false, "Couldn't load ocsp_rootca.crt"); + } + lOCSPCertificates.push_back(pRootCert); + + pCert1 = RevocationCheckerBase::loadPEMFile(certLevel1Path.c_str()); + if (!pCert1) { + RUNNER_ASSERT_MSG(false, "Couldn't load ocsp_level1.crt"); + } + lOCSPCertificates.push_back(CertificatePtr(pCert1)); + + pCert2 = RevocationCheckerBase::loadPEMFile(certLevel2Path.c_str()); + if (!pCert2) { + RUNNER_ASSERT_MSG(false, "Couldn't load ocsp_level2.crt"); + } + lOCSPCertificates.push_back(CertificatePtr(pCert2)); + + OCSP ocsp; + ocsp.setDigestAlgorithmForCertId(ValidationCore::OCSP::SHA1); + ocsp.setDigestAlgorithmForRequest(ValidationCore::OCSP::SHA1); + + CertificateCollection collection; + collection.load(lOCSPCertificates); + RUNNER_ASSERT(collection.sort()); + CertificateList sorted = collection.getChain(); + + ocsp.setTrustedStore(sorted); + VerificationStatusSet status = ocsp.validateCertificateList(sorted); + + RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_CONNECTION_FAILED), + "Caught OCSP connection error from store exception"); + RUNNER_ASSERT_MSG(status.contains(VERIFICATION_STATUS_GOOD), + "Caught OCSP verification error exception"); + RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_VERIFICATION_ERROR), + "Caught OCSP verification error exception"); + + CertificateCacheDAO::clearCertificateCache(); +} + +/* + * test: class OCSP, VerificationStatusSet + * description: OCSP should check end entity certificate. + * expected: Status from OCSP check should contain only status GOOD. + */ +RUNNER_TEST(test51t04_ocsp_request) +{ + CertificateList lTrustedCerts; + + lTrustedCerts.push_back(CertificatePtr( + new Certificate(google3rd, Certificate::FORM_BASE64))); + lTrustedCerts.push_back(CertificatePtr( + new Certificate(google2nd, Certificate::FORM_BASE64))); + lTrustedCerts.push_back(CertificatePtr( + new Certificate(googleCA, Certificate::FORM_BASE64))); + + CertificateCollection chain; + chain.load(lTrustedCerts); + RUNNER_ASSERT(chain.sort()); + + OCSP ocsp; + ocsp.setDigestAlgorithmForCertId(OCSP::SHA1); + ocsp.setDigestAlgorithmForRequest(OCSP::SHA1); + ocsp.setTrustedStore(lTrustedCerts); + VerificationStatus result = ocsp.checkEndEntity(chain); + + RUNNER_ASSERT(VERIFICATION_STATUS_GOOD == result); +} + +/* + * test: class OCSP, VerificationStatusSet, CertificateCachedDao + * description: Call OCSP twice. Result of second call should be extracted + * from cache. + * expected: Both results should be equal. + */ +RUNNER_TEST(test51t05_cached_ocsp_validation_negative) +{ + CertificateCacheDAO::clearCertificateCache(); + + CertificateList lOCSPCertificates; + CertificatePtr certificatePtr; + CertificatePtr pCert0; + CertificatePtr pCert1; + CertificatePtr pCert2; + CertificatePtr pRootCert; + std::string caRootPath(keys_path + "ocsp_rootca.crt"), + certLevel0Path(keys_path + "ocsp_level0deprecated.crt"), + certLevel1Path(keys_path + "ocsp_level1.crt"), + certLevel2Path(keys_path + "ocsp_level2.crt"); + + pRootCert = RevocationCheckerBase::loadPEMFile(caRootPath.c_str()); + RUNNER_ASSERT_MSG(pRootCert, "Couldn't load ocsp_rootca.crt"); + lOCSPCertificates.push_back(pRootCert); + + pCert0 = RevocationCheckerBase::loadPEMFile(certLevel0Path.c_str()); + RUNNER_ASSERT_MSG(pCert0, "Couldn't load ocsp_level0.crt"); + lOCSPCertificates.push_back(CertificatePtr(pCert0)); + + pCert1 = RevocationCheckerBase::loadPEMFile(certLevel1Path.c_str()); + RUNNER_ASSERT_MSG(pCert1, "Couldn't load ocsp_level1.crt"); + lOCSPCertificates.push_back(CertificatePtr(pCert1)); + + pCert2 = RevocationCheckerBase::loadPEMFile(certLevel2Path.c_str()); + RUNNER_ASSERT_MSG(pCert2, "Couldn't load ocsp_level2.crt"); + lOCSPCertificates.push_back(CertificatePtr(pCert2)); + + CachedOCSP ocsp; + + CertificateCollection collection; + collection.load(lOCSPCertificates); + RUNNER_ASSERT(collection.sort()); + + VerificationStatus status = ocsp.check(collection); + + RUNNER_ASSERT_MSG(status != VERIFICATION_STATUS_GOOD, + "Caught OCSP verification error exception"); + + OCSPCachedStatusList respList; + CertificateCacheDAO::getOCSPStatusList(&respList); + unsigned len = respList.size(); + + status = ocsp.check(collection); + + RUNNER_ASSERT_MSG(status != VERIFICATION_STATUS_GOOD, + "Caught OCSP verification error exception"); + + respList.clear(); + CertificateCacheDAO::getOCSPStatusList(&respList); + RUNNER_ASSERT_MSG(respList.size() == len && len > 0, + "Caught OCSP cache error exception"); + + CertificateCacheDAO::clearCertificateCache(); +} + +/* + * test: class OCSP, VerificationStatusSet, CertificateCachedDao + * description: Call OCSP twice. Result of second call should be extracted + * from cache. + * expected: Both results should be equal. + */ +RUNNER_TEST(test51t06_cached_ocsp_validation_positive) +{ + CertificateCacheDAO::clearCertificateCache(); + + CertificateList lOCSPCertificates; + CertificatePtr certificatePtr; + CertificatePtr pCert0; + CertificatePtr pCert1; + CertificatePtr pCert2; + CertificatePtr pRootCert; + std::string caRootPath(keys_path + "ocsp_rootca.crt"), + certLevel1Path(keys_path + "ocsp_level1.crt"), + certLevel2Path(keys_path + "ocsp_level2.crt"); + + pRootCert = RevocationCheckerBase::loadPEMFile(caRootPath.c_str()); + RUNNER_ASSERT_MSG(pRootCert, "Couldn't load ocsp_rootca.crt"); + lOCSPCertificates.push_back(pRootCert); + + pCert1 = RevocationCheckerBase::loadPEMFile(certLevel1Path.c_str()); + RUNNER_ASSERT_MSG(pCert1, "Couldn't load ocsp_level1.crt"); + lOCSPCertificates.push_back(CertificatePtr(pCert1)); + + pCert2 = RevocationCheckerBase::loadPEMFile(certLevel2Path.c_str()); + RUNNER_ASSERT_MSG(pCert2, "Couldn't load ocsp_level2.crt"); + lOCSPCertificates.push_back(CertificatePtr(pCert2)); + + CachedOCSP ocsp; + + CertificateCollection collection; + collection.load(lOCSPCertificates); + RUNNER_ASSERT(collection.sort()); + + VerificationStatus status = ocsp.check(collection); + + RUNNER_ASSERT_MSG(status == VERIFICATION_STATUS_GOOD, + "Caught OCSP verification error exception"); + + OCSPCachedStatusList respList; + CertificateCacheDAO::getOCSPStatusList(&respList); + unsigned len = respList.size(); + + status = ocsp.check(collection); + + RUNNER_ASSERT_MSG(status == VERIFICATION_STATUS_GOOD, + "Caught OCSP verification error exception"); + + respList.clear(); + CertificateCacheDAO::getOCSPStatusList(&respList); + RUNNER_ASSERT_MSG(respList.size() == len && len > 0, + "Caught OCSP cache error exception"); + + CertificateCacheDAO::clearCertificateCache(); +} + +/* + * test: class OCSP + * description: All certificates are valid. + * expected: Only status VERIFICATION_STATUS_GOOD should be set. + */ +RUNNER_TEST(test70_ocsp_local_validation_positive) +{ + CertificateCacheDAO::clearCertificateCache(); + + CertificateList lOCSPCertificates; + CertificatePtr certificatePtr; + CertificatePtr pCert0; + CertificatePtr pRootCert; + std::string caRootPath(cert_store_path + "cacert.pem"), + certLevel0Path(cert_store_path + "1second_level.pem"); + + pRootCert = RevocationCheckerBase::loadPEMFile(caRootPath.c_str()); + if (!pRootCert) { + RUNNER_ASSERT_MSG(false, "Couldn't load cacert.pem"); + } + lOCSPCertificates.push_back(pRootCert); + + pCert0 = RevocationCheckerBase::loadPEMFile(certLevel0Path.c_str()); + if (!pCert0) { + RUNNER_ASSERT_MSG(false, "Couldn't load 1second_level.pem"); + } + lOCSPCertificates.push_back(CertificatePtr(pCert0)); + + OCSP ocsp; + ocsp.setDigestAlgorithmForCertId(ValidationCore::OCSP::SHA1); + ocsp.setDigestAlgorithmForRequest(ValidationCore::OCSP::SHA1); + + CertificateCollection collection; + collection.load(lOCSPCertificates); + RUNNER_ASSERT(collection.sort()); + CertificateList sorted = collection.getChain(); + + ocsp.setTrustedStore(sorted); + VerificationStatusSet status = ocsp.validateCertificateList(sorted); + + RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_CONNECTION_FAILED), + "Caught OCSP connection error - check if " + "wrt-tests-vcore-ocsp-server.sh is running!"); + RUNNER_ASSERT_MSG(status.contains(VERIFICATION_STATUS_GOOD), + "Caught OCSP verification error exception"); + RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_VERIFICATION_ERROR), + "Caught OCSP verification error exception"); + + CertificateCacheDAO::clearCertificateCache(); +} + +/* + * test: class OCSP + * description: All certificates are valid. + * expected: Only status VERIFICATION_STATUS_GOOD should be set. + */ +RUNNER_TEST(test71_ocsp_local_validation_positive) +{ + CertificateCacheDAO::clearCertificateCache(); + + CertificateList lOCSPCertificates; + CertificatePtr certificatePtr; + CertificatePtr pCert0; + CertificatePtr pRootCert; + std::string caRootPath(cert_store_path + "cacert.pem"), + certLevel0Path(cert_store_path + "3second_level.pem"); + + pRootCert = RevocationCheckerBase::loadPEMFile(caRootPath.c_str()); + if (!pRootCert) { + RUNNER_ASSERT_MSG(false, "Couldn't load cacert.pem"); + } + lOCSPCertificates.push_back(pRootCert); + + pCert0 = RevocationCheckerBase::loadPEMFile(certLevel0Path.c_str()); + if (!pCert0) { + RUNNER_ASSERT_MSG(false, "Couldn't load 3second_level.pem"); + } + lOCSPCertificates.push_back(CertificatePtr(pCert0)); + + OCSP ocsp; + ocsp.setDigestAlgorithmForCertId(ValidationCore::OCSP::SHA1); + ocsp.setDigestAlgorithmForRequest(ValidationCore::OCSP::SHA1); + + CertificateCollection collection; + collection.load(lOCSPCertificates); + RUNNER_ASSERT(collection.sort()); + CertificateList sorted = collection.getChain(); + + ocsp.setTrustedStore(sorted); + VerificationStatusSet status = ocsp.validateCertificateList(sorted); + + RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_CONNECTION_FAILED), + "Caught OCSP connection error - check if " + "wrt-tests-vcore-ocsp-server.sh is running!"); + RUNNER_ASSERT_MSG(status.contains(VERIFICATION_STATUS_GOOD), + "Caught OCSP verification error exception"); + RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_VERIFICATION_ERROR), + "Caught OCSP verification error exception"); + + CertificateCacheDAO::clearCertificateCache(); +} + +/* + * test: class OCSP + * description: Second certificate is revoked. Root CA certificate wont be checked. + * expected: Only status VERIFICATION_STATUS_REVOKED should be set. + */ +RUNNER_TEST(test72_ocsp_local_validation_revoked) +{ + CertificateCacheDAO::clearCertificateCache(); + + CertificateList lOCSPCertificates; + CertificatePtr certificatePtr; + CertificatePtr pCert0; + CertificatePtr pRootCert; + std::string caRootPath(cert_store_path + "cacert.pem"), + certLevel0Path(cert_store_path + "2second_level.pem"); + + pRootCert = RevocationCheckerBase::loadPEMFile(caRootPath.c_str()); + if (!pRootCert) { + RUNNER_ASSERT_MSG(false, "Couldn't load cacert.pem"); + } + lOCSPCertificates.push_back(pRootCert); + + pCert0 = RevocationCheckerBase::loadPEMFile(certLevel0Path.c_str()); + if (!pCert0) { + RUNNER_ASSERT_MSG(false, "Couldn't load 2second_level.pem"); + } + lOCSPCertificates.push_back(CertificatePtr(pCert0)); + + OCSP ocsp; + ocsp.setDigestAlgorithmForCertId(ValidationCore::OCSP::SHA1); + ocsp.setDigestAlgorithmForRequest(ValidationCore::OCSP::SHA1); + + CertificateCollection collection; + collection.load(lOCSPCertificates); + RUNNER_ASSERT(collection.sort()); + CertificateList sorted = collection.getChain(); + + ocsp.setTrustedStore(sorted); + VerificationStatusSet status = ocsp.validateCertificateList(sorted); + + RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_CONNECTION_FAILED), + "Caught OCSP connection error - check if " + "wrt-tests-vcore-ocsp-server.sh is running!"); + RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_GOOD), + "Caught OCSP verification error exception"); + RUNNER_ASSERT_MSG(status.contains(VERIFICATION_STATUS_REVOKED), + "Caught OCSP verification error exception"); + RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_UNKNOWN), + "Caught OCSP verification error exception"); + RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_VERIFICATION_ERROR), + "Caught OCSP verification error exception"); + + CertificateCacheDAO::clearCertificateCache(); +} + +/* + * test: class OCSP + * description: N/A + * expected: Status VERIFICATION_STATUS_GOOD and VERIFICATION_STATUS_VERIFICATION_ERROR + * should be set. + */ +RUNNER_TEST(test73_ocsp_local_validation_error_unknown_cert) +{ + CertificateCacheDAO::clearCertificateCache(); + + CertificateList lOCSPCertificates; + CertificatePtr certificatePtr; + CertificatePtr pCert0; + CertificatePtr pCert1; + CertificatePtr pRootCert; + std::string caRootPath(cert_store_path + "cacert.pem"), + certLevel0Path(cert_store_path + "1second_level.pem"), + certLevel1Path(cert_store_path + "1third_level.pem"); + + pRootCert = RevocationCheckerBase::loadPEMFile(caRootPath.c_str()); + if (!pRootCert) { + RUNNER_ASSERT_MSG(false, "Couldn't load cacerr.pem"); + } + lOCSPCertificates.push_back(pRootCert); + + pCert0 = RevocationCheckerBase::loadPEMFile(certLevel0Path.c_str()); + if (!pCert0) { + RUNNER_ASSERT_MSG(false, "Couldn't load 1second_level.pem"); + } + lOCSPCertificates.push_back(CertificatePtr(pCert0)); + + pCert1 = RevocationCheckerBase::loadPEMFile(certLevel1Path.c_str()); + if (!pCert1) { + RUNNER_ASSERT_MSG(false, "Couldn't load 1third_level.pem"); + } + lOCSPCertificates.push_back(CertificatePtr(pCert1)); + + OCSP ocsp; + ocsp.setDigestAlgorithmForCertId(ValidationCore::OCSP::SHA1); + ocsp.setDigestAlgorithmForRequest(ValidationCore::OCSP::SHA1); + + CertificateCollection collection; + collection.load(lOCSPCertificates); + RUNNER_ASSERT(collection.sort()); + CertificateList sorted = collection.getChain(); + + ocsp.setTrustedStore(sorted); + VerificationStatusSet status = ocsp.validateCertificateList(sorted); + + RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_CONNECTION_FAILED), + "Caught OCSP connection error - check if " + "wrt-tests-vcore-ocsp-server.sh is running!"); + RUNNER_ASSERT_MSG(status.contains(VERIFICATION_STATUS_GOOD), + "Caught OCSP verification error exception"); + RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_REVOKED), + "Caught OCSP verification error exception"); + RUNNER_ASSERT_MSG(status.contains(VERIFICATION_STATUS_VERIFICATION_ERROR), + "Caught OCSP verification error exception"); + RUNNER_ASSERT_MSG(!status.contains(VERIFICATION_STATUS_UNKNOWN), + "Caught OCSP verification error exception"); + + CertificateCacheDAO::clearCertificateCache(); +} +#endif + +#define CRYPTO_HASH_TEST(text,expected,FUN) \ + do { \ + ValidationCore::Crypto::Hash::Base *crypto; \ + crypto = new ValidationCore::Crypto::Hash::FUN(); \ + std::string input = text; \ + crypto->Append(text); \ + crypto->Finish(); \ + std::string result = crypto->ToBase64String(); \ + RUNNER_ASSERT_MSG(result == expected, \ + "Hash function failed"); \ + } while(0) + +/* + * test: class ValidationCore::Crypto::Hash::MD4 + * description: Test implementation of MD4 hash algorithm + * expected: Value counted by algorithm should be eqal to value encoded in test. + */ +RUNNER_TEST(test80_crypto_md4) +{ + CRYPTO_HASH_TEST("Hi, my name is Bart.", + "Rj5V34qqMQmHh2bn3Cb/vQ==", + MD4); +} + +/* + * test: class ValidationCore::Crypto::Hash::MD5 + * description: Test implementation of hash algorithm + * expected: Value counted by algorithm should be eqal to value encoded in test. + */ +RUNNER_TEST(test81_crypto_md5) +{ + CRYPTO_HASH_TEST("Hi, my name is Bart.", + "4y2iI6QtFC7+0xurBOfcsg==", + MD5); +} + +/* + * test: class ValidationCore::Crypto::Hash::SHA + * description: Test implementation of hash algorithm + * expected: Value counted by algorithm should be eqal to value encoded in test. + */ +RUNNER_TEST(test82_crypto_sha) +{ + CRYPTO_HASH_TEST("Hi, my name is Bart.", + "v7w8XNvzQkZPoID+bbdrLwI6zPA=", + SHA); +} + +/* + * test: class ValidationCore::Crypto::Hash::SHA1 + * description: Test implementation of hash algorithm + * expected: Value counted by algorithm should be eqal to value encoded in test. + */ +RUNNER_TEST(test83_crypto_sha1) +{ + CRYPTO_HASH_TEST("Hi, my name is Bart.", + "Srydq14dzpuLn+xlkGz7ZyFLe1w=", + SHA1); +} + +/* + * test: class ValidationCore::Crypto::Hash::SHA224 + * description: Test implementation of hash algorithm + * expected: Value counted by algorithm should be eqal to value encoded in test. + */ +RUNNER_TEST(test84_crypto_sha224) +{ + CRYPTO_HASH_TEST("Hi, my name is Bart.", + "Ss2MKa2Mxrf0/hrl8bf0fOSz/e5nQv4J/yX6ig==", + SHA224); +} + +/* + * test: class ValidationCore::Crypto::Hash::SHA256 + * description: Test implementation of hash algorithm + * expected: Value counted by algorithm should be eqal to value encoded in test. + */ +RUNNER_TEST(test85_crypto_sha256) +{ + CRYPTO_HASH_TEST("Hi, my name is Bart.", + "Bja/IuUJHLPlHYYB2hBcuuOlRWPy1RdF6gzL0VWxeps=", + SHA256); +} + +/* + * test: class ValidationCore::Crypto::Hash::SHA384 + * description: Test implementation of hash algorithm + * expected: Value counted by algorithm should be eqal to value encoded in test. + */ +RUNNER_TEST(test86_crypto_sha384) +{ + CRYPTO_HASH_TEST("Hi, my name is Bart.", + "5RjtzCnGAt+P6J8h32Dzrmka+5i5MMvDRVz+s9jA7TW508sUZOnKliliad5nUJrj", + SHA384); +} + +/* + * test: class ValidationCore::Crypto::Hash::SHA512 + * description: Test implementation of hash algorithm + * expected: Value counted by algorithm should be eqal to value encoded in test. + */ +RUNNER_TEST(test87_crypto_sha512) +{ + CRYPTO_HASH_TEST("Hi, my name is Bart.", + "LxemzcQNf5erjA4a6PnTXfL+putB3uElitOjc5QCQ9Mg4ZuxTpre8VIBAviwRcTnui2Y0/Yg7cB40OG3XJMfbA==", + SHA512); +} + +/* + * test: class ValidationCore::Crypto::Hash::SHA1 + * description: This example was implemented to show how to count SHA1 value from certificate. + * expected: Value counted by algorithm should be eqal to value encoded in test. + */ +RUNNER_TEST(test88_crypto_sha1_certificate) +{ + Certificate cert(certVerisign, Certificate::FORM_BASE64); + + ValidationCore::Crypto::Hash::SHA1 sha1; + sha1.Append(cert.getDER()); + sha1.Finish(); + std::string result = sha1.ToBase64String(); + + RUNNER_ASSERT_MSG(result == "uXIe1UntvzGE2CcM/gMRGd/CKwo=", + "Certificate hash does not match."); +} + +/* + * test: CertificateIdentifier::find(Fingerprint) + * description: Check implementation of fingerprint_list. + * expected: Google CA certificate was added to TIZEN_MEMBER group + * and ORANGE_LEGACY. Both domain should be found. + */ +/* +RUNNER_TEST(test90_certificate_identifier_find_fingerprint) +{ + CertificateIdentifier certIdent; + CertificateConfigReader reader; + reader.initialize( + "/usr/apps/widget/tests/vcore_config/fin_list.xml", + "/usr/apps/widget/tests/vcore_config/fin_list.xsd"); + reader.read(certIdent); + + Certificate cert(googleCA, Certificate::FORM_BASE64); + + CertStoreId::Set domain = + certIdent.find(cert.getFingerprint(Certificate::FINGERPRINT_SHA1)); + + RUNNER_ASSERT(!domain.contains(CertStoreId::WAC_PUBLISHER)); + RUNNER_ASSERT(!domain.contains(CertStoreId::DEVELOPER)); + RUNNER_ASSERT(!domain.contains(CertStoreId::WAC_ROOT)); + RUNNER_ASSERT(!domain.contains(CertStoreId::WAC_MEMBER)); + RUNNER_ASSERT(domain.contains(CertStoreId::TIZEN_MEMBER)); + RUNNER_ASSERT(domain.contains(CertStoreId::ORANGE_LEGACY)); +} +*/ + +/* + * test: CertificateIdentifier::find(CertificatePtr) + * description: Check implementation of fingerprint_list. + * expected: Google CA certificate was added to TIZEN_MEMBER group + * and ORANGE_LEGACY. Both domain should be found. + */ +/* +RUNNER_TEST(test91_certificate_identifier_find_cert) +{ + CertificateIdentifier certIdent; + CertificateConfigReader reader; + reader.initialize( + "/usr/apps/widget/tests/vcore_config/fin_list.xml", + "/usr/apps/widget/tests/vcore_config/fin_list.xsd"); + reader.read(certIdent); + + CertificatePtr cert(new Certificate(googleCA, Certificate::FORM_BASE64)); + + CertStoreId::Set domain = certIdent.find(cert); + + RUNNER_ASSERT(!domain.contains(CertStoreId::WAC_PUBLISHER)); + RUNNER_ASSERT(!domain.contains(CertStoreId::DEVELOPER)); + RUNNER_ASSERT(!domain.contains(CertStoreId::WAC_ROOT)); + RUNNER_ASSERT(!domain.contains(CertStoreId::WAC_MEMBER)); + RUNNER_ASSERT(domain.contains(CertStoreId::TIZEN_MEMBER)); + RUNNER_ASSERT(domain.contains(CertStoreId::ORANGE_LEGACY)); +} +*/ + +/* + * test: CertificateIdentifier::find(Fingerprint) + * description: Check implementation of fingerprint_list. + * expected: google2nd certificate was not added to any group so + * no domain should be found. + */ +/* +RUNNER_TEST(test92_certificate_identifier_negative) +{ + CertificateIdentifier certIdent; + CertificateConfigReader reader; + reader.initialize( + "/usr/apps/widget/tests/vcore_config/fin_list.xml", + "/usr/apps/widget/tests/vcore_config/fin_list.xsd"); + reader.read(certIdent); + + Certificate cert(google2nd, Certificate::FORM_BASE64); + + CertStoreId::Set domain = + certIdent.find(cert.getFingerprint(Certificate::FINGERPRINT_SHA1)); + + RUNNER_ASSERT(!domain.contains(CertStoreId::WAC_PUBLISHER)); + RUNNER_ASSERT(!domain.contains(CertStoreId::DEVELOPER)); + RUNNER_ASSERT(!domain.contains(CertStoreId::WAC_ROOT)); + RUNNER_ASSERT(!domain.contains(CertStoreId::WAC_MEMBER)); + RUNNER_ASSERT(!domain.contains(CertStoreId::TIZEN_MEMBER)); + RUNNER_ASSERT(!domain.contains(CertStoreId::ORANGE_LEGACY)); +} +*/ +/* + * test: CertificateIdentifier::find(Fingerprint) + * description: Check implementation of fingerprint_list. + * expected: Google CA certificate was added to TIZEN_MEMBER group + * and ORANGE_LEGACY. Both domain should be found. + */ +/* +RUNNER_TEST(test93_certificate_identifier_find_fingerprint) +{ + CertificateIdentifier certIdent; + CertificateConfigReader reader; + reader.initialize( + "/usr/apps/widget/tests/vcore_config/fin_list.xml", + "/usr/apps/widget/tests/vcore_config/fin_list.xsd"); + reader.read(certIdent); + + Certificate cert(googleCA, Certificate::FORM_BASE64); + + CertStoreId::Set visibilityLevel = + certIdent.find(cert.getFingerprint(Certificate::FINGERPRINT_SHA1)); + + RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::WAC_PUBLISHER)); + RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::DEVELOPER)); + RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::WAC_ROOT)); + RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::WAC_MEMBER)); + RUNNER_ASSERT(visibilityLevel.contains(CertStoreId::TIZEN_MEMBER)); + RUNNER_ASSERT(visibilityLevel.contains(CertStoreId::ORANGE_LEGACY)); + + RUNNER_ASSERT(visibilityLevel.contains(CertStoreId::VIS_PUBLIC)); + RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::VIS_PARTNER)); + RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::VIS_PARTNER_OPERATOR)); + RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::VIS_PARTNER_MANUFACTURER)); +} +*/ + +/* + * test: CertificateIdentifier::find(CertificatePtr) + * description: Check implementation of fingerprint_list. + * expected: Google CA certificate was added to TIZEN_MEMBER group + * and ORANGE_LEGACY. Both domain should be found. + */ +/* +RUNNER_TEST(test94_certificate_identifier_find_cert) +{ + CertificateIdentifier certIdent; + CertificateConfigReader reader; + reader.initialize( + "/usr/apps/widget/tests/vcore_config/fin_list.xml", + "/usr/apps/widget/tests/vcore_config/fin_list.xsd"); + reader.read(certIdent); + + CertificatePtr cert(new Certificate(googleCA, Certificate::FORM_BASE64)); + + CertStoreId::Set visibilityLevel = certIdent.find(cert); + + RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::WAC_PUBLISHER)); + RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::DEVELOPER)); + RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::WAC_ROOT)); + RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::WAC_MEMBER)); + RUNNER_ASSERT(visibilityLevel.contains(CertStoreId::TIZEN_MEMBER)); + RUNNER_ASSERT(visibilityLevel.contains(CertStoreId::ORANGE_LEGACY)); + + RUNNER_ASSERT(visibilityLevel.contains(CertStoreId::VIS_PUBLIC)); + RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::VIS_PARTNER)); + RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::VIS_PARTNER_OPERATOR)); + RUNNER_ASSERT(!visibilityLevel.contains(CertStoreId::VIS_PARTNER_MANUFACTURER)); +} +*/ + +/* + * test: CertificateIdentifier::find(Fingerprint) + * description: Check implementation of fingerprint_list. + * expected: google2nd certificate was not added to any group so + * no domain should be found. + */ +/* +RUNNER_TEST(test95_certificate_identifier_negative) +{ + CertificateIdentifier certIdent; + CertificateConfigReader reader; + reader.initialize( + "/usr/apps/widget/tests/vcore_config/fin_list.xml", + "/usr/apps/widget/tests/vcore_config/fin_list.xsd"); + reader.read(certIdent); + + Certificate cert(google2nd, Certificate::FORM_BASE64); + + CertStoreId::Set domain = + certIdent.find(cert.getFingerprint(Certificate::FINGERPRINT_SHA1)); + + RUNNER_ASSERT(!domain.contains(CertStoreId::WAC_PUBLISHER)); + RUNNER_ASSERT(!domain.contains(CertStoreId::DEVELOPER)); + RUNNER_ASSERT(!domain.contains(CertStoreId::WAC_ROOT)); + RUNNER_ASSERT(!domain.contains(CertStoreId::WAC_MEMBER)); + RUNNER_ASSERT(!domain.contains(CertStoreId::TIZEN_MEMBER)); + RUNNER_ASSERT(!domain.contains(CertStoreId::ORANGE_LEGACY)); + RUNNER_ASSERT(!domain.contains(CertStoreId::VIS_PUBLIC)); + RUNNER_ASSERT(!domain.contains(CertStoreId::VIS_PARTNER)); + RUNNER_ASSERT(!domain.contains(CertStoreId::VIS_PARTNER_OPERATOR)); + RUNNER_ASSERT(!domain.contains(CertStoreId::VIS_PARTNER_MANUFACTURER)); +} +*/ diff --git a/tests/vcore/TestEnv.cpp b/tests/vcore/TestEnv.cpp new file mode 100644 index 0000000..678c1f9 --- /dev/null +++ b/tests/vcore/TestEnv.cpp @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include <vcore/WrtSignatureValidator.h> + +#include "TestEnv.h" + +#define WRTSIGNATURE_ERRORDESCRIBE(name) case ValidationCore::WrtSignatureValidator::name: return #name +const char *wrtValidatorErrorToString(int error) +{ + switch (error) { + WRTSIGNATURE_ERRORDESCRIBE(SIGNATURE_VALID); + WRTSIGNATURE_ERRORDESCRIBE(SIGNATURE_INVALID); + WRTSIGNATURE_ERRORDESCRIBE(SIGNATURE_VERIFIED); + WRTSIGNATURE_ERRORDESCRIBE(SIGNATURE_DISREGARD); + WRTSIGNATURE_ERRORDESCRIBE(SIGNATURE_REVOKED); + WRTSIGNATURE_ERRORDESCRIBE(SIGNATURE_INVALID_CERT_CHAIN); + WRTSIGNATURE_ERRORDESCRIBE(SIGNATURE_INVALID_DISTRIBUTOR_CERT); + WRTSIGNATURE_ERRORDESCRIBE(SIGNATURE_INVALID_SDK_DEFAULT_AUTHOR_CERT); + WRTSIGNATURE_ERRORDESCRIBE(SIGNATURE_IN_DISTRIBUTOR_CASE_AUTHOR_CERT); + WRTSIGNATURE_ERRORDESCRIBE(SIGNATURE_INVALID_CERT_TIME); + WRTSIGNATURE_ERRORDESCRIBE(SIGNATURE_NO_DEVICE_PROFILE); + WRTSIGNATURE_ERRORDESCRIBE(SIGNATURE_INVALID_DEVICE_UNIQUE_ID); + WRTSIGNATURE_ERRORDESCRIBE(SIGNATURE_INVALID_NO_HASH_FILE); + WRTSIGNATURE_ERRORDESCRIBE(SIGNATURE_INVALID_HASH_SIGNATURE); + default: + return "Invalid error code."; + } +} +#undef WRTSIGNATURE_ERRORDESCRIBE + diff --git a/vcore/src/vcore/SoupMessageSendAsync.cpp b/tests/vcore/TestEnv.h index d8bb132..7cff828 100644 --- a/vcore/src/vcore/SoupMessageSendAsync.cpp +++ b/tests/vcore/TestEnv.h @@ -13,3 +13,9 @@ * See the License for the specific language governing permissions and * limitations under the License. */ +#ifndef _TESTENV_H_ +#define _TESTENV_H_ + +const char *wrtValidatorErrorToString(int error); + +#endif diff --git a/tests/vcore/cert-svc-tests-vcore-ocsp-server.sh b/tests/vcore/cert-svc-tests-vcore-ocsp-server.sh new file mode 100644 index 0000000..05daea2 --- /dev/null +++ b/tests/vcore/cert-svc-tests-vcore-ocsp-server.sh @@ -0,0 +1,30 @@ +#!/bin/sh +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +source /etc/tizen-platform.conf + +LOCAL_VCORE_OCSP_WORKSPACE=${TZ_SYS_RO_APP}/widget/tests/vcore_certs + +pkill -9 openssl # if previously it was launched and openssl didn't close sockets + +OPENSSL_CONF=${LOCAL_VCORE_OCSP_WORKSPACE}/openssl.cnf openssl ocsp \ +-nrequest 5 \ +-index ${LOCAL_VCORE_OCSP_WORKSPACE}/demoCA/index.txt \ +-port 8881 \ +-rsigner ${LOCAL_VCORE_OCSP_WORKSPACE}/respcert.pem \ +-rkey ${LOCAL_VCORE_OCSP_WORKSPACE}/respcert.key \ +-CA ${LOCAL_VCORE_OCSP_WORKSPACE}/demoCA/cacert.pem + +echo "--- OCSP server shutdown..." diff --git a/tests/vcore/certificate-generator/.gitignore b/tests/vcore/certificate-generator/.gitignore new file mode 100644 index 0000000..96be371 --- /dev/null +++ b/tests/vcore/certificate-generator/.gitignore @@ -0,0 +1,28 @@ +1second_level.csr +1second_level.key +1second_level.pem +1third_level.key +1third_level.pem +1third_level.request +2second_level.csr +2second_level.key +2second_level.pem +2third_level.key +2third_level.pem +2third_level.request +3second_level.csr +3second_level.key +3second_level.pem +3third_level.key +3third_level.pem +3third_level.request +cacrl1.pem +cacrl2.pem +demoCA/index.txt +demoCA/index.txt.attr +demoCA/index.txt.attr.old +demoCA/index.txt.old +demoCA/newcerts/ +respcert.csr +respcert.key +respcert.pem diff --git a/tests/vcore/certificate-generator/create_certs.sh b/tests/vcore/certificate-generator/create_certs.sh new file mode 100755 index 0000000..4d03927 --- /dev/null +++ b/tests/vcore/certificate-generator/create_certs.sh @@ -0,0 +1,94 @@ +#!/bin/bash +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +#Prerequisite to run script is to +#create root certificate and directory structure (demoCA) with command: +#/usr/lib/ssl/misc/CA.sh -newca +#for automated tests default structure is created in demoCA.init + +#make sure current dir has no files from previous generation +rm -r 1* 2* 3* ca* respcert* demoCA +cp -R demoCA.init demoCA +echo "01" > ./demoCA/crlnumber + +for index in 1 2 3 +do + #create certificate A + openssl genrsa -out ${index}second_level.key 1024 -passin pass:1234 -config ./openssl.cnf + openssl req -new -key ${index}second_level.key -out ${index}second_level.csr -passin pass:1234 -config ./openssl.cnf <<CONTENT +PL +Masovian +Warsaw +priv +priv +second_level${index} + + + +CONTENT + + openssl ca -in ${index}second_level.csr -out ${index}second_level.pem -passin pass:1234 -config ./openssl.cnf -extensions v3_ca <<CONTENT +y +y +CONTENT + + #create certificate B + openssl req -new -keyout ${index}third_level.key -out ${index}third_level.request -passin pass:1234 -passout pass:1234 -days 365 -config ./openssl.cnf <<CONTENT +PL +Masovian +Warsaw +priv +priv +third_level${index} + + + +CONTENT + + openssl ca -config ./openssl.cnf -extensions v3_ca -policy policy_anything -keyfile ${index}second_level.key -cert ${index}second_level.pem -out ${index}third_level.pem -infiles ${index}third_level.request <<CONTENT +y +y +CONTENT + +done + +#generate OCSP response signing certificate +openssl genrsa -out respcert.key 1024 -passin pass:1234 -config ./openssl.cnf +openssl req -new -key respcert.key -out respcert.csr -passin pass:1234 -config ./openssl.cnf <<CONTENT +PL +Masovian +Warsaw +priv +priv +responce_cert + + + +CONTENT + +openssl ca -in respcert.csr -out respcert.pem -passin pass:1234 -config ./openssl.cnf -extensions ocsp_cert <<CONTENT +y +y +CONTENT + +#generate CRL +openssl ca -passin pass:1234 -gencrl -keyfile ./demoCA/private/cakey.pem -cert ./demoCA/cacert.pem -out cacrl1.pem -crldays 30 -config ./openssl.cnf +openssl ca -passin pass:1234 -revoke 1third_level.pem -keyfile ./demoCA/private/cakey.pem -cert ./demoCA/cacert.pem -config ./openssl.cnf +openssl ca -passin pass:1234 -gencrl -keyfile ./demoCA/private/cakey.pem -cert ./demoCA/cacert.pem -out cacrl1.pem -crldays 30 -config ./openssl.cnf + +openssl ca -passin pass:1234 -gencrl -keyfile ./demoCA/private/cakey.pem -cert ./demoCA/cacert.pem -out cacrl2.pem -crldays 30 -config ./openssl.cnf +openssl ca -passin pass:1234 -revoke 2second_level.pem -keyfile ./demoCA/private/cakey.pem -cert ./demoCA/cacert.pem -config ./openssl.cnf +openssl ca -passin pass:1234 -gencrl -keyfile ./demoCA/private/cakey.pem -cert ./demoCA/cacert.pem -out cacrl2.pem -crldays 30 -config ./openssl.cnf diff --git a/tests/vcore/certificate-generator/demoCA.init/cacert.pem b/tests/vcore/certificate-generator/demoCA.init/cacert.pem new file mode 100644 index 0000000..c9cc0eb --- /dev/null +++ b/tests/vcore/certificate-generator/demoCA.init/cacert.pem @@ -0,0 +1,60 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=PL, ST=Masovian, O=priv, OU=priv, CN=priv + Validity + Not Before: Jul 29 14:32:12 2011 GMT + Not After : Jul 28 14:32:12 2014 GMT + Subject: C=PL, ST=Masovian, O=priv, OU=priv, CN=priv + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:ab:68:cc:1a:41:78:50:0c:f4:43:3f:9e:8d:7b: + 90:3d:eb:d6:8b:ce:d9:c1:b5:f4:d3:2e:75:f3:e1: + b3:29:97:1b:38:c6:20:73:8d:a6:cd:61:3f:e1:1c: + 78:0f:fd:25:e2:a0:95:6d:a9:33:30:fe:24:76:3d: + e4:9d:23:b2:39:3c:98:a5:b2:20:2f:7d:c8:7d:d5: + 00:7c:11:2c:6e:58:a2:18:03:02:48:4a:81:c7:eb: + 7b:e9:e3:8d:b0:eb:3d:ee:21:19:7c:04:c2:ad:4f: + 45:b3:1a:13:d1:76:35:c4:38:7e:0c:6c:7c:e7:83: + 41:f0:78:1b:b4:16:d5:93:d9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + F6:6E:9E:36:6D:49:02:FC:91:1A:5A:9D:D3:FA:B4:9F:07:EE:A9:B3 + X509v3 Authority Key Identifier: + keyid:F6:6E:9E:36:6D:49:02:FC:91:1A:5A:9D:D3:FA:B4:9F:07:EE:A9:B3 + DirName:/C=PL/ST=Masovian/O=priv/OU=priv/CN=priv + serial:00 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 96:3c:f7:22:3d:32:c0:67:fc:3a:0a:3c:b7:62:38:7d:a6:d5: + 2d:86:c2:ce:6a:84:66:d4:56:b3:93:4e:4c:37:d1:49:b6:67: + 91:76:57:96:96:cc:5a:71:da:69:b7:52:9d:8f:17:f7:66:fa: + 6c:f1:98:28:44:af:60:df:ad:2a:8b:f5:f3:8c:27:c4:68:a5: + 2a:35:c1:6c:84:37:20:ee:c2:9c:58:98:a1:ff:ba:fd:38:36: + 45:c3:d7:38:5d:47:ad:c8:0d:26:2b:a9:9d:2e:39:73:b2:aa: + da:e5:19:b8:57:28:62:dd:94:2a:c9:50:5b:33:59:b0:56:cf: + eb:2f +-----BEGIN CERTIFICATE----- +MIICuDCCAiGgAwIBAgIBADANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJQTDER +MA8GA1UECBMITWFzb3ZpYW4xDTALBgNVBAoTBHByaXYxDTALBgNVBAsTBHByaXYx +DTALBgNVBAMTBHByaXYwHhcNMTEwNzI5MTQzMjEyWhcNMTQwNzI4MTQzMjEyWjBN +MQswCQYDVQQGEwJQTDERMA8GA1UECBMITWFzb3ZpYW4xDTALBgNVBAoTBHByaXYx +DTALBgNVBAsTBHByaXYxDTALBgNVBAMTBHByaXYwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBAKtozBpBeFAM9EM/no17kD3r1ovO2cG19NMudfPhsymXGzjGIHON +ps1hP+EceA/9JeKglW2pMzD+JHY95J0jsjk8mKWyIC99yH3VAHwRLG5YohgDAkhK +gcfre+njjbDrPe4hGXwEwq1PRbMaE9F2NcQ4fgxsfOeDQfB4G7QW1ZPZAgMBAAGj +gacwgaQwHQYDVR0OBBYEFPZunjZtSQL8kRpandP6tJ8H7qmzMHUGA1UdIwRuMGyA +FPZunjZtSQL8kRpandP6tJ8H7qmzoVGkTzBNMQswCQYDVQQGEwJQTDERMA8GA1UE +CBMITWFzb3ZpYW4xDTALBgNVBAoTBHByaXYxDTALBgNVBAsTBHByaXYxDTALBgNV +BAMTBHByaXaCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCWPPci +PTLAZ/w6Cjy3Yjh9ptUthsLOaoRm1Fazk05MN9FJtmeRdleWlsxacdppt1Kdjxf3 +Zvps8ZgoRK9g360qi/XzjCfEaKUqNcFshDcg7sKcWJih/7r9ODZFw9c4XUetyA0m +K6mdLjlzsqra5Rm4Vyhi3ZQqyVBbM1mwVs/rLw== +-----END CERTIFICATE----- diff --git a/tests/vcore/certificate-generator/demoCA.init/careq.pem b/tests/vcore/certificate-generator/demoCA.init/careq.pem new file mode 100644 index 0000000..2a360eb --- /dev/null +++ b/tests/vcore/certificate-generator/demoCA.init/careq.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBnjCCAQcCAQAwXjELMAkGA1UEBhMCUEwxETAPBgNVBAgTCE1hc292aWFuMQ8w +DQYDVQQHEwZXYXJzYXcxDTALBgNVBAoTBHByaXYxDTALBgNVBAsTBHByaXYxDTAL +BgNVBAMTBHByaXYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKtozBpBeFAM +9EM/no17kD3r1ovO2cG19NMudfPhsymXGzjGIHONps1hP+EceA/9JeKglW2pMzD+ +JHY95J0jsjk8mKWyIC99yH3VAHwRLG5YohgDAkhKgcfre+njjbDrPe4hGXwEwq1P +RbMaE9F2NcQ4fgxsfOeDQfB4G7QW1ZPZAgMBAAGgADANBgkqhkiG9w0BAQUFAAOB +gQBfWbLoBMhFCjsTklaKNKIoF4WRNmGXPBQt+BWZhlVjnxh1ncL3QX2M4r/ys3ax +bKGm24i5XvUvZ1uR8SxOHGbuTzjRALBOgfb9X5mma/8ZytammJmgjdYkVvvRNFXL +O+WaOykOlw1zUEUVK0VAmdQ5STPQDypyYwGF5JYL24F84A== +-----END CERTIFICATE REQUEST----- diff --git a/tests/vcore/certificate-generator/demoCA.init/index.txt b/tests/vcore/certificate-generator/demoCA.init/index.txt new file mode 100644 index 0000000..665f036 --- /dev/null +++ b/tests/vcore/certificate-generator/demoCA.init/index.txt @@ -0,0 +1 @@ +V 140728143212Z 00 unknown /C=PL/ST=Masovian/O=priv/OU=priv/CN=priv diff --git a/tests/vcore/certificate-generator/demoCA.init/index.txt.attr b/tests/vcore/certificate-generator/demoCA.init/index.txt.attr new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/tests/vcore/certificate-generator/demoCA.init/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/build-stamp b/tests/vcore/certificate-generator/demoCA.init/index.txt.old index e69de29..e69de29 100644 --- a/build-stamp +++ b/tests/vcore/certificate-generator/demoCA.init/index.txt.old diff --git a/tests/vcore/certificate-generator/demoCA.init/newcerts/00.pem b/tests/vcore/certificate-generator/demoCA.init/newcerts/00.pem new file mode 100644 index 0000000..c9cc0eb --- /dev/null +++ b/tests/vcore/certificate-generator/demoCA.init/newcerts/00.pem @@ -0,0 +1,60 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=PL, ST=Masovian, O=priv, OU=priv, CN=priv + Validity + Not Before: Jul 29 14:32:12 2011 GMT + Not After : Jul 28 14:32:12 2014 GMT + Subject: C=PL, ST=Masovian, O=priv, OU=priv, CN=priv + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:ab:68:cc:1a:41:78:50:0c:f4:43:3f:9e:8d:7b: + 90:3d:eb:d6:8b:ce:d9:c1:b5:f4:d3:2e:75:f3:e1: + b3:29:97:1b:38:c6:20:73:8d:a6:cd:61:3f:e1:1c: + 78:0f:fd:25:e2:a0:95:6d:a9:33:30:fe:24:76:3d: + e4:9d:23:b2:39:3c:98:a5:b2:20:2f:7d:c8:7d:d5: + 00:7c:11:2c:6e:58:a2:18:03:02:48:4a:81:c7:eb: + 7b:e9:e3:8d:b0:eb:3d:ee:21:19:7c:04:c2:ad:4f: + 45:b3:1a:13:d1:76:35:c4:38:7e:0c:6c:7c:e7:83: + 41:f0:78:1b:b4:16:d5:93:d9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + F6:6E:9E:36:6D:49:02:FC:91:1A:5A:9D:D3:FA:B4:9F:07:EE:A9:B3 + X509v3 Authority Key Identifier: + keyid:F6:6E:9E:36:6D:49:02:FC:91:1A:5A:9D:D3:FA:B4:9F:07:EE:A9:B3 + DirName:/C=PL/ST=Masovian/O=priv/OU=priv/CN=priv + serial:00 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 96:3c:f7:22:3d:32:c0:67:fc:3a:0a:3c:b7:62:38:7d:a6:d5: + 2d:86:c2:ce:6a:84:66:d4:56:b3:93:4e:4c:37:d1:49:b6:67: + 91:76:57:96:96:cc:5a:71:da:69:b7:52:9d:8f:17:f7:66:fa: + 6c:f1:98:28:44:af:60:df:ad:2a:8b:f5:f3:8c:27:c4:68:a5: + 2a:35:c1:6c:84:37:20:ee:c2:9c:58:98:a1:ff:ba:fd:38:36: + 45:c3:d7:38:5d:47:ad:c8:0d:26:2b:a9:9d:2e:39:73:b2:aa: + da:e5:19:b8:57:28:62:dd:94:2a:c9:50:5b:33:59:b0:56:cf: + eb:2f +-----BEGIN CERTIFICATE----- +MIICuDCCAiGgAwIBAgIBADANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJQTDER +MA8GA1UECBMITWFzb3ZpYW4xDTALBgNVBAoTBHByaXYxDTALBgNVBAsTBHByaXYx +DTALBgNVBAMTBHByaXYwHhcNMTEwNzI5MTQzMjEyWhcNMTQwNzI4MTQzMjEyWjBN +MQswCQYDVQQGEwJQTDERMA8GA1UECBMITWFzb3ZpYW4xDTALBgNVBAoTBHByaXYx +DTALBgNVBAsTBHByaXYxDTALBgNVBAMTBHByaXYwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBAKtozBpBeFAM9EM/no17kD3r1ovO2cG19NMudfPhsymXGzjGIHON +ps1hP+EceA/9JeKglW2pMzD+JHY95J0jsjk8mKWyIC99yH3VAHwRLG5YohgDAkhK +gcfre+njjbDrPe4hGXwEwq1PRbMaE9F2NcQ4fgxsfOeDQfB4G7QW1ZPZAgMBAAGj +gacwgaQwHQYDVR0OBBYEFPZunjZtSQL8kRpandP6tJ8H7qmzMHUGA1UdIwRuMGyA +FPZunjZtSQL8kRpandP6tJ8H7qmzoVGkTzBNMQswCQYDVQQGEwJQTDERMA8GA1UE +CBMITWFzb3ZpYW4xDTALBgNVBAoTBHByaXYxDTALBgNVBAsTBHByaXYxDTALBgNV +BAMTBHByaXaCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCWPPci +PTLAZ/w6Cjy3Yjh9ptUthsLOaoRm1Fazk05MN9FJtmeRdleWlsxacdppt1Kdjxf3 +Zvps8ZgoRK9g360qi/XzjCfEaKUqNcFshDcg7sKcWJih/7r9ODZFw9c4XUetyA0m +K6mdLjlzsqra5Rm4Vyhi3ZQqyVBbM1mwVs/rLw== +-----END CERTIFICATE----- diff --git a/tests/vcore/certificate-generator/demoCA.init/private/cakey.pem b/tests/vcore/certificate-generator/demoCA.init/private/cakey.pem new file mode 100644 index 0000000..452ece5 --- /dev/null +++ b/tests/vcore/certificate-generator/demoCA.init/private/cakey.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,E653123E49750191 + +OgQe9fnwRSQjEqAuqts2/up+mCfMyiZLwi/ZfhZjBxsRD0n34J5NrLptcWMDNvPT +TueYJ24eUhE61RE6u9VpcdYd0d/7sbR6i8jiBYa8R15frtTUaD1XCbhz3Sn6REbL +qDrKW7hHuSKKRfb/6bHVGNGMCR6eCSw9isYcqFDlmRpGiYC5m2nxr/W1JFq4K/te +KgvZ0kwE9DPeCdLVyHbZ7AcK0aDzUeZOFxxyHvQRLIbprx2DoFi+erPVvPfehJp1 +n2CVa2CXwkY4vIoCKn3KbtRqR+vHbc9UmlSvd2AINPEgCYAr11AGvDl9O6fdLXRJ +PXq6TMv3se//4qPcyKEiXRhR64a0dxIutyPvESLrnz4BZGsQN695ym3s96x1IEtK +yb7AGws3kr/zMVFilFFtHZgsMse9kzsMmoQZ31VfyIM1CpmieCVyN2gYV+iQN04f +1HaT498quauFvxezDe9UC4d9yaFKAM8lqeuMwoisTCu18LR5jA4ODzEJDENnny4O +ejLVKkdPViJOW5UwGpjl2MQYtmRyN6/FHjFIx9FEIClaxLiYMFXNxIGSWdq85JUb +/VpkmCiJqjy2eIW137ThbmN2GblLg6l9Hkz1wTBqhqhBK/uznwE7Mh0VL3QNTnys +4Ib2WoApWS3b9a6UAeybZvZ1vvK/9hryG19iwZsqpmuJoTTSlwZQbBYpVHRiSmrw +S26rP4kBnId4ftf3oIGCwUgFXhj1cQ7V/PC4EAOzo0opAMQkI6TR1DP8gv1ESmIN +mdrHvKbzmrRe5enDjrk3G2HVhd2+fPwC0Go8mORvxRtRfDDYeySEPQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/vcore/certificate-generator/demoCA.init/serial b/tests/vcore/certificate-generator/demoCA.init/serial new file mode 100644 index 0000000..8a0f05e --- /dev/null +++ b/tests/vcore/certificate-generator/demoCA.init/serial @@ -0,0 +1 @@ +01 diff --git a/tests/vcore/certificate-generator/demoCA.init/serial.old b/tests/vcore/certificate-generator/demoCA.init/serial.old new file mode 100644 index 0000000..4daddb7 --- /dev/null +++ b/tests/vcore/certificate-generator/demoCA.init/serial.old @@ -0,0 +1 @@ +00 diff --git a/tests/vcore/certificate-generator/demoCA/cacert.pem b/tests/vcore/certificate-generator/demoCA/cacert.pem new file mode 100644 index 0000000..c9cc0eb --- /dev/null +++ b/tests/vcore/certificate-generator/demoCA/cacert.pem @@ -0,0 +1,60 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=PL, ST=Masovian, O=priv, OU=priv, CN=priv + Validity + Not Before: Jul 29 14:32:12 2011 GMT + Not After : Jul 28 14:32:12 2014 GMT + Subject: C=PL, ST=Masovian, O=priv, OU=priv, CN=priv + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:ab:68:cc:1a:41:78:50:0c:f4:43:3f:9e:8d:7b: + 90:3d:eb:d6:8b:ce:d9:c1:b5:f4:d3:2e:75:f3:e1: + b3:29:97:1b:38:c6:20:73:8d:a6:cd:61:3f:e1:1c: + 78:0f:fd:25:e2:a0:95:6d:a9:33:30:fe:24:76:3d: + e4:9d:23:b2:39:3c:98:a5:b2:20:2f:7d:c8:7d:d5: + 00:7c:11:2c:6e:58:a2:18:03:02:48:4a:81:c7:eb: + 7b:e9:e3:8d:b0:eb:3d:ee:21:19:7c:04:c2:ad:4f: + 45:b3:1a:13:d1:76:35:c4:38:7e:0c:6c:7c:e7:83: + 41:f0:78:1b:b4:16:d5:93:d9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + F6:6E:9E:36:6D:49:02:FC:91:1A:5A:9D:D3:FA:B4:9F:07:EE:A9:B3 + X509v3 Authority Key Identifier: + keyid:F6:6E:9E:36:6D:49:02:FC:91:1A:5A:9D:D3:FA:B4:9F:07:EE:A9:B3 + DirName:/C=PL/ST=Masovian/O=priv/OU=priv/CN=priv + serial:00 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 96:3c:f7:22:3d:32:c0:67:fc:3a:0a:3c:b7:62:38:7d:a6:d5: + 2d:86:c2:ce:6a:84:66:d4:56:b3:93:4e:4c:37:d1:49:b6:67: + 91:76:57:96:96:cc:5a:71:da:69:b7:52:9d:8f:17:f7:66:fa: + 6c:f1:98:28:44:af:60:df:ad:2a:8b:f5:f3:8c:27:c4:68:a5: + 2a:35:c1:6c:84:37:20:ee:c2:9c:58:98:a1:ff:ba:fd:38:36: + 45:c3:d7:38:5d:47:ad:c8:0d:26:2b:a9:9d:2e:39:73:b2:aa: + da:e5:19:b8:57:28:62:dd:94:2a:c9:50:5b:33:59:b0:56:cf: + eb:2f +-----BEGIN CERTIFICATE----- +MIICuDCCAiGgAwIBAgIBADANBgkqhkiG9w0BAQUFADBNMQswCQYDVQQGEwJQTDER +MA8GA1UECBMITWFzb3ZpYW4xDTALBgNVBAoTBHByaXYxDTALBgNVBAsTBHByaXYx +DTALBgNVBAMTBHByaXYwHhcNMTEwNzI5MTQzMjEyWhcNMTQwNzI4MTQzMjEyWjBN +MQswCQYDVQQGEwJQTDERMA8GA1UECBMITWFzb3ZpYW4xDTALBgNVBAoTBHByaXYx +DTALBgNVBAsTBHByaXYxDTALBgNVBAMTBHByaXYwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBAKtozBpBeFAM9EM/no17kD3r1ovO2cG19NMudfPhsymXGzjGIHON +ps1hP+EceA/9JeKglW2pMzD+JHY95J0jsjk8mKWyIC99yH3VAHwRLG5YohgDAkhK +gcfre+njjbDrPe4hGXwEwq1PRbMaE9F2NcQ4fgxsfOeDQfB4G7QW1ZPZAgMBAAGj +gacwgaQwHQYDVR0OBBYEFPZunjZtSQL8kRpandP6tJ8H7qmzMHUGA1UdIwRuMGyA +FPZunjZtSQL8kRpandP6tJ8H7qmzoVGkTzBNMQswCQYDVQQGEwJQTDERMA8GA1UE +CBMITWFzb3ZpYW4xDTALBgNVBAoTBHByaXYxDTALBgNVBAsTBHByaXYxDTALBgNV +BAMTBHByaXaCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCWPPci +PTLAZ/w6Cjy3Yjh9ptUthsLOaoRm1Fazk05MN9FJtmeRdleWlsxacdppt1Kdjxf3 +Zvps8ZgoRK9g360qi/XzjCfEaKUqNcFshDcg7sKcWJih/7r9ODZFw9c4XUetyA0m +K6mdLjlzsqra5Rm4Vyhi3ZQqyVBbM1mwVs/rLw== +-----END CERTIFICATE----- diff --git a/tests/vcore/certificate-generator/demoCA/careq.pem b/tests/vcore/certificate-generator/demoCA/careq.pem new file mode 100644 index 0000000..2a360eb --- /dev/null +++ b/tests/vcore/certificate-generator/demoCA/careq.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBnjCCAQcCAQAwXjELMAkGA1UEBhMCUEwxETAPBgNVBAgTCE1hc292aWFuMQ8w +DQYDVQQHEwZXYXJzYXcxDTALBgNVBAoTBHByaXYxDTALBgNVBAsTBHByaXYxDTAL +BgNVBAMTBHByaXYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKtozBpBeFAM +9EM/no17kD3r1ovO2cG19NMudfPhsymXGzjGIHONps1hP+EceA/9JeKglW2pMzD+ +JHY95J0jsjk8mKWyIC99yH3VAHwRLG5YohgDAkhKgcfre+njjbDrPe4hGXwEwq1P +RbMaE9F2NcQ4fgxsfOeDQfB4G7QW1ZPZAgMBAAGgADANBgkqhkiG9w0BAQUFAAOB +gQBfWbLoBMhFCjsTklaKNKIoF4WRNmGXPBQt+BWZhlVjnxh1ncL3QX2M4r/ys3ax +bKGm24i5XvUvZ1uR8SxOHGbuTzjRALBOgfb9X5mma/8ZytammJmgjdYkVvvRNFXL +O+WaOykOlw1zUEUVK0VAmdQ5STPQDypyYwGF5JYL24F84A== +-----END CERTIFICATE REQUEST----- diff --git a/tests/vcore/certificate-generator/demoCA/crlnumber b/tests/vcore/certificate-generator/demoCA/crlnumber new file mode 100644 index 0000000..eeee65e --- /dev/null +++ b/tests/vcore/certificate-generator/demoCA/crlnumber @@ -0,0 +1 @@ +05 diff --git a/tests/vcore/certificate-generator/demoCA/crlnumber.old b/tests/vcore/certificate-generator/demoCA/crlnumber.old new file mode 100644 index 0000000..6496923 --- /dev/null +++ b/tests/vcore/certificate-generator/demoCA/crlnumber.old @@ -0,0 +1 @@ +04 diff --git a/tests/vcore/certificate-generator/demoCA/private/cakey.pem b/tests/vcore/certificate-generator/demoCA/private/cakey.pem new file mode 100644 index 0000000..452ece5 --- /dev/null +++ b/tests/vcore/certificate-generator/demoCA/private/cakey.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,E653123E49750191 + +OgQe9fnwRSQjEqAuqts2/up+mCfMyiZLwi/ZfhZjBxsRD0n34J5NrLptcWMDNvPT +TueYJ24eUhE61RE6u9VpcdYd0d/7sbR6i8jiBYa8R15frtTUaD1XCbhz3Sn6REbL +qDrKW7hHuSKKRfb/6bHVGNGMCR6eCSw9isYcqFDlmRpGiYC5m2nxr/W1JFq4K/te +KgvZ0kwE9DPeCdLVyHbZ7AcK0aDzUeZOFxxyHvQRLIbprx2DoFi+erPVvPfehJp1 +n2CVa2CXwkY4vIoCKn3KbtRqR+vHbc9UmlSvd2AINPEgCYAr11AGvDl9O6fdLXRJ +PXq6TMv3se//4qPcyKEiXRhR64a0dxIutyPvESLrnz4BZGsQN695ym3s96x1IEtK +yb7AGws3kr/zMVFilFFtHZgsMse9kzsMmoQZ31VfyIM1CpmieCVyN2gYV+iQN04f +1HaT498quauFvxezDe9UC4d9yaFKAM8lqeuMwoisTCu18LR5jA4ODzEJDENnny4O +ejLVKkdPViJOW5UwGpjl2MQYtmRyN6/FHjFIx9FEIClaxLiYMFXNxIGSWdq85JUb +/VpkmCiJqjy2eIW137ThbmN2GblLg6l9Hkz1wTBqhqhBK/uznwE7Mh0VL3QNTnys +4Ib2WoApWS3b9a6UAeybZvZ1vvK/9hryG19iwZsqpmuJoTTSlwZQbBYpVHRiSmrw +S26rP4kBnId4ftf3oIGCwUgFXhj1cQ7V/PC4EAOzo0opAMQkI6TR1DP8gv1ESmIN +mdrHvKbzmrRe5enDjrk3G2HVhd2+fPwC0Go8mORvxRtRfDDYeySEPQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/vcore/certificate-generator/demoCA/serial b/tests/vcore/certificate-generator/demoCA/serial new file mode 100644 index 0000000..adb9de8 --- /dev/null +++ b/tests/vcore/certificate-generator/demoCA/serial @@ -0,0 +1 @@ +08 diff --git a/tests/vcore/certificate-generator/demoCA/serial.old b/tests/vcore/certificate-generator/demoCA/serial.old new file mode 100644 index 0000000..2c7456e --- /dev/null +++ b/tests/vcore/certificate-generator/demoCA/serial.old @@ -0,0 +1 @@ +07 diff --git a/tests/vcore/certificate-generator/openssl.cnf b/tests/vcore/certificate-generator/openssl.cnf new file mode 100644 index 0000000..94aa306 --- /dev/null +++ b/tests/vcore/certificate-generator/openssl.cnf @@ -0,0 +1,327 @@ +# +# OpenSSL example configuration file. +# This is mostly being used for generation of certificate requests. +# + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +# Extra OBJECT IDENTIFIER info: +#oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] + +# We can add new OIDs in here for use by 'ca' and 'req'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key +RANDFILE = $dir/private/.rand # private random number file + +x509_extensions = usr_cert # The extentions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. + +#crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = sha1 # which md to use. +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 1024 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extentions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString. +# utf8only: only UTF8Strings. +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings +# so use this option with caution! +string_mask = nombstr + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE +crlDistributionPoints = URI:http://localhost/my.crl + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer:always + +# OCSP and CRL local servers - for test certificates +authorityInfoAccess=OCSP;URI:http://localhost:8881/ +crlDistributionPoints=URI:http://localhost/my.crl + +# This is what PKIX recommends but some broken software chokes on critical +# extensions. +#basicConstraints = critical,CA:true +# So we do this instead. +basicConstraints = CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Some might want this also +# nsCertType = sslCA, emailCA + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always,issuer:always +crlDistributionPoints=crldp1_section +URI=http://localhost/my.crl + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer:always + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo + +[ my_v3_ext ] +basicConstraints = CA:true + +[ ocsp_cert ] +extendedKeyUsage = OCSP Signing
\ No newline at end of file diff --git a/tests/vcore/test-cases/config/fin_list.xml b/tests/vcore/test-cases/config/fin_list.xml new file mode 100644 index 0000000..c7bed32 --- /dev/null +++ b/tests/vcore/test-cases/config/fin_list.xml @@ -0,0 +1,35 @@ +<CertificateSet> + <CertificateDomain name="wacpublisher"> + </CertificateDomain> + <CertificateDomain name="wacroot"> + </CertificateDomain> + <CertificateDomain name="developer"> + </CertificateDomain> + <CertificateDomain name="wacmember"> + </CertificateDomain> + <CertificateDomain name="tizenmember"> + <FingerprintSHA1>74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2</FingerprintSHA1> + </CertificateDomain> + <CertificateDomain name="orangelegacy"> + <FingerprintSHA1>74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2</FingerprintSHA1> + </CertificateDomain> + <CertificateDomain name="fake"> + <FingerprintSHA1>74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2</FingerprintSHA1> + </CertificateDomain> + <CertificateDomain name="tizen-public"> + <FingerprintSHA1>74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E2</FingerprintSHA1> + <FingerprintSHA1>04:C5:A6:1D:75:BB:F5:5C:0F:A2:66:F6:09:4D:9B:2B:5F:3B:44:AE</FingerprintSHA1> + </CertificateDomain> + <CertificateDomain name="tizen-partner"> + <FingerprintSHA1>74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E0</FingerprintSHA1> + <FingerprintSHA1>67:37:DE:B7:B9:9D:D2:DB:A5:2C:42:DE:CB:2F:2C:3E:33:97:E1:85</FingerprintSHA1> + </CertificateDomain> + <CertificateDomain name="tizen-partner-operator"> + <FingerprintSHA1>74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E1</FingerprintSHA1> + <FingerprintSHA1>B0:5F:40:43:71:1F:11:BC:9A:6A:62:FA:DA:92:54:79:92:16:11:DF</FingerprintSHA1> + </CertificateDomain> + <CertificateDomain name="tizen-partner-manufacturer"> + <FingerprintSHA1>74:2C:31:92:E6:07:E4:24:EB:45:49:54:2B:E1:BB:C5:3E:61:74:E3</FingerprintSHA1> + <FingerprintSHA1>2A:74:E8:CF:9E:0F:C3:D9:80:48:8B:E7:86:F7:83:49:91:11:E1:E0</FingerprintSHA1> + </CertificateDomain> +</CertificateSet> diff --git a/tests/vcore/test-cases/config/fin_list.xsd b/tests/vcore/test-cases/config/fin_list.xsd new file mode 100644 index 0000000..b0fab23 --- /dev/null +++ b/tests/vcore/test-cases/config/fin_list.xsd @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="utf-8"?> +<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"> + +<xs:element name="CertificateSet" type="CertificateSetType" /> +<xs:complexType name="CertificateSetType"> + <xs:sequence> + <xs:element ref="CertificateDomain" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> +</xs:complexType> + +<xs:element name="CertificateDomain" type="CertificateDomainType" /> +<xs:complexType name="CertificateDomainType"> + <xs:sequence> + <xs:element ref="FingerprintSHA1" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> + <xs:attribute name="name" type="xs:string" use="required" /> +</xs:complexType> + +<xs:element name="FingerprintSHA1" type="xs:string"/> + +</xs:schema> diff --git a/tests/vcore/test-cases/keys/CAbundle.crt b/tests/vcore/test-cases/keys/CAbundle.crt new file mode 100644 index 0000000..4edaeda --- /dev/null +++ b/tests/vcore/test-cases/keys/CAbundle.crt @@ -0,0 +1,3677 @@ +-----BEGIN CERTIFICATE----- +MIIEuDCCA6CgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBtDELMAkGA1UEBhMCQlIx +EzARBgNVBAoTCklDUC1CcmFzaWwxPTA7BgNVBAsTNEluc3RpdHV0byBOYWNpb25h +bCBkZSBUZWNub2xvZ2lhIGRhIEluZm9ybWFjYW8gLSBJVEkxETAPBgNVBAcTCEJy +YXNpbGlhMQswCQYDVQQIEwJERjExMC8GA1UEAxMoQXV0b3JpZGFkZSBDZXJ0aWZp +Y2Fkb3JhIFJhaXogQnJhc2lsZWlyYTAeFw0wMTExMzAxMjU4MDBaFw0xMTExMzAy +MzU5MDBaMIG0MQswCQYDVQQGEwJCUjETMBEGA1UEChMKSUNQLUJyYXNpbDE9MDsG +A1UECxM0SW5zdGl0dXRvIE5hY2lvbmFsIGRlIFRlY25vbG9naWEgZGEgSW5mb3Jt +YWNhbyAtIElUSTERMA8GA1UEBxMIQnJhc2lsaWExCzAJBgNVBAgTAkRGMTEwLwYD +VQQDEyhBdXRvcmlkYWRlIENlcnRpZmljYWRvcmEgUmFpeiBCcmFzaWxlaXJhMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPMudwX/hvm+Uh2b/lQAcHVA +isamaLkWdkwP9/S/tOKIgRrL6Oy+ZIGlOUdd6uYtk9Ma/3pUpgcfNAj0vYm5gsyj +Qo9emsc+x6m4VWwk9iqMZSCK5EQkAq/Ut4n7KuLE1+gdftwdIgxfUsPt4CyNrY50 +QV57KM2UT8x5rrmzEjr7TICGpSUAl2gVqe6xaii+bmYR1QrmWaBSAG59LrkrjrYt +bRhFboUDe1DK+6T8s5L6k8c8okpbHpa9veMztDVC9sPJ60MWXh6anVKo1UcLcbUR +yEeNvZneVRKAAU6ouwdjDvwlsaKydFKwed0ToQ47bmUKgcm+wV3eTRk36UOnTwID +AQABo4HSMIHPME4GA1UdIARHMEUwQwYFYEwBAQAwOjA4BggrBgEFBQcCARYsaHR0 +cDovL2FjcmFpei5pY3BicmFzaWwuZ292LmJyL0RQQ2FjcmFpei5wZGYwPQYDVR0f +BDYwNDAyoDCgLoYsaHR0cDovL2FjcmFpei5pY3BicmFzaWwuZ292LmJyL0xDUmFj +cmFpei5jcmwwHQYDVR0OBBYEFIr68VeEERM1kEL6V0lUaQ2kxPA3MA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAZA5c1 +U/hgIh6OcgLAfiJgFWpvmDZWqlV30/bHFpj8iBobJSm5uDpt7TirYh1Uxe3fQaGl +YjJe+9zd+izPRbBqXPVQA34EXcwk4qpWuf1hHriWfdrx8AcqSqr6CuQFwSr75Fos +SzlwDADa70mT7wZjAmQhnZx2xJ6wfWlT9VQfS//JYeIc7Fue2JNLd00UOSMMaiK/ +t79enKNHEA2fupH3vEigf5Eh4bVAN5VohrTm6MY53x7XQZZr1ME7a55lFEnSeT0u +mlOAjR2mAbvSM5X5oSZNrmetdzyTj2flCM8CC7MLab0kkdngRIlUBGHF1/S5nmPb +K+9A46sd33oqK8n8 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIHPTCCBSWgAwIBAgIBADANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 +IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB +IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA +Y2FjZXJ0Lm9yZzAeFw0wMzAzMzAxMjI5NDlaFw0zMzAzMjkxMjI5NDlaMHkxEDAO +BgNVBAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEi +MCAGA1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJ +ARYSc3VwcG9ydEBjYWNlcnQub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAziLA4kZ97DYoB1CW8qAzQIxL8TtmPzHlawI229Z89vGIj053NgVBlfkJ +8BLPRoZzYLdufujAWGSuzbCtRRcMY/pnCujW0r8+55jE8Ez64AO7NV1sId6eINm6 +zWYyN3L69wj1x81YyY7nDl7qPv4coRQKFWyGhFtkZip6qUtTefWIonvuLwphK42y +fk1WpRPs6tqSnqxEQR5YYGUFZvjARL3LlPdCfgv3ZWiYUQXw8wWRBB0bF4LsyFe7 +w2t6iPGwcswlWyCR7BYCEo8y6RcYSNDHBS4CMEK4JZwFaz+qOqfrU0j36NK2B5jc +G8Y0f3/JHIJ6BVgrCFvzOKKrF11myZjXnhCLotLddJr3cQxyYN/Nb5gznZY0dj4k +epKwDpUeb+agRThHqtdB7Uq3EvbXG4OKDy7YCbZZ16oE/9KTfWgu3YtLq1i6L43q +laegw1SJpfvbi1EinbLDvhG+LJGGi5Z4rSDTii8aP8bQUWWHIbEZAWV/RRyH9XzQ +QUxPKZgh/TMfdQwEUfoZd9vUFBzugcMd9Zi3aQaRIt0AUMyBMawSB3s42mhb5ivU +fslfrejrckzzAeVLIL+aplfKkQABi6F1ITe1Yw1nPkZPcCBnzsXWWdsC4PDSy826 +YreQQejdIOQpvGQpQsgi3Hia/0PsmBsJUUtaWsJx8cTLc6nloQsCAwEAAaOCAc4w +ggHKMB0GA1UdDgQWBBQWtTIb1Mfz4OaO873SsDrusjkY0TCBowYDVR0jBIGbMIGY +gBQWtTIb1Mfz4OaO873SsDrusjkY0aF9pHsweTEQMA4GA1UEChMHUm9vdCBDQTEe +MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0 +IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy +dC5vcmeCAQAwDwYDVR0TAQH/BAUwAwEB/zAyBgNVHR8EKzApMCegJaAjhiFodHRw +czovL3d3dy5jYWNlcnQub3JnL3Jldm9rZS5jcmwwMAYJYIZIAYb4QgEEBCMWIWh0 +dHBzOi8vd3d3LmNhY2VydC5vcmcvcmV2b2tlLmNybDA0BglghkgBhvhCAQgEJxYl +aHR0cDovL3d3dy5jYWNlcnQub3JnL2luZGV4LnBocD9pZD0xMDBWBglghkgBhvhC +AQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg +b3ZlciB0byBodHRwOi8vd3d3LmNhY2VydC5vcmcwDQYJKoZIhvcNAQEEBQADggIB +ACjH7pyCArpcgBLKNQodgW+JapnM8mgPf6fhjViVPr3yBsOQWqy1YPaZQwGjiHCc +nWKdpIevZ1gNMDY75q1I08t0AoZxPuIrA2jxNGJARjtT6ij0rPtmlVOKTV39O9lg +18p5aTuxZZKmxoGCXJzN600BiqXfEVWqFcofN8CCmHBh22p8lqOOLlQ+TyGpkO/c +gr/c6EWtTZBzCDyUZbAEmXZ/4rzCahWqlwQ3JNgelE5tDlG+1sSPypZt90Pf6DBl +Jzt7u0NDY8RD97LsaMzhGY4i+5jhe1o+ATc7iwiwovOVThrLm82asduycPAtStvY +sONvRUgzEv/+PDIqVPfE94rwiCPCR/5kenHA0R6mY7AHfqQv0wGP3J8rtsYIqQ+T +SCX8Ev2fQtzzxD72V7DX3WnRBnc0CkvSyqD/HMaMyRa+xMwyN2hzXwj7UfdJUzYF +CpUCTPJ5GhD22Dp1nPMd8aINcGeGG7MW9S/lpOt5hvk9C8JzC6WZrG/8Z7jlLwum +GCSNe9FINSkYQKyTYOGWhlC0elnYjyELn8+CkcY7v2vcB5G5l1YjqrZslMZIBjzk +zk6q5PYvCdxTby78dOs6Y5nCpqyJvKeyRKANihDjbPIky/qbn3BHLt4Ui9SyIAmW +omTxJBzcoTWcFbLUvFUufQb1nA5V9FrWk9p2rSVzTMVD +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGCDCCA/CgAwIBAgIBATANBgkqhkiG9w0BAQQFADB5MRAwDgYDVQQKEwdSb290 +IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNB +IENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRA +Y2FjZXJ0Lm9yZzAeFw0wNTEwMTQwNzM2NTVaFw0zMzAzMjgwNzM2NTVaMFQxFDAS +BgNVBAoTC0NBY2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5v +cmcxHDAaBgNVBAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCrSTURSHzSJn5TlM9Dqd0o10Iqi/OHeBlYfA+e2ol9 +4fvrcpANdKGWZKufoCSZc9riVXbHF3v1BKxGuMO+f2SNEGwk82GcwPKQ+lHm9WkB +Y8MPVuJKQs/iRIwlKKjFeQl9RrmK8+nzNCkIReQcn8uUBByBqBSzmGXEQ+xOgo0J +0b2qW42S0OzekMV/CsLj6+YxWl50PpczWejDAz1gM7/30W9HxM3uYoNSbi4ImqTZ +FRiRpoWSR7CuSOtttyHshRpocjWr//AQXcD0lKdq1TuSfkyQBX6TwSyLpI5idBVx +bgtxA+qvFTia1NIFcm+M+SvrWnIl+TlG43IbPgTDZCciECqKT1inA62+tC4T7V2q +SNfVfdQqe1z6RgRQ5MwOQluM7dvyz/yWk+DbETZUYjQ4jwxgmzuXVjit89Jbi6Bb +6k6WuHzX1aCGcEDTkSm3ojyt9Yy7zxqSiuQ0e8DYbF/pCsLDpyCaWt8sXVJcukfV +m+8kKHA4IC/VfynAskEDaJLM4JzMl0tF7zoQCqtwOpiVcK01seqFK6QcgCExqa5g +eoAmSAC4AcCTY1UikTxW56/bOiXzjzFU6iaLgVn5odFTEcV7nQP2dBHgbbEsPyyG +kZlxmqZ3izRg0RS0LKydr4wQ05/EavhvE/xzWfdmQnQeiuP43NJvmJzLR5iVQAX7 +6QIDAQABo4G/MIG8MA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUHAQEEUTBPMCMG +CCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggrBgEFBQcwAoYc +aHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBBMD8GCCsGAQQB +gZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9yZy9pbmRleC5w +aHA/aWQ9MTAwDQYJKoZIhvcNAQEEBQADggIBAH8IiKHaGlBJ2on7oQhy84r3HsQ6 +tHlbIDCxRd7CXdNlafHCXVRUPIVfuXtCkcKZ/RtRm6tGpaEQU55tiKxzbiwzpvD0 +nuB1wT6IRanhZkP+VlrRekF490DaSjrxC1uluxYG5sLnk7mFTZdPsR44Q4Dvmw2M +77inYACHV30eRBzLI++bPJmdr7UpHEV5FpZNJ23xHGzDwlVks7wU4vOkHx4y/CcV +Bc/dLq4+gmF78CEQGPZE6lM5+dzQmiDgxrvgu1pPxJnIB721vaLbLmINQjRBvP+L +ivVRIqqIMADisNS8vmW61QNXeZvo3MhN+FDtkaVSKKKs+zZYPumUK5FQhxvWXtaM +zPcPEAxSTtAWYeXlCmy/F8dyRlecmPVsYGN6b165Ti/Iubm7aoW8mA3t+T6XhDSU +rgCvoeXnkm5OvfPi2RSLXNLrAWygF6UtEOucekq9ve7O/e0iQKtwOIj1CodqwqsF +YMlIBdpTwd5Ed2qz8zw87YC8pjhKKSRf/lk7myV6VmMAZLldpGJ9VzZPrYPvH5JT +oI53V93lYRE9IwCQTDz6o2CTBKOvNfYOao9PSmCnhQVsRqGP9Md246FZV/dxssRu +FFxtbUFm3xuTsdQAw+7Lzzw9IYCpX2Nl/N3gX6T0K/CFcUHUZyX7GrGXrtaZghNB +0m6lG5kngOcLqagA +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIESzCCAzOgAwIBAgIJAJigUTEEXRQpMA0GCSqGSIb3DQEBBQUAMHYxCzAJBgNV +BAYTAkRFMQ8wDQYDVQQIEwZIZXNzZW4xDjAMBgNVBAcTBUZ1bGRhMRAwDgYDVQQK +EwdEZWJjb25mMRMwEQYDVQQDEwpEZWJjb25mIENBMR8wHQYJKoZIhvcNAQkBFhBq +b2VyZ0BkZWJpYW4ub3JnMB4XDTA1MTEwNTE3NTUxNFoXDTE1MTEwMzE3NTUxNFow +djELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEOMAwGA1UEBxMFRnVsZGEx +EDAOBgNVBAoTB0RlYmNvbmYxEzARBgNVBAMTCkRlYmNvbmYgQ0ExHzAdBgkqhkiG +9w0BCQEWEGpvZXJnQGRlYmlhbi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCvbOo0SrIwI5IMlsshH8WF3dHB9r9JlSKhMPaybawa1EyvZspMQ3wa +F5qxNf3Sj+NElEmjseEqvCZiIIzqwerHu0Qw62cDYCdCd2+Wb5m0bPYB5CGHiyU1 +eNP0je42O0YeXG2BvUujN8AviocVo39X2YwNQ0ryy4OaqYgm2pRlbtT2ESbF+SfV +Y2iqQj/f8ymF+lHo/pz8tbAqxWcqaSiHFAVQJrdqtFhtoodoNiE3q76zJoUkZTXB +k60Yc3MJSnatZCpnsSBr/D7zpntl0THrUjjtdRWCjQVhqfhM1yZJV+ApbLdheFh0 +ZWlSxdnp25p0q0XYw/7G92ELyFDfBUUNAgMBAAGjgdswgdgwHQYDVR0OBBYEFMuV +dFNb4mCWUFbcP5LOtxFLrEVTMIGoBgNVHSMEgaAwgZ2AFMuVdFNb4mCWUFbcP5LO +txFLrEVToXqkeDB2MQswCQYDVQQGEwJERTEPMA0GA1UECBMGSGVzc2VuMQ4wDAYD +VQQHEwVGdWxkYTEQMA4GA1UEChMHRGViY29uZjETMBEGA1UEAxMKRGViY29uZiBD +QTEfMB0GCSqGSIb3DQEJARYQam9lcmdAZGViaWFuLm9yZ4IJAJigUTEEXRQpMAwG +A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAGZXxHg4mnkvilRIM1EQfGdY +S5b/WcyF2MYSTeTvK4aIB6VHwpZoZCnDGj2m2D3CkHT0upAD9o0zM1tdsfncLzV+ +mDT/jNmBtYo4QXx5vEPwvEIcgrWjwk7SyaEUhZjtolTkHB7ACl0oD0r71St4iEPR +qTUCEXk2E47bg1Fz58wNt/yo2+4iqiRjg1XCH4evkQuhpW+dTZnDyFNqwSYZapOE +TBA+9zBb6xD1KM2DdY7r4GiyYItN0BKLfuWbh9LXGbl1C+f4P11g+m2MPiavIeCe +1iazG5pcS3KoTLACsYlEX24TINtg4kcuS81XdllcnsV3Kdts0nIqPj6uhTTZD0k= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDvjCCA3ygAwIBAgIFJQaThoEwCwYHKoZIzjgEAwUAMIGFMQswCQYDVQQGEwJG +UjEPMA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczEQMA4GA1UEChMHUE0v +U0dETjEOMAwGA1UECxMFRENTU0kxDjAMBgNVBAMTBUlHQy9BMSMwIQYJKoZIhvcN +AQkBFhRpZ2NhQHNnZG4ucG0uZ291di5mcjAeFw0wMjEyMTMxNDM5MTVaFw0yMDEw +MTcxNDM5MTRaMIGFMQswCQYDVQQGEwJGUjEPMA0GA1UECBMGRnJhbmNlMQ4wDAYD +VQQHEwVQYXJpczEQMA4GA1UEChMHUE0vU0dETjEOMAwGA1UECxMFRENTU0kxDjAM +BgNVBAMTBUlHQy9BMSMwIQYJKoZIhvcNAQkBFhRpZ2NhQHNnZG4ucG0uZ291di5m +cjCCAbYwggErBgcqhkjOOAQBMIIBHgKBgQCFkMImdk9zDzJfTO4XPdAAmLbAdWws +ZiEMZh19RyTo3CyhFqO77OIXrwY6vc1pcc3MgWJ0dgQpAgrDMtmFFxpUu4gmjVsx +8GpxQC+4VOgLY8Cvmcd/UDzYg07EIRto8BwCpPJ/JfUxwzV2V3N713aAX+cEoKZ/ +s+kgxC6nZCA7oQIVALME/JYjkdW2uKIGngsEPbXAjdhDAoGADh/uqWJx94UBm31c +9d8ZTBfRGRnmSSRVFDgPWgA69JD4BR5da8tKz+1HjfMhDXljbMH86ixpD5Ka1Z0V +pRYUPbyAoB37tsmXMJY7kjyD19d5VdaZboUjVvhH6UJy5lpNNNGSvFl4fqkxyvw+ +pq1QV0N5RcvK120hlXdfHUX+YKYDgYQAAoGAQGr7IuKJcYIvJRMjxwl43KxXY2xC +aoCiM/bv117MfI94aNf1UusGhp7CbYAY9CXuL60P0oPMAajbaTE5Z34AuITeHq3Y +CNMHwxalip8BHqSSGmGiQsXeK7T+r1rPXsccZ1c5ikGDZ4xn5gUaCyy2rCmb+fOJ +6VAfCbAbAjmNKwejdzB1MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgFGMBUG +A1UdIAQOMAwwCgYIKoF6AXkBAQEwHQYDVR0OBBYEFPkeNRcUf8idzpKblYbLNxs0 +MQhSMB8GA1UdIwQYMBaAFPkeNRcUf8idzpKblYbLNxs0MQhSMAsGByqGSM44BAMF +AAMvADAsAhRVh+CJA5eVyEYU5AO9Tm7GxX0rmQIUBCqsU5u1WxoZ5lEXicDX5/Ob +sRQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEAjCCAuqgAwIBAgIFORFFEJQwDQYJKoZIhvcNAQEFBQAwgYUxCzAJBgNVBAYT +AkZSMQ8wDQYDVQQIEwZGcmFuY2UxDjAMBgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQ +TS9TR0ROMQ4wDAYDVQQLEwVEQ1NTSTEOMAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG +9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2LmZyMB4XDTAyMTIxMzE0MjkyM1oXDTIw +MTAxNzE0MjkyMlowgYUxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIEwZGcmFuY2UxDjAM +BgNVBAcTBVBhcmlzMRAwDgYDVQQKEwdQTS9TR0ROMQ4wDAYDVQQLEwVEQ1NTSTEO +MAwGA1UEAxMFSUdDL0ExIzAhBgkqhkiG9w0BCQEWFGlnY2FAc2dkbi5wbS5nb3V2 +LmZyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh/R0GLFMzvABIaI +s9z4iPf930Pfeo2aSVz2TqrMHLmh6yeJ8kbpO0px1R2OLc/mratjUMdUC24SyZA2 +xtgv2pGqaMVy/hcKshd+ebUyiHDKcMCWSo7kVc0dJ5S/znIq7Fz5cyD+vfcuiWe4 +u0dzEvfRNWk68gq5rv9GQkaiv6GFGvm/5P9JhfejcIYyHF2fYPepraX/z9E0+X1b +F8bc1g4oa8Ld8fUzaJ1O/Id8NhLWo4DoQw1VYZTqZDdH6nfK0LJYBcNdfrGoRpAx +Vs5wKpayMLh35nnAvSk7/ZR3TL0gzUEl4C7HG7vupARB0l2tEmqKm0f7yd1GQOGd +PDPQtQIDAQABo3cwdTAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBRjAVBgNV +HSAEDjAMMAoGCCqBegF5AQEBMB0GA1UdDgQWBBSjBS8YYFDCiQrdKyFP/45OqDAx +NjAfBgNVHSMEGDAWgBSjBS8YYFDCiQrdKyFP/45OqDAxNjANBgkqhkiG9w0BAQUF +AAOCAQEABdwm2Pp3FURo/C9mOnTgXeQp/wYHE4RKq89toB9RlPhJy3Q2FLwV3duJ +L92PoF189RLrn544pEfMs5bZvpwlqwN+Mw+VgQ39FuCIvjfwbF3QMZsyK10XZZOY +YLxuj7GoPB7ZHPOpJkL5ZB3C55L29B5aqhlSXa/oovdgoPaN8In1buAKBQGVyYsg +Crpa/JosPL3Dt8ldeCUFP1YUmwza+zpI/pdpXsoQhvdOlgQITeywvl3cO45Pwf2a +NjSaTFR+FwNIlQgRHAdvhQh+XU3Endv7rs6y0bO4g2wdsrN58dhwmX7wEwLOXt1R +0982gaEbeC9xs/FZTEYYKKuF0mBWWg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIRANAeQJAAAEZSAAAAAQAAAAQwDQYJKoZIhvcNAQEFBQAw +gYkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJEQzETMBEGA1UEBxMKV2FzaGluZ3Rv +bjEXMBUGA1UEChMOQUJBLkVDT00sIElOQy4xGTAXBgNVBAMTEEFCQS5FQ09NIFJv +b3QgQ0ExJDAiBgkqhkiG9w0BCQEWFWFkbWluQGRpZ3NpZ3RydXN0LmNvbTAeFw05 +OTA3MTIxNzMzNTNaFw0wOTA3MDkxNzMzNTNaMIGJMQswCQYDVQQGEwJVUzELMAkG +A1UECBMCREMxEzARBgNVBAcTCldhc2hpbmd0b24xFzAVBgNVBAoTDkFCQS5FQ09N +LCBJTkMuMRkwFwYDVQQDExBBQkEuRUNPTSBSb290IENBMSQwIgYJKoZIhvcNAQkB +FhVhZG1pbkBkaWdzaWd0cnVzdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCx0xHgeVVDBwhMywVCAOINg0Y95JO6tgbTDVm9PsHOQ2cBiiGo77zM +0KLMsFWWU4RmBQDaREmA2FQKpSWGlO1jVv9wbKOhGdJ4vmgqRF4vz8wYXke8OrFG +PR7wuSw0X4x8TAgpnUBV6zx9g9618PeKgw6hTLQ6pbNfWiKX7BmbwQVo/ea3qZGU +LOR4SCQaJRk665WcOQqKz0Ky8BzVX/tr7WhWezkscjiw7pOp03t3POtxA6k4ShZs +iSrK2jMTecJVjO2cu/LLWxD4LmE1xilMKtAqY9FlWbT4zfn0AIS2V0KFnTKo+SpU ++/94Qby9cSj0u5C8/5Y0BONFnqFGKECBAgMBAAGjFjAUMBIGA1UdEwEB/wQIMAYB +Af8CAQgwDQYJKoZIhvcNAQEFBQADggEBAARvJYbk5pYntNlCwNDJALF/VD6Hsm0k +qS8Kfv2kRLD4VAe9G52dyntQJHsRW0mjpr8SdNWJt7cvmGQlFLdh6X9ggGvTZOir +vRrWUfrAtF13Gn9kCF55xgVM8XrdTX3O5kh7VNJhkoHWG9YA8A6eKHegTYjHInYZ +w8eeG6Z3ePhfm1bR8PIXrI6dWeYf/le22V7hXZ9F7GFoGUHhsiAm/lowdiT/QHI8 +eZ98IkirRs3bs4Ysj78FQdPB4xTjQRcm0HyncUwZ6EoPclgxfexgeqMiKL0ZJGA/ +O4dzwGvky663qyVDslUte6sGDnVdNOVdc22esnVApVnJTzFxiNmIf1Q= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID5jCCAs6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMCVVMx +HTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNBbWVyaWNh +IE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIgUm9vdCBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyOTA2MDAwMFoXDTM3MTEyMDE1 +MDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBT0wgVGltZSBXYXJuZXIg +SW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUgSW5jLjE3MDUGA1UEAxMuQU9M +IFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnej8Mlo2k06AX3dLm/WpcZuS+U +0pPlLYnKhHw/EEMbjIt8hFj4JHxIzyr9wBXZGH6EGhfT257XyuTZ16pYUYfw8ItI +TuLCxFlpMGK2MKKMCxGZYTVtfu/FsRkGIBKOQuHfD5YQUqjPnF+VFNivO3ULMSAf +RC+iYkGzuxgh28pxPIzstrkNn+9R7017EvILDOGsQI93f7DKeHEMXRZxcKLXwjqF +zQ6axOAAsNUl6twr5JQtOJyJQVdkKGUZHLZEtMgxa44Be3ZZJX8VHIQIfHNlIAqh +BC4aMqiaILGcLCFZ5/vP7nAtCMpjPiybkxlqpMKX/7eGV4iFbJ4VFitNLLMCAwEA +AaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoTYwFsuGkABFgFOxj8jY +PXy+XxIwHwYDVR0jBBgwFoAUoTYwFsuGkABFgFOxj8jYPXy+XxIwDgYDVR0PAQH/ +BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IBAQCKIBilvrMvtKaEAEAwKfq0FHNMeUWn +9nDg6H5kHgqVfGphwu9OH77/yZkfB2FK4V1Mza3u0FIy2VkyvNp5ctZ7CegCgTXT +Ct8RHcl5oIBN/lrXVtbtDyqvpxh1MwzqwWEFT2qaifKNuZ8u77BfWgDrvq2g+EQF +Z7zLBO+eZMXpyD8Fv8YvBxzDNnGGyjhmSs3WuEvGbKeXO/oTLW4jYYehY0KswsuX +n2Fozy1MBJ3XJU8KDk2QixhWqJNIV9xvrr2eZ1d3iVCzvhGbRWeDhhmH05i9CBoW +H1iCC+GWaQVLjuyDUTEH1dSf/1l7qG6Fz9NLqUmwX7A5KGgOc90lmt4S +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF5jCCA86gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMCVVMx +HTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNBbWVyaWNh +IE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIgUm9vdCBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyOTA2MDAwMFoXDTM3MDkyODIz +NDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBT0wgVGltZSBXYXJuZXIg +SW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUgSW5jLjE3MDUGA1UEAxMuQU9M +IFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALQ3WggWmRToVbEbJGv8x4vmh6mJ +7ouZzU9AhqS2TcnZsdw8TQ2FTBVsRotSeJ/4I/1n9SQ6aF3Q92RhQVSji6UI0ilb +m2BPJoPRYxJWSXakFsKlnUWsi4SVqBax7J/qJBrvuVdcmiQhLE0OcR+mrF1FdAOY +xFSMFkpBd4aVdQxHAWZg/BXxD+r1FHjHDtdugRxev17nOirYlxcwfACtCJ0zr7iZ +YYCLqJV+FNwSbKTQ2O9ASQI2+W6p1h2WVgSysy0WVoaP2SBXgM1nEG2wTPDaRrbq +JS5Gr42whTg0ixQmgiusrpkLjhTXUr2eacOGAgvqdnUxCc4zGSGFQ+aJLZ8lN2fx +I2rSAG2X+Z/nKcrdH9cG6rjJuQkhn8g/BsXS6RJGAE57COtCPStIbp1n3UsC5ETz +kxmlJ85per5n0/xQpCyrw2u544BMzwVhSyvcG7mm0tCq9Stz+86QNZ8MUhy/XCFh +EVsVS6kkUfykXPcXnbDS+gfpj1bkGoxoigTTfFrjnqKhynFbotSg5ymFXQNoKk/S +Btc9+cMDLz9l+WceR0DTYw/j1Y75hauXTLPXJuuWCpTehTacyH+BCQJJKg71ZDIM +gtG6aoIbs0t0EfOMd9afv9w3pKdVBC/UMejTRrkDfNoSTllkt1ExMVCgyhwn2RAu +rda9EGYrw7AiShJbAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE +FE9pbQN+nZ8HGEO8txBO1b+pxCAoMB8GA1UdIwQYMBaAFE9pbQN+nZ8HGEO8txBO +1b+pxCAoMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAO/Ouyugu +h4X7ZVnnrREUpVe8WJ8kEle7+z802u6teio0cnAxa8cZmIDJgt43d15Ui47y6mdP +yXSEkVYJ1eV6moG2gcKtNuTxVBFT8zRFASbI5Rq8NEQh3q0l/HYWdyGQgJhXnU7q +7C+qPBR7V8F+GBRn7iTGvboVsNIYvbdVgaxTwOjdaRITQrcCtQVBynlQboIOcXKT +RuidDV29rs4prWPVVRaAMCf/drr3uNZK49m1+VLQTkCpx+XCMseqdiThawVQ68W/ +ClTluUI8JPu3B5wwn3la5uBAUhX0/Kr0VvlEl4ftDmVyXr4m+02kLQgH3thcoNyB +M5kYJRF3p+v9WAksmWsbivNSPxpNSGDxoPYzAlOL7SUJuA0t7Zdz7NeWH45gDtoQ +my8YJPamTQr5O8t1wswvziRpyQoijlmn94IM19drNZxDAGrElWe6nEXLuA4399xO +AU++CrYD062KRffaJ00psUjf5BHklka9bAI+1lHIlRcBFanyqqryvy9lG2/QuRqT +9Y41xICHPpQvZuTpqP9BnHAqTyo5GJUefvthATxRCC4oGKQWDzH9OmwjkyB24f0H +hdFbP9IcczLd+rn4jM8Ch3qaluTtT4mNU0OrDhPAARW0eTjb/G49nlG2uBOLZ8/5 +fNkiHfZdxRwBL5joeiQYvITX+txyW/fBOmg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs +IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 +MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux +FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h +bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt +H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 +uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX +mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX +a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN +E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 +WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD +VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 +Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU +cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx +IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN +AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH +YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 +6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC +Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX +c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a +mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3 +b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwHhcNMDAwNTMw +MTAzODMxWhcNMjAwNTMwMTAzODMxWjBlMQswCQYDVQQGEwJTRTEUMBIGA1UEChML +QWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYD +VQQDExhBZGRUcnVzdCBDbGFzcyAxIENBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQCWltQhSWDia+hBBwzexODcEyPNwTXH+9ZOEQpnXvUGW2ul +CDtbKRY654eyNAbFvAWlA3yCyykQruGIgb3WntP+LVbBFc7jJp0VLhD7Bo8wBN6n +tGO0/7Gcrjyvd7ZWxbWroulpOj0OM3kyP3CCkplhbY0wCI9xP6ZIVxn4JdxLZlyl +dI+Yrsj5wAYi56xz36Uu+1LcsRVlIPo1Zmne3yzxbrww2ywkEtvrNTVokMsAsJch +PXQhI2U0K7t4WaPW4XY5mqRJjox0r26kmqPZm9I4XJuiGMx1I4S+6+JNM3GOGvDC ++Mcdoq0Dlyz4zyXG9rgkMbFjXZJ/Y/AlyVMuH79NAgMBAAGjgdIwgc8wHQYDVR0O +BBYEFJWxtPCUtr3H2tERCSG+wa9J/RB7MAsGA1UdDwQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MIGPBgNVHSMEgYcwgYSAFJWxtPCUtr3H2tERCSG+wa9J/RB7oWmkZzBl +MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFk +ZFRydXN0IFRUUCBOZXR3b3JrMSEwHwYDVQQDExhBZGRUcnVzdCBDbGFzcyAxIENB +IFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBACxtZBsfzQ3duQH6lmM0MkhHma6X +7f1yFqZzR1r0693p9db7RcwpiURdv0Y5PejuvE1Uhh4dbOMXJ0PhiVYrqW9yTkkz +43J8KiOavD7/KCrto/8cI7pDVwlnTUtiBi34/2ydYB7YHEt9tTEv2dB8Xfjea4MY +eDdXL+gzB2ffHsdrKpV2ro9Xo/D0UrSpUwjP4E/TelOL/bscVjby/rK25Xa71SJl +pz/+0WatC7xrmYbvP33zGDLKe8bjq2RGlfgmadlVg3sslgf/WSxEo8bl6ancoWOA +WiFeIc9TVPC6b4nbqKqVz4vjccweGyBECMB6tkD9xOQ14R0WHNC8K47Wcdk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEFTCCAv2gAwIBAgIBATANBgkqhkiG9w0BAQUFADBkMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3 +b3JrMSAwHgYDVQQDExdBZGRUcnVzdCBQdWJsaWMgQ0EgUm9vdDAeFw0wMDA1MzAx +MDQxNTBaFw0yMDA1MzAxMDQxNTBaMGQxCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtB +ZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIDAeBgNV +BAMTF0FkZFRydXN0IFB1YmxpYyBDQSBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA6Rowj4OIFMEg2Dybjxt+A3S72mnTRqX4jsIMEZBRpS9mVEBV +6tsfSlbunyNu9DnLoblv8n75XYcmYZ4c+OLspoH4IcUkzBEMP9smcnrHAZcHF/nX +GCwwfQ56HmIexkvA/X1id9NEHif2P0tEs7c42TkfYNVRknMDtABp4/MUTu7R3AnP +dzRGULD4EfL+OHn3Bzn+UZKXC1sIXzSGAa2Il+tmzV7R/9x98oTaunet3IAIx6eH +1lWfl2royBFkuucZKT8Rs3iQhCBSWxHveNCD9tVIkNAwHM+A+WD+eeSI8t0A65RF +62WUaUC6wNW0uLp9BBGo6zEFlpROWCGOn9Bg/QIDAQABo4HRMIHOMB0GA1UdDgQW +BBSBPjfYkrAfd59ctKtzquf2NGAv+jALBgNVHQ8EBAMCAQYwDwYDVR0TAQH/BAUw +AwEB/zCBjgYDVR0jBIGGMIGDgBSBPjfYkrAfd59ctKtzquf2NGAv+qFopGYwZDEL +MAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQLExRBZGRU +cnVzdCBUVFAgTmV0d29yazEgMB4GA1UEAxMXQWRkVHJ1c3QgUHVibGljIENBIFJv +b3SCAQEwDQYJKoZIhvcNAQEFBQADggEBAAP3FUr4JNojVhaTdt02KLmuG7jD8WS6 +IBh4lSknVwW8fCr0uVFV2ocC3g8WFzH4qnkuCRO7r7IgGRLlk/lL+YPoRNWyQSW/ +iHVv/xD8SlTQX/D67zZzfRs2RcYhbbQVuE7PnFylPVoAjgbjPGsye/Kf8Lb93/Ao +GEjwxrzQvzSAlsJKsW2Ox5BF3i9nrEUEo3rcVZLJR2bYGozH7ZxOmuASu7VqTITh +4SINhwBk/ox9Yjllpu9CtoAlEmEBqCQTcAARJl/6NVDFSMwGR+gn2HCNX2TmoUQm +XiLsks3/QppEIW1cxeMiHV9HEufOX1362KqxMy3ZdvJOOjMMK7MtkAY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEHjCCAwagAwIBAgIBATANBgkqhkiG9w0BAQUFADBnMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxHTAbBgNVBAsTFEFkZFRydXN0IFRUUCBOZXR3 +b3JrMSMwIQYDVQQDExpBZGRUcnVzdCBRdWFsaWZpZWQgQ0EgUm9vdDAeFw0wMDA1 +MzAxMDQ0NTBaFw0yMDA1MzAxMDQ0NTBaMGcxCzAJBgNVBAYTAlNFMRQwEgYDVQQK +EwtBZGRUcnVzdCBBQjEdMBsGA1UECxMUQWRkVHJ1c3QgVFRQIE5ldHdvcmsxIzAh +BgNVBAMTGkFkZFRydXN0IFF1YWxpZmllZCBDQSBSb290MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA5B6a/twJWoekn0e+EV+vhDTbYjx5eLfpMLXsDBwq +xBb/4Oxx64r1EW7tTw2R0hIYLUkVAcKkIhPHEWT/IhKauY5cLwjPcWqzZwFZ8V1G +87B4pfYOQnrjfxvM0PC3KP0q6p6zsLkEqv32x7SxuCqg+1jxGaBvcCV+PmlKfw8i +2O+tCBGaKZnhqkRFmhJePp1tUvznoD1oL/BLcHwTOK28FSXx1s6rosAx1i+f4P8U +WfyEk9mHfExUE+uf0S0R+Bg6Ot4l2ffTQO2kBhLEO+GRwVY18BTcZTYJbqukB8c1 +0cIDMzZbdSZtQvESa0NvS3GU+jQd7RNuyoB/mC9suWXY6QIDAQABo4HUMIHRMB0G +A1UdDgQWBBQ5lYtii1zJ1IC6WA+XPxUIQ8yYpzALBgNVHQ8EBAMCAQYwDwYDVR0T +AQH/BAUwAwEB/zCBkQYDVR0jBIGJMIGGgBQ5lYtii1zJ1IC6WA+XPxUIQ8yYp6Fr +pGkwZzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMR0wGwYDVQQL +ExRBZGRUcnVzdCBUVFAgTmV0d29yazEjMCEGA1UEAxMaQWRkVHJ1c3QgUXVhbGlm +aWVkIENBIFJvb3SCAQEwDQYJKoZIhvcNAQEFBQADggEBABmrder4i2VhlRO6aQTv +hsoToMeqT2QbPxj2qC0sVY8FtzDqQmodwCVRLae/DLPt7wh/bDxGGuoYQ992zPlm +hpwsaPXpF/gxsxjE1kh9I0xowX67ARRvxdlu3rsEQmr49lx95dr6h+sNNVJn0J6X +dgWTP5XHAeZpVTh/EGGZyeNfpso+gmNIquIISD6q8rKFYqa0p9m9N5xotS1WfbC3 +P6CxB9bpT9zeRXEwMn8bLgn5v1Kh7sKAPgZcLlVAwRv1cEWw3F369nJad9Jjzc9Y +iQBCYz95OdBEsIJuQRno3eDBiFrRHnGTHyQwdOUeqN48Jzd/g66ed8/wMLH/S5no +xqE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc +MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP +bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyODA2 +MDAwMFoXDTM3MTExOTIwNDMwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft +ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg +Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKgv6KRpBgNHw+kqmP8ZonCaxlCyfqXfaE0bfA+2l2h9LaaLl+lk +hsmj76CGv2BlnEtUiMJIxUo5vxTjWVXlGbR0yLQFOVwWpeKVBeASrlmLojNoWBym +1BW32J/X3HGrfpq/m44zDyL9Hy7nBzbvYjnF3cu6JRQj3gzGPTzOggjmZj7aUTsW +OqMFf6Dch9Wc/HKpoH145LcxVR5lu9RhsCFg7RAycsWSJR74kEoYeEfffjA3PlAb +2xzTa5qGUwew76wGePiEmf4hjUyAtgyC9mZweRrTT6PP8c9GsEsPPt2IYriMqQko +O3rHl+Ee5fSfwMCuJKDIodkP1nsmgmkyPacCAwEAAaNjMGEwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUAK3Zo/Z59m50qX8zPYEX10zPM94wHwYDVR0jBBgwFoAU +AK3Zo/Z59m50qX8zPYEX10zPM94wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB +BQUAA4IBAQB8itEfGDeC4Liwo+1WlchiYZwFos3CYiZhzRAW18y0ZTTQEYqtqKkF +Zu90821fnZmv9ov761KyBZiibyrFVL0lvV+uyIbqRizBs73B6UlwGBaXCBOMIOAb +LjpHyx7kADCVW/RFo8AasAFOq73AI25jP4BKxQft3OJvx8Fi8eNy1gTIdGcL+oir +oQHIb/AUr9KZzVGTfu0uOMe9zkZQPXLjeSWdm4grECDdpbgyn43gKd8hdIaC2y+C +MMbHNYaz+ZZfRtsMRf3zUMNvxsNIrUam4SdHCh0Om7bCd39j8uB9Gr784N/Xx6ds +sPmuujz9dLQR6FgNgLzTqIA6me11zEZ7 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFpDCCA4ygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc +MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP +bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyODA2 +MDAwMFoXDTM3MDkyOTE0MDgwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft +ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg +Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIP +ADCCAgoCggIBAMxBRR3pPU0Q9oyxQcngXssNt79Hc9PwVU3dxgz6sWYFas14tNwC +206B89enfHG8dWOgXeMHDEjsJcQDIPT/DjsS/5uN4cbVG7RtIuOx238hZK+GvFci +KtZHgVdEglZTvYYUAQv8f3SkWq7xuhG1m1hagLQ3eAkzfDJHA1zEpYNI9FdWboE2 +JxhP7JsowtS013wMPgwr38oE18aO6lhOqKSlGBxsRZijQdEt0sdtjRnxrXm3gT+9 +BoInLRBYBbV4Bbkv2wxrkJB+FFk4u5QkE+XRnRTf04JNRvCAOVIyD+OEsnpD8l7e +Xz8d3eOyG6ChKiMDbi4BFYdcpnV1x5dhvt6G3NRI270qv0pV2uh9UPu0gBe4lL8B +PeraunzgWGcXuVjgiIZGZ2ydEEdYMtA1fHkqkKJaEBEjNa0vzORKW6fIJ/KD3l67 +Xnfn6KVuY8INXWHQjNJsWiEOyiijzirplcdIz5ZvHZIlyMbGwcEMBawmxNJ10uEq +Z8A9W6Wa6897GqidFEXlD6CaZd4vKL3Ob5Rmg0gp2OpljK+T2WSfVVcmv2/LNzGZ +o2C7HK2JNDJiuEMhBnIMoVxtRsX6Kc8w3onccVvdtjc+31D1uAclJuW8tf48ArO3 ++L5DwYcRlJ4jbBeKuIonDFRH8KmzwICMoCfrHRnjB453cMor9H124HhnAgMBAAGj +YzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFE1FwWg4u3OpaaEg5+31IqEj +FNeeMB8GA1UdIwQYMBaAFE1FwWg4u3OpaaEg5+31IqEjFNeeMA4GA1UdDwEB/wQE +AwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAZ2sGuV9FOypLM7PmG2tZTiLMubekJcmn +xPBUlgtk87FYT15R/LKXeydlwuXK5w0MJXti4/qftIe3RUavg6WXSIylvfEWK5t2 +LHo1YGwRgJfMqZJS5ivmae2p+DYtLHe/YUjRYwu5W1LtGLBDQiKmsXeu3mnFzccc +obGlHBD7GL4acN3Bkku+KVqdPzW+5X1R+FXgJXUjhx5c3LqdsKyzadsXg8n33gy8 +CNyRnqjQ1xU3c6U1uPx+xURABsPr+CKAXEfOAuMRn0T//ZoyzH1kUQ7rVyZ2OuMe +IjzCpjbdGe+n/BLzJsBZMYVMnNjP36TMzCmT/5RtdlwTCJfy7aULTd3oyWgOZtMA +DjMSW7yV5TKQqLPGbIOtd+6Lfn6xqavT4fG2wLHqiMDn05DpKJKUe2h7lyoKZy2F +AjgQ5ANh1NolNscIWC2hp1GvMApJ9aZphwctREZ2jirlmjvXGKL8nDgQzMY70rUX +Om/9riW99XJZZLF0KjhfGEzfz3EEWjbUvy+ZnOjZurGV5gJLIaFb1cFPj65pbVPb +AZO1XB4Y3WRayhgoPmMEEf0cjQAPuDffZ4qdZqkCapH/E8ovXYO8h5Ns3CRRFgQl +Zvqz2cK6Kb6aSDiCmfS/O0oxGfm/jiEzFMpPVF/7zvuPcX/9XhmgD0uRuMRUvAaw +RY8mkaKO/qk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ +RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD +VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX +DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y +ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy +VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr +mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr +IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK +mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu +XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy +dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye +jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 +BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 +DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 +9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx +jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 +Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz +ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS +R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB +gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV +BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw +MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl +YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P +RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 +UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI +2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 +Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp ++2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ +DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O +nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW +/zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g +PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u +QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY +SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv +IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ +RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4 +zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd +BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB +ZQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT +IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw +MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy +ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N +T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR +FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J +cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW +BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm +fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv +GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEn +MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL +ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMg +b2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAxNjEzNDNaFw0zNzA5MzAxNjEzNDRa +MH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZpcm1hIFNBIENJRiBB +ODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3JnMSIw +IAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0B +AQEFAAOCAQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtb +unXF/KGIJPov7coISjlUxFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0d +BmpAPrMMhe5cG3nCYsS4No41XQEMIwRHNaqbYE6gZj3LJgqcQKH0XZi/caulAGgq +7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jWDA+wWFjbw2Y3npuRVDM3 +0pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFVd9oKDMyX +roDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIG +A1UdEwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5j +aGFtYmVyc2lnbi5vcmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p +26EpW1eLTXYGduHRooowDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIA +BzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hhbWJlcnNpZ24ub3JnMCcGA1Ud +EgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYDVR0gBFEwTzBN +BgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz +aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEB +AAxBl8IahsAifJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZd +p0AJPaxJRUXcLo0waLIJuvvDL8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi +1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wNUPf6s+xCX6ndbcj0dc97wXImsQEc +XCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/nADydb47kMgkdTXg0 +eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1erfu +tGWaIZDgqtCYvDi1czyL+Nw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEn +MCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQL +ExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENo +YW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYxNDE4WhcNMzcwOTMwMTYxNDE4WjB9 +MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgy +NzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEgMB4G +A1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUA +A4IBDQAwggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0 +Mi+ITaFgCPS3CU6gSS9J1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/s +QJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8Oby4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpV +eAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl6DJWk0aJqCWKZQbua795 +B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c8lCrEqWh +z0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0T +AQH/BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1i +ZXJzaWduLm9yZy9jaGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4w +TcbOX60Qq+UDpfqpFDAOBgNVHQ8BAf8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAH +MCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBjaGFtYmVyc2lnbi5vcmcwKgYD +VR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9yZzBbBgNVHSAE +VDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh +bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0B +AQUFAAOCAQEAPDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUM +bKGKfKX0j//U2K0X1S0E0T9YgOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXi +ryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJPJ7oKXqJ1/6v/2j1pReQvayZzKWG +VwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4IBHNfTIzSJRUTN3c +ecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREest2d/ +AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAw +PTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFz +cyAyIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9 +MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNz +IDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxQ +ltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR5aiR +VhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyL +kcAbmXuZVg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCd +EgETjdyAYveVqUSISnFOYFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yas +H7WLO7dDWWuwJKZtkIvEcupdM5i3y95ee++U8Rs+yskhwcWYAqqi9lt3m/V+llU0 +HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1Ud +DwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJYIZIAYb4 +QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMu +Y29tL0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/ +AN9WM2K191EBkOvDP9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8 +yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMR +FcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW2ikbhiMA +ybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB +kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7 +l7+ijrRU +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBM +MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD +QTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBM +MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD +QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6xwS7TT3zNJc4YPk/E +jG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdLkKWo +ePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GI +ULdtlkIJ89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapu +Ob7kky/ZR6By6/qmW6/KUz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUg +AKpoC6EahQGcxEZjgoi2IrHu/qpGWX7PNSzVttpd90gzFFS269lvzs2I1qsb2pY7 +HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEA +uI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+GXYkHAQa +TOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTg +xSvgGrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1q +CjqTE5s7FCMTY5w/0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5x +O/fIR/RpbxXyEV6DHpx8Uq79AtoSqFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs +6GAqm4VKQPNriiTsBhYscw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb +MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow +GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj +YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM +GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua +BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe +3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 +YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR +rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm +ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU +oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF +MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v +QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t +b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF +AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q +GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz +Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 +G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi +l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 +smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEPzCCAyegAwIBAgIBATANBgkqhkiG9w0BAQUFADB+MQswCQYDVQQGEwJHQjEb +MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow +GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEkMCIGA1UEAwwbU2VjdXJlIENlcnRp +ZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVow +fjELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxJDAiBgNV +BAMMG1NlY3VyZSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAMBxM4KK0HDrc4eCQNUd5MvJDkKQ+d40uaG6EfQlhfPM +cm3ye5drswfxdySRXyWP9nQ95IDC+DwN879A6vfIUtFyb+/Iq0G4bi4XKpVpDM3S +HpR7LZQdqnXXs5jLrLxkU0C8j6ysNstcrbvd4JQX7NFc0L/vpZXJkMWwrPsbQ996 +CF23uPJAGysnnlDOXmWCiIxe004MeuoIkbY2qitC++rCoznl2yY4rYsK7hljxxwk +3wN42ubqwUcaCwtGCd0C/N7Lh1/XMGNooa7cMqG6vv5Eq2i2pRcV/b3Vp6ea5EQz +6YiO/O1R65NxTq0B50SOqy3LqP4BSUjwwN3HaNiS/j0CAwEAAaOBxzCBxDAdBgNV +HQ4EFgQUPNiTiMLAggnMAZkGkyDpnnAJY08wDgYDVR0PAQH/BAQDAgEGMA8GA1Ud +EwEB/wQFMAMBAf8wgYEGA1UdHwR6MHgwO6A5oDeGNWh0dHA6Ly9jcmwuY29tb2Rv +Y2EuY29tL1NlY3VyZUNlcnRpZmljYXRlU2VydmljZXMuY3JsMDmgN6A1hjNodHRw +Oi8vY3JsLmNvbW9kby5uZXQvU2VjdXJlQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmww +DQYJKoZIhvcNAQEFBQADggEBAIcBbSMdflsXfcFhMs+P5/OKlFlm4J4oqF7Tt/Q0 +5qo5spcWxYJvMqTpjOev/e/C6LlLqqP05tqNZSH7uoDrJiiFGv45jN5bBAS0VPmj +Z55B+glSzAVIqMk/IQQezkhr/IXownuvf7fM+F86/TXGDe+X3EyrEeFryzHRbPtI +gKvcnDe4IRRLDXE97IMzbtFuMhbsmMcWi1mmNKsFVy2T96oTy9IT4rcuO81rUBcJ +aD61JlfutuC23bkpgHl9j6PwpCikFcSF9CfUa7/lXORlAnZUtOM3ZiTTGWHIUhDl +izeauan5Hb/qmZJhlv8BzaFfDbxxvA6sCx1HRR3B7Hzs/Sk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEQzCCAyugAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJHQjEb +MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow +GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDElMCMGA1UEAwwcVHJ1c3RlZCBDZXJ0 +aWZpY2F0ZSBTZXJ2aWNlczAeFw0wNDAxMDEwMDAwMDBaFw0yODEyMzEyMzU5NTla +MH8xCzAJBgNVBAYTAkdCMRswGQYDVQQIDBJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO +BgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9kbyBDQSBMaW1pdGVkMSUwIwYD +VQQDDBxUcnVzdGVkIENlcnRpZmljYXRlIFNlcnZpY2VzMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA33FvNlhTWvI2VFeAxHQIIO0Yfyod5jWaHiWsnOWW +fnJSoBVC21ndZHoa0Lh73TkVvFVIxO06AOoxEbrycXQaZ7jPM8yoMa+j49d/vzMt +TGo87IvDktJTdyR0nAducPy9C1t2ul/y/9c3S0pgePfw+spwtOpZqqPOSC+pw7IL +fhdyFgymBwwbOM/JYrc/oJOlh0Hyt3BAd9i+FHzjqMB6juljatEPmsbS9Is6FARW +1O24zG71++IsWL1/T2sr92AkWCTOJu80kTrV44HQsvAEAtdbtz6SrGsSivnkBbA7 +kUlcsutT6vifR4buv5XAwAaf0lteERv0xwQ1KdJVXOTt6wIDAQABo4HJMIHGMB0G +A1UdDgQWBBTFe1i97doladL3WRaoszLAeydb9DAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zCBgwYDVR0fBHwwejA8oDqgOIY2aHR0cDovL2NybC5jb21v +ZG9jYS5jb20vVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMuY3JsMDqgOKA2hjRo +dHRwOi8vY3JsLmNvbW9kby5uZXQvVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMu +Y3JsMA0GCSqGSIb3DQEBBQUAA4IBAQDIk4E7ibSvuIQSTI3S8NtwuleGFTQQuS9/ +HrCoiWChisJ3DFBKmwCL2Iv0QeLQg4pKHBQGsKNoBXAxMKdTmw7pSqBYaWcOrp32 +pSxBvzwGa+RZzG0Q8ZZvH9/0BAKkn0U+yNj6NkZEUD+Cl5EfKNsYEYwq5GWDVxIS +jBc/lDb+XbDABHcTuPQV1T84zJQ6VdCsmPW6AF/ghhmBeC8owH7TzEIK9a5QoNE+ +xqFx7D+gIIxmOom0jtTYsU0lR+4viMi14QVFwL4Ucd56/Y57fU0IlqUSc/Atyjcn +dBInTMu2l+nZrghtWjlA3QVHdWpaIbOjGM9O9y5Xt5hwXsjEeLBi +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIECTCCAvGgAwIBAgIQDV6ZCtadt3js2AdWO4YV2TANBgkqhkiG9w0BAQUFADBb +MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3Qx +ETAPBgNVBAsTCERTVCBBQ0VTMRcwFQYDVQQDEw5EU1QgQUNFUyBDQSBYNjAeFw0w +MzExMjAyMTE5NThaFw0xNzExMjAyMTE5NThaMFsxCzAJBgNVBAYTAlVTMSAwHgYD +VQQKExdEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdDERMA8GA1UECxMIRFNUIEFDRVMx +FzAVBgNVBAMTDkRTVCBBQ0VTIENBIFg2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAuT31LMmU3HWKlV1j6IR3dma5WZFcRt2SPp/5DgO0PWGSvSMmtWPu +ktKe1jzIDZBfZIGxqAgNTNj50wUoUrQBJcWVHAx+PhCEdc/BGZFjz+iokYi5Q1K7 +gLFViYsx+tC3dr5BPTCapCIlF3PoHuLTrCq9Wzgh1SpL11V94zpVvddtawJXa+ZH +fAjIgrrep4c9oW24MFbCswKBXy314powGCi4ZtPLAZZv6opFVdbgnf9nKxcCpk4a +ahELfrd755jWjHZvwTvbUJN+5dCOHze4vbrGn2zpfDPyMjwmR/onJALJfh1biEIT +ajV8fTXpLmaRcpPVMibEdPVTo7NdmvYJywIDAQABo4HIMIHFMA8GA1UdEwEB/wQF +MAMBAf8wDgYDVR0PAQH/BAQDAgHGMB8GA1UdEQQYMBaBFHBraS1vcHNAdHJ1c3Rk +c3QuY29tMGIGA1UdIARbMFkwVwYKYIZIAWUDAgEBATBJMEcGCCsGAQUFBwIBFjto +dHRwOi8vd3d3LnRydXN0ZHN0LmNvbS9jZXJ0aWZpY2F0ZXMvcG9saWN5L0FDRVMt +aW5kZXguaHRtbDAdBgNVHQ4EFgQUCXIGThhDD+XWzMNqizF7eI+og7gwDQYJKoZI +hvcNAQEFBQADggEBAKPYjtay284F5zLNAdMEA+V25FYrnJmQ6AgwbN99Pe7lv7Uk +QIRJ4dEorsTCOlMwiPH1d25Ryvr/ma8kXxug/fKshMrfqfBfBC6tFr8hlxCBPeP/ +h40y3JTlR4peahPJlJU90u7INJXQgNStMgiAVDzgvVJT11J8smk/f3rPanTK+gQq +nExaBqXpIK1FZg9p8d2/6eMyi/rgwYZNcjwu2JN4Cir42NInPRmJX1p7ijvMDNpR +rscL9yuwNwXsvFcj4jjSm2jzVhKIT0J8uDHEtdvkyCE06UgRNe76x5JXxZ805Mf2 +9w4LTJxoeHtxMcfrHuBnQfO3oKfN5XozNmr6mis= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ +MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT +DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow +PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD +Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O +rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq +OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b +xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw +7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD +aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG +SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 +ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr +AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz +R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 +JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo +Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl +cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c +JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP +mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+ +wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4 +VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/ +AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB +AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun +pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC +dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf +fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm +NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx +H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe ++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD +QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB +CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97 +nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt +43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P +T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4 +gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR +TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw +DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr +hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg +06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF +PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls +YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk +CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j +ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 +LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug +RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm ++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW +PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM +xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB +Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 +hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg +EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA +FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec +nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z +eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF +hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 +Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe +vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep ++OkuE6N36B9K +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFijCCA3KgAwIBAgIQDHbanJEMTiye/hXQWJM8TDANBgkqhkiG9w0BAQUFADBf +MQswCQYDVQQGEwJOTDESMBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdp +Tm90YXIgUm9vdCBDQTEgMB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmww +HhcNMDcwNTE2MTcxOTM2WhcNMjUwMzMxMTgxOTIxWjBfMQswCQYDVQQGEwJOTDES +MBAGA1UEChMJRGlnaU5vdGFyMRowGAYDVQQDExFEaWdpTm90YXIgUm9vdCBDQTEg +MB4GCSqGSIb3DQEJARYRaW5mb0BkaWdpbm90YXIubmwwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCssFjBAL3YIQgLK5r+blYwBZ8bd5AQQVzDDYcRd46B +8cp86Yxq7Th0Nbva3/m7wAk3tJZzgX0zGpg595NvlX89ubF1h7pRSOiLcD6VBMXY +tsMW2YiwsYcdcNqGtA8Ui3rPENF0NqISe3eGSnnme98CEWilToauNFibJBN4ViIl +HgGLS1Fx+4LMWZZpiFpoU8W5DQI3y0u8ZkqQfioLBQftFl9VkHXYRskbg+IIvvEj +zJkd1ioPgyAVWCeCLvriIsJJsbkBgWqdbZ1Ad2h2TiEqbYRAhU52mXyC8/O3AlnU +JgEbjt+tUwbRrhjd4rI6y9eIOI6sWym5GdOY+RgDz0iChmYLG2kPyes4iHomGgVM +ktck1JbyrFIto0fVUvY//s6EBnCmqj6i8rZWNBhXouSBbefK8GrTx5FrAoNBfBXv +a5pkXuPQPOWx63tdhvvL5ndJzaNl3Pe5nLjkC1+Tz8wwGjIczhxjlaX56uF0i57p +K6kwe6AYHw4YC+VbqdPRbB4HZ4+RS6mKvNJmqpMBiLKR+jFc1abBUggJzQpjotMi +puih2TkGl/VujQKQjBR7P4DNG5y6xFhyI6+2Vp/GekIzKQc/gsnmHwUNzUwoNovT +yD4cxojvXu6JZOkd69qJfjKmadHdzIif0dDJZiHcBmfFlHqabWJMfczgZICynkeO +owIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV +HQ4EFgQUiGi/4I41xDs4a2L3KDuEgcgM100wDQYJKoZIhvcNAQEFBQADggIBADsC +jcs8MOhuoK3yc7NfniUTBAXT9uOLuwt5zlPe5JbF0a9zvNXD0EBVfEB/zRtfCdXy +fJ9oHbtdzno5wozWmHvFg1Wo1X1AyuAe94leY12hE8JdiraKfADzI8PthV9xdvBo +Y6pFITlIYXg23PFDk9Qlx/KAZeFTAnVR/Ho67zerhChXDNjU1JlWbOOi/lmEtDHo +M/hklJRRl6s5xUvt2t2AC298KQ3EjopyDedTFLJgQT2EkTFoPSdE2+Xe9PpjRchM +Ppj1P0G6Tss3DbpmmPHdy59c91Q2gmssvBNhl0L4eLvMyKKfyvBovWsdst+Nbwed +2o5nx0ceyrm/KkKRt2NTZvFCo+H0Wk1Ya7XkpDOtXHAd3ODy63MUkZoDweoAZbwH +/M8SESIsrqC9OuCiKthZ6SnTGDWkrBFfGbW1G/8iSlzGeuQX7yCpp/Q/rYqnmgQl +nQ7KN+ZQ/YxCKQSa7LnPS3K94gg2ryMvYuXKAdNw23yCIywWMQzGNgeQerEfZ1jE +O1hZibCMjFCz2IbLaKPECudpSyDOwR5WS5WpI2jYMNjD67BVUc3l/Su49bsRn1NU +9jQZjHkJNsphFyUXC4KYcwx3dMPVDceoEkzHp1RxRy4sGn3J4ys7SN4nhKdjNrN9 +j6BkOSQNPXuHr2ZcdBtLc7LljPCGmbjlxd+Ewbfr +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDKTCCApKgAwIBAgIENnAVljANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV +UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL +EwhEU1RDQSBFMTAeFw05ODEyMTAxODEwMjNaFw0xODEyMTAxODQwMjNaMEYxCzAJ +BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x +ETAPBgNVBAsTCERTVENBIEUxMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQCg +bIGpzzQeJN3+hijM3oMv+V7UQtLodGBmE5gGHKlREmlvMVW5SXIACH7TpWJENySZ +j9mDSI+ZbZUTu0M7LklOiDfBu1h//uG9+LthzfNHwJmm8fOR6Hh8AMthyUQncWlV +Sn5JTe2io74CTADKAqjuAQIxZA9SLRN0dja1erQtcQIBA6OCASQwggEgMBEGCWCG +SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx +JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI +RFNUQ0EgRTExDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMTAxODEw +MjNagQ8yMDE4MTIxMDE4MTAyM1owCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFGp5 +fpFpRhgTCgJ3pVlbYJglDqL4MB0GA1UdDgQWBBRqeX6RaUYYEwoCd6VZW2CYJQ6i ++DAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG +SIb3DQEBBQUAA4GBACIS2Hod3IEGtgllsofIH160L+nEHvI8wbsEkBFKg05+k7lN +QseSJqBcNJo4cvj9axY+IO6CizEqkzaFI4iKPANo08kJD038bKTaKHKTDomAsH3+ +gG9lbRgzl4vCa4nuYD3Im+9/KzJic5PLPON74nZ4RbyhkwS7hp86W0N6w4pl +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID2DCCAsACEQDQHkCLAAACfAAAAAIAAAABMA0GCSqGSIb3DQEBBQUAMIGpMQsw +CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp +dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UE +CxMIRFNUQ0EgWDExFjAUBgNVBAMTDURTVCBSb290Q0EgWDExITAfBgkqhkiG9w0B +CQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAeFw05ODEyMDExODE4NTVaFw0wODExMjgx +ODE4NTVaMIGpMQswCQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMO +U2FsdCBMYWtlIENpdHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0 +IENvLjERMA8GA1UECxMIRFNUQ0EgWDExFjAUBgNVBAMTDURTVCBSb290Q0EgWDEx +ITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBANLGJrbnpT3BxGjVUG9TxW9JEwm4ryxIjRRqoxdf +WvnTLnUv2Chi0ZMv/E3Uq4flCMeZ55I/db3rJbQVwZsZPdJEjdd0IG03Ao9pk1uK +xBmd9LIO/BZsubEFkoPRhSxglD5FVaDZqwgh5mDoO3TymVBRaNADLbGAvqPYUrBE +zUNKcI5YhZXhTizWLUFv1oTnyJhEykfbLCSlaSbPa7gnYsP0yXqSI+0TZ4KuRS5F +5X5yP4WdlGIQ5jyRoa13AOAV7POEgHJ6jm5gl8ckWRA0g1vhpaRptlc1HHhZxtMv +OnNn7pTKBBMFYgZwI7P0fO5F2WQLW0mqpEPOJsREEmy43XkCAwEAATANBgkqhkiG +9w0BAQUFAAOCAQEAojeyP2n714Z5VEkxlTMr89EJFEliYIalsBHiUMIdBlc+Legz +ZL6bqq1fG03UmZWii5rJYnK1aerZWKs17RWiQ9a2vAd5ZWRzfdd5ynvVWlHG4VME +lo04z6MXrDlxawHDi1M8Y+nuecDkvpIyZHqzH5eUYr3qsiAVlfuX8ngvYzZAOONG +Dx3drJXK50uQe7FLqdTF65raqtWjlBRGjS0f8zrWkzr2Pnn86Oawde3uPclwx12q +gUtGJRzHbBXjlU4PqjI3lAoXJJIThFjSY28r9+ZbYgsTF7ANUkz+/m9c4pFuHf2k +Ytdo+o56T9II2pPc8JIRetDccpMMc5NihWjQ9A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDKTCCApKgAwIBAgIENm7TzjANBgkqhkiG9w0BAQUFADBGMQswCQYDVQQGEwJV +UzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMREwDwYDVQQL +EwhEU1RDQSBFMjAeFw05ODEyMDkxOTE3MjZaFw0xODEyMDkxOTQ3MjZaMEYxCzAJ +BgNVBAYTAlVTMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4x +ETAPBgNVBAsTCERTVENBIEUyMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC/ +k48Xku8zExjrEH9OFr//Bo8qhbxe+SSmJIi2A7fBw18DW9Fvrn5C6mYjuGODVvso +LeE4i7TuqAHhzhy2iCoiRoX7n6dwqUcUP87eZfCocfdPJmyMvMa1795JJ/9IKn3o +TQPMx7JSxhcxEzu1TdvIxPbDDyQq2gyd55FbgM2UnQIBA6OCASQwggEgMBEGCWCG +SAGG+EIBAQQEAwIABzBoBgNVHR8EYTBfMF2gW6BZpFcwVTELMAkGA1UEBhMCVVMx +JDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UECxMI +RFNUQ0EgRTIxDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMTk5ODEyMDkxOTE3 +MjZagQ8yMDE4MTIwOTE5MTcyNlowCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaAFB6C +TShlgDzJQW6sNS5ay97u+DlbMB0GA1UdDgQWBBQegk0oZYA8yUFurDUuWsve7vg5 +WzAMBgNVHRMEBTADAQH/MBkGCSqGSIb2fQdBAAQMMAobBFY0LjADAgSQMA0GCSqG +SIb3DQEBBQUAA4GBAEeNg61i8tuwnkUiBbmi1gMOOHLnnvx75pO2mqWilMg0HZHR +xdf0CiUPPXiBng+xZ8SQTGPdXqfiup/1902lMXucKS1M/mQ+7LZT/uqb7YLbdHVL +B3luHtgZg3Pe9T7Qtd7nS2h9Qy4qIOF+oHhEngj1mPnHfxsb1gYgAlihw6ID +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID2DCCAsACEQDQHkCLAAB3bQAAAAEAAAAEMA0GCSqGSIb3DQEBBQUAMIGpMQsw +CQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp +dHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0IENvLjERMA8GA1UE +CxMIRFNUQ0EgWDIxFjAUBgNVBAMTDURTVCBSb290Q0EgWDIxITAfBgkqhkiG9w0B +CQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTAeFw05ODExMzAyMjQ2MTZaFw0wODExMjcy +MjQ2MTZaMIGpMQswCQYDVQQGEwJ1czENMAsGA1UECBMEVXRhaDEXMBUGA1UEBxMO +U2FsdCBMYWtlIENpdHkxJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRydXN0 +IENvLjERMA8GA1UECxMIRFNUQ0EgWDIxFjAUBgNVBAMTDURTVCBSb290Q0EgWDIx +ITAfBgkqhkiG9w0BCQEWEmNhQGRpZ3NpZ3RydXN0LmNvbTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBANx18IzAdZaawGIfJvfE4Zrq4FZzW5nNAUSoCLbV +p9oaBBg5kkp4o4HC9Xd6ULRw/5qrxsfKboNPQpj7Jgva3G3WqZlVUmfpKAOS3OWw +BZoPFflrWXJW8vo5/Kpo7g8fEIMv/J36F5bdguPmRX3AS4BEH+0s4IT9kVySVGkl +5WJp3OXuAFK9MwutdQKFp2RQLcUZGTDAJtvJ0/0uma1ZtQtN1EGuhUhDWdy3qOKi +3sOP17ihYqZoUFLkzzGnlIXan0YyF1bl8utmPRL/Q9uY73fPy4GNNLHGUEom0eQ+ +QVCvbK4iNC7Va26Dunm4dmVI2gkpZGMiuftHdoWMhkTLCdsCAwEAATANBgkqhkiG +9w0BAQUFAAOCAQEAtTYOXeFhKFoRZcA/gwN5Tb4opgsHAlKFzfiR0BBstWogWxyQ +2TA8xkieil5k+aFxd+8EJx8H6+Qm93N0yUQYGmbT4EOvkTvRyyzYdFQ6HE3K1GjN +I3wdEJ5F6fYAbqbNGf9PLCmPV03Ed5K+4EwJ+11EhmYhqLkyolbV6YyDfFk/xPEL +553snr2cGA4+wjl5KLcDDQjLxufZATdQEOzMYRZA1K8xdHv8PzGn0EdzMzkbzE5q +10mDEQb+64JYMzJM8FasHpwvVpp7wUocpf1VNs78lk30sPDst2yC7S8xmUJMqbIN +uBVd8d+6ybVK1GSYsyapMMj9puyrliGtf8J4tg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEgzCCA+ygAwIBAgIEOJ725DANBgkqhkiG9w0BAQQFADCBtDEUMBIGA1UEChML +RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9HQ0NBX0NQUyBp +bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAyMDAw +IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENsaWVu +dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMDAyMDcxNjE2NDBaFw0yMDAy +MDcxNjQ2NDBaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3 +LmVudHJ1c3QubmV0L0dDQ0FfQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp +YWIuKTElMCMGA1UECxMcKGMpIDIwMDAgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG +A1UEAxMqRW50cnVzdC5uZXQgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTdLS25MVL1qFof2LV7PdRV7Ny +Spj10InJrWPNTTVRaoTUrcloeW+46xHbh65cJFET8VQlhK8pK5/jgOLZy93GRUk0 +iJBeAZfv6lOm3fzB3ksqJeTpNfpVBQbliXrqpBFXO/x8PTbNZzVtpKklWb1m9fkn +5JVn1j+SgF7yNH0rhQIDAQABo4IBnjCCAZowEQYJYIZIAYb4QgEBBAQDAgAHMIHd +BgNVHR8EgdUwgdIwgc+ggcyggcmkgcYwgcMxFDASBgNVBAoTC0VudHJ1c3QubmV0 +MUAwPgYDVQQLFDd3d3cuZW50cnVzdC5uZXQvR0NDQV9DUFMgaW5jb3JwLiBieSBy +ZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMjAwMCBFbnRydXN0Lm5l +dCBMaW1pdGVkMTMwMQYDVQQDEypFbnRydXN0Lm5ldCBDbGllbnQgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMjAwMDAy +MDcxNjE2NDBagQ8yMDIwMDIwNzE2NDY0MFowCwYDVR0PBAQDAgEGMB8GA1UdIwQY +MBaAFISLdP3FjcD/J20gN0V8/i3OutN9MB0GA1UdDgQWBBSEi3T9xY3A/ydtIDdF +fP4tzrrTfTAMBgNVHRMEBTADAQH/MB0GCSqGSIb2fQdBAAQQMA4bCFY1LjA6NC4w +AwIEkDANBgkqhkiG9w0BAQQFAAOBgQBObzWAO9GK9Q6nIMstZVXQkvTnhLUGJoMS +hAusO7JE7r3PQNsgDrpuFOow4DtifH+La3xKp9U1PL6oXOpLu5OOgGarDyn9TS2/ +GpsKkMWr2tGzhtQvJFJcem3G8v7lTRowjJDyutdKPkN+1MhQGof4T4HHdguEOnKd +zmVml64mXg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIElTCCA/6gAwIBAgIEOJsRPDANBgkqhkiG9w0BAQQFADCBujEUMBIGA1UEChML +RW50cnVzdC5uZXQxPzA9BgNVBAsUNnd3dy5lbnRydXN0Lm5ldC9TU0xfQ1BTIGlu +Y29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMcKGMpIDIwMDAg +RW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5uZXQgU2VjdXJl +IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMDAyMDQxNzIwMDBa +Fw0yMDAyMDQxNzUwMDBaMIG6MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDE/MD0GA1UE +CxQ2d3d3LmVudHJ1c3QubmV0L1NTTF9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p +dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMjAwMCBFbnRydXN0Lm5ldCBMaW1pdGVk +MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp +b24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHwV9OcfHO +8GCGD9JYf9Mzly0XonUwtZZkJi9ow0SrqHXmAGc0V55lxyKbc+bT3QgON1WqJUaB +bL3+qPZ1V1eMkGxKwz6LS0MKyRFWmponIpnPVZ5h2QLifLZ8OAfc439PmrkDQYC2 +dWcTC5/oVzbIXQA23mYU2m52H083jIITiQIDAQABo4IBpDCCAaAwEQYJYIZIAYb4 +QgEBBAQDAgAHMIHjBgNVHR8EgdswgdgwgdWggdKggc+kgcwwgckxFDASBgNVBAoT +C0VudHJ1c3QubmV0MT8wPQYDVQQLFDZ3d3cuZW50cnVzdC5uZXQvU1NMX0NQUyBp +bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAyMDAw +IEVudHJ1c3QubmV0IExpbWl0ZWQxOjA4BgNVBAMTMUVudHJ1c3QubmV0IFNlY3Vy +ZSBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxDTALBgNVBAMTBENSTDEw +KwYDVR0QBCQwIoAPMjAwMDAyMDQxNzIwMDBagQ8yMDIwMDIwNDE3NTAwMFowCwYD +VR0PBAQDAgEGMB8GA1UdIwQYMBaAFMtswGvjuz7L/CKc/vuLkpyw8m4iMB0GA1Ud +DgQWBBTLbMBr47s+y/winP77i5KcsPJuIjAMBgNVHRMEBTADAQH/MB0GCSqGSIb2 +fQdBAAQQMA4bCFY1LjA6NC4wAwIEkDANBgkqhkiG9w0BAQQFAAOBgQBi24GRzsia +d0Iv7L0no1MPUBvqTpLwqa+poLpIYcvvyQbvH9X07t9WLebKahlzqlO+krNQAraF +JnJj2HVQYnUUt7NQGj/KEQALhUVpbbalrlHhStyCP2yMNLJ3a9kC9n8O6mUE8c1U +yrrJzOCE98g+EZfTYAkYvAX/bIkz8OwVDw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEXDCCA0SgAwIBAgIEOGO5ZjANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML +RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp +bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 +IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0xOTEy +MjQxODIwNTFaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3 +LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp +YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG +A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq +K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe +sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX +MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT +XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/ +HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH +4QIDAQABo3QwcjARBglghkgBhvhCAQEEBAMCAAcwHwYDVR0jBBgwFoAUVeSB0RGA +vtiJuQijMfmhJAkWuXAwHQYDVR0OBBYEFFXkgdERgL7YibkIozH5oSQJFrlwMB0G +CSqGSIb2fQdBAAQQMA4bCFY1LjA6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEA +WUesIYSKF8mciVMeuoCFGsY8Tj6xnLZ8xpJdGGQC49MGCBFhfGPjK50xA3B20qMo +oPS7mmNz7W3lKtvtFKkrxjYR0CvrB4ul2p5cGZ1WEvVUKcgF7bISKo30Axv/55IQ +h7A6tcOdBTcSo8f0FbnVpDkWm1M6I5HxqIKiaohowXkCIryqptau37AUX7iH0N18 +f3v/rxzP5tsHrV7bhZ3QKw0z2wTR5klAEyt2+z7pnIkPFc4YsIV4IU9rTw76NmfN +B/L/CNDi3tm/Kq+4h4YhPATKt5Rof8886ZjXOP/swNlQ8C5LWK5Gb9Auw2DaclVy +vUxFnmG6v4SBkgPR0ml8xQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIE7TCCBFagAwIBAgIEOAOR7jANBgkqhkiG9w0BAQQFADCByTELMAkGA1UEBhMC +VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MUgwRgYDVQQLFD93d3cuZW50cnVzdC5u +ZXQvQ2xpZW50X0NBX0luZm8vQ1BTIGluY29ycC4gYnkgcmVmLiBsaW1pdHMgbGlh +Yi4xJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNV +BAMTKkVudHJ1c3QubmV0IENsaWVudCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe +Fw05OTEwMTIxOTI0MzBaFw0xOTEwMTIxOTU0MzBaMIHJMQswCQYDVQQGEwJVUzEU +MBIGA1UEChMLRW50cnVzdC5uZXQxSDBGBgNVBAsUP3d3dy5lbnRydXN0Lm5ldC9D +bGllbnRfQ0FfSW5mby9DUFMgaW5jb3JwLiBieSByZWYuIGxpbWl0cyBsaWFiLjEl +MCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMq +RW50cnVzdC5uZXQgQ2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0G +CSqGSIb3DQEBAQUAA4GLADCBhwKBgQDIOpleMRffrCdvkHvkGf9FozTC28GoT/Bo +6oT9n3V5z8GKUZSvx1cDR2SerYIbWtp/N3hHuzeYEpbOxhN979IMMFGpOZ5V+Pux +5zDeg7K6PvHViTs7hbqqdCz+PzFur5GVbgbUB01LLFZHGARS2g4Qk79jkJvh34zm +AqTmT173iwIBA6OCAeAwggHcMBEGCWCGSAGG+EIBAQQEAwIABzCCASIGA1UdHwSC +ARkwggEVMIHkoIHhoIHepIHbMIHYMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50 +cnVzdC5uZXQxSDBGBgNVBAsUP3d3dy5lbnRydXN0Lm5ldC9DbGllbnRfQ0FfSW5m +by9DUFMgaW5jb3JwLiBieSByZWYuIGxpbWl0cyBsaWFiLjElMCMGA1UECxMcKGMp +IDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEGA1UEAxMqRW50cnVzdC5uZXQg +Q2xpZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCyg +KqAohiZodHRwOi8vd3d3LmVudHJ1c3QubmV0L0NSTC9DbGllbnQxLmNybDArBgNV +HRAEJDAigA8xOTk5MTAxMjE5MjQzMFqBDzIwMTkxMDEyMTkyNDMwWjALBgNVHQ8E +BAMCAQYwHwYDVR0jBBgwFoAUxPucKXuXzUyW/O5bs8qZdIuV6kwwHQYDVR0OBBYE +FMT7nCl7l81MlvzuW7PKmXSLlepMMAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EA +BAwwChsEVjQuMAMCBJAwDQYJKoZIhvcNAQEEBQADgYEAP66K8ddmAwWePvrqHEa7 +pFuPeJoSSJn59DXeDDYHAmsQOokUgZwxpnyyQbJq5wcBoUv5nyU7lsqZwz6hURzz +wy5E97BnRqqS5TvaHBkUODDV4qIxJS7x7EU47fgGWANzYrAQMY9Av2TgXD7FTx/a +EkP/TOYGJqibGapEPHayXOw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC +VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u +ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc +KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u +ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1 +MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE +ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j +b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF +bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg +U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA +A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/ +I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3 +wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC +AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb +oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5 +BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p +dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk +MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp +b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu +dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0 +MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi +E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa +MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI +hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN +95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd +2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC +VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 +Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW +KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl +cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw +NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw +NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy +ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV +BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo +Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4 +4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9 +KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI +rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi +94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB +sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi +gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo +kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE +vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA +A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t +O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua +AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP +9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/ +eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m +0vdXcDazv/wor3ElhVsT/h5/WrQ8 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV +UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy +dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1 +MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx +dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B +AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f +BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A +cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC +AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ +MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm +aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw +ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj +IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF +MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA +A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y +7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh +1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICkDCCAfmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBaMQswCQYDVQQGEwJVUzEc +MBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEtMCsGA1UEAxMkRXF1aWZheCBT +ZWN1cmUgR2xvYmFsIGVCdXNpbmVzcyBDQS0xMB4XDTk5MDYyMTA0MDAwMFoXDTIw +MDYyMTA0MDAwMFowWjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0VxdWlmYXggU2Vj +dXJlIEluYy4xLTArBgNVBAMTJEVxdWlmYXggU2VjdXJlIEdsb2JhbCBlQnVzaW5l +c3MgQ0EtMTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuucXkAJlsTRVPEnC +UdXfp9E3j9HngXNBUmCbnaEXJnitx7HoJpQytd4zjTov2/KaelpzmKNc6fuKcxtc +58O/gGzNqfTWK8D3+ZmqY6KxRwIP1ORROhI8bIpaVIRw28HFkM9yRcuoWcDNM50/ +o5brhTMhHD4ePmBudpxnhcXIw2ECAwEAAaNmMGQwEQYJYIZIAYb4QgEBBAQDAgAH +MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUvqigdHJQa0S3ySPY+6j/s1dr +aGwwHQYDVR0OBBYEFL6ooHRyUGtEt8kj2Puo/7NXa2hsMA0GCSqGSIb3DQEBBAUA +A4GBADDiAVGqx+pf2rnQZQ8w1j7aDRRJbpGTJxQx78T3LUX47Me/okENI7SS+RkA +Z70Br83gcfxaz2TE4JaY0KNA4gGK7ycH8WUBikQtBmV1UsCGECAhX2xrD2yuCRyv +8qIYNMR1pHMc8Y3c7635s3a0kr/clRAevsvIO1qEYBlWlKlV +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICgjCCAeugAwIBAgIBBDANBgkqhkiG9w0BAQQFADBTMQswCQYDVQQGEwJVUzEc +MBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEmMCQGA1UEAxMdRXF1aWZheCBT +ZWN1cmUgZUJ1c2luZXNzIENBLTEwHhcNOTkwNjIxMDQwMDAwWhcNMjAwNjIxMDQw +MDAwWjBTMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5j +LjEmMCQGA1UEAxMdRXF1aWZheCBTZWN1cmUgZUJ1c2luZXNzIENBLTEwgZ8wDQYJ +KoZIhvcNAQEBBQADgY0AMIGJAoGBAM4vGbwXt3fek6lfWg0XTzQaDJj0ItlZ1MRo +RvC0NcWFAyDGr0WlIVFFQesWWDYyb+JQYmT5/VGcqiTZ9J2DKocKIdMSODRsjQBu +WqDZQu4aIZX5UkxVWsUPOE9G+m34LjXWHXzr4vCwdYDIqROsvojvOm6rXyo4YgKw +Env+j6YDAgMBAAGjZjBkMBEGCWCGSAGG+EIBAQQEAwIABzAPBgNVHRMBAf8EBTAD +AQH/MB8GA1UdIwQYMBaAFEp4MlIR21kWNl7fwRQ2QGpHfEyhMB0GA1UdDgQWBBRK +eDJSEdtZFjZe38EUNkBqR3xMoTANBgkqhkiG9w0BAQQFAAOBgQB1W6ibAxHm6VZM +zfmpTMANmvPMZWnmJXbMWbfWVMMdzZmsGd20hdXgPfxiIKeES1hl8eL5lSE/9dR+ +WB5Hh1Q+WKG1tfgq73HnvMP2sUlG4tega+VWeponmHxGYhTnyfxuAxJ5gDgdSIKN +/Bf+KpYrtWKmpj29f5JZzVoqgrI3eQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDIDCCAomgAwIBAgIEN3DPtTANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV +UzEXMBUGA1UEChMORXF1aWZheCBTZWN1cmUxJjAkBgNVBAsTHUVxdWlmYXggU2Vj +dXJlIGVCdXNpbmVzcyBDQS0yMB4XDTk5MDYyMzEyMTQ0NVoXDTE5MDYyMzEyMTQ0 +NVowTjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkVxdWlmYXggU2VjdXJlMSYwJAYD +VQQLEx1FcXVpZmF4IFNlY3VyZSBlQnVzaW5lc3MgQ0EtMjCBnzANBgkqhkiG9w0B +AQEFAAOBjQAwgYkCgYEA5Dk5kx5SBhsoNviyoynF7Y6yEb3+6+e0dMKP/wXn2Z0G +vxLIPw7y1tEkshHe0XMJitSxLJgJDR5QRrKDpkWNYmi7hRsgcDKqQM2mll/EcTc/ +BPO3QSQ5BxoeLmFYoBIL5aXfxavqN3HMHMg3OrmXUqesxWoklE6ce8/AatbfIb0C +AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEX +MBUGA1UEChMORXF1aWZheCBTZWN1cmUxJjAkBgNVBAsTHUVxdWlmYXggU2VjdXJl +IGVCdXNpbmVzcyBDQS0yMQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTkw +NjIzMTIxNDQ1WjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUUJ4L6q9euSBIplBq +y/3YIHqngnYwHQYDVR0OBBYEFFCeC+qvXrkgSKZQasv92CB6p4J2MAwGA1UdEwQF +MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA +A4GBAAyGgq3oThr1jokn4jVYPSm0B482UJW/bsGe68SQsoWou7dC4A8HOd/7npCy +0cE+U58DRLB+S/Rv5Hwf5+Kx5Lia78O9zt4LMjTZ3ijtM2vE1Nc9ElirfQkty3D1 +E4qUoSek1nDFbZS1yX2doNLGCEnZZpum0/QL3MUmV+GRMOrN +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEVzCCAz+gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMCRVMx +IjAgBgNVBAcTGUMvIE11bnRhbmVyIDI0NCBCYXJjZWxvbmExQjBABgNVBAMTOUF1 +dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2 +MjYzNDA2ODEmMCQGCSqGSIb3DQEJARYXY2FAZmlybWFwcm9mZXNpb25hbC5jb20w +HhcNMDExMDI0MjIwMDAwWhcNMTMxMDI0MjIwMDAwWjCBnTELMAkGA1UEBhMCRVMx +IjAgBgNVBAcTGUMvIE11bnRhbmVyIDI0NCBCYXJjZWxvbmExQjBABgNVBAMTOUF1 +dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2 +MjYzNDA2ODEmMCQGCSqGSIb3DQEJARYXY2FAZmlybWFwcm9mZXNpb25hbC5jb20w +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnIwNvbyOlXnjOlSztlB5u +Cp4Bx+ow0Syd3Tfom5h5VtP8c9/Qit5Vj1H5WuretXDE7aTt/6MNbg9kUDGvASdY +rv5sp0ovFy3Tc9UTHI9ZpTQsHVQERc1ouKDAA6XPhUJHlShbz++AbOCQl4oBPB3z +hxAwJkh91/zpnZFx/0GaqUC1N5wpIE8fUuOgfRNtVLcK3ulqTgesrBlf3H5idPay +BQC6haD9HThuy1q7hryUZzM1gywfI834yJFxzJeL764P3CkDG8A563DtwW4O2GcL +iam8NeTvtjS0pbbELaW+0MOUJEjb35bTALVmGotmBQ/dPz/LP6pemkr4tErvlTcb +AgMBAAGjgZ8wgZwwKgYDVR0RBCMwIYYfaHR0cDovL3d3dy5maXJtYXByb2Zlc2lv +bmFsLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEBMCsGA1UdEAQkMCKADzIwMDExMDI0 +MjIwMDAwWoEPMjAxMzEwMjQyMjAwMDBaMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4E +FgQUMwugZtHq2s7eYpMEKFK1FH84aLcwDQYJKoZIhvcNAQEFBQADggEBAEdz/o0n +VPD11HecJ3lXV7cVVuzH2Fi3AQL0M+2TUIiefEaxvT8Ub/GzR0iLjJcG1+p+o1wq +u00vR+L4OQbJnC4xGgN49Lw4xiKLMzHwFgQEffl25EvXwOaD7FnMP97/T2u3Z36m +hoEyIwOdyPdfwUpgpZKpsaSgYMN4h7Mi8yrrW6ntBas3D7Hi05V2Y1Z0jFhyGzfl +ZKG+TQyTmAyX9odtsz/ny4Cm7YjHX1BiAuiZdBbQ5rQ58SfLyEDW44YQqSMSkuBp +QWOnryULwMWSyx6Yo1q6xTMPoJcB3X/ge9YGVM+h4k0460tQtcsm9MracEpqoeJ5 +quGnM/b9Sh/22WA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD +VQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNv +bHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJv +b3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJV +UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJU +cnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEds +b2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrH +iM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTS +r41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X4 +04Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3r +GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9 +3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P +lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD +VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv +b3QwHhcNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV +UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU +cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC45k+625h8cXyv +RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M +ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5 +1KiOQswkwB6RJ0q1bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz +dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ46WXTeorKeDWanOB5sCJo9Px4KWl +IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqXH/9Apy +bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT +MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i +YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG +EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg +R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9 +9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq +fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv +iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU +1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+ +bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW +MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA +ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l +uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn +Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS +tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF +PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un +hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV +5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDZjCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJVUzEW +MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3QgR2xvYmFs +IENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMTkwMzA0MDUwMDAwWjBEMQswCQYDVQQG +EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEdMBsGA1UEAxMUR2VvVHJ1c3Qg +R2xvYmFsIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvPE1A +PRDfO1MA4Wf+lGAVPoWI8YkNkMgoI5kF6CsgncbzYEbYwbLVjDHZ3CB5JIG/NTL8 +Y2nbsSpr7iFY8gjpeMtvy/wWUsiRxP89c96xPqfCfWbB9X5SJBri1WeR0IIQ13hL +TytCOb1kLUCgsBDTOEhGiKEMuzozKmKY+wCdE1l/bztyqu6mD4b5BWHqZ38MN5aL +5mkWRxHCJ1kDs6ZgwiFAVvqgx306E+PsV8ez1q6diYD3Aecs9pYrEw15LNnA5IZ7 +S4wMcoKK+xfNAGw6EzywhIdLFnopsk/bHdQL82Y3vdj2V7teJHq4PIu5+pIaGoSe +2HSPqht/XvT+RSIhAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE +FHE4NvICMVNHK266ZUapEBVYIAUJMB8GA1UdIwQYMBaAFHE4NvICMVNHK266ZUap +EBVYIAUJMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAQEAA/e1K6td +EPx7srJerJsOflN4WT5CBP51o62sgU7XAotexC3IUnbHLB/8gTKY0UvGkpMzNTEv +/NgdRN3ggX+d6YvhZJFiCzkIjKx0nVnZellSlxG5FntvRdOW2TF9AjYPnDtuzywN +A0ZF66D0f0hExghAzN4bcLUprbqLOzRldRtxIR0sFAqwlpW41uryZfspuk/qkZN0 +abby/+Ea0AzRdoXLiiW9l14sbxWZJue2Kf8i7MkCx1YAzUm5s2x7UwQa4qjJqhIF +I8LO57sEAszAR6LkxCkvW0VXiVHuPOtSCP8HNR6fNWpHSlaY0VqFH4z1Ir+rzoPz +4iIprn2DQKi6bA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBY +MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo +R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEx +MjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQK +Ew1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9 +AWbK7hWNb6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjA +ZIVcFU2Ix7e64HXprQU9nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE0 +7e9GceBrAqg1cmuXm2bgyxx5X9gaBGgeRwLmnWDiNpcB3841kt++Z8dtd1k7j53W +kBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGttm/81w7a4DSwDRp35+MI +mO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJ +KoZIhvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ1 +6CePbJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl +4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6K +oKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJlyc1pZU8Fj +UjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU +AT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEW +MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVy +c2FsIENBMB4XDTA0MDMwNDA1MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UE +BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHjAcBgNVBAMTFUdlb1RydXN0 +IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYV +VaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9tJPi8 +cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTT +QjOgNB0eRXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFh +F7em6fgemdtzbvQKoiFs7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2v +c7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d8Lsrlh/eezJS/R27tQahsiFepdaVaH/w +mZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7VqnJNk22CDtucvc+081xd +VHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3CgaRr0BHdCX +teGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZ +f9hBZ3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfRe +Bi9Fi1jUIxaS5BZuKGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+ +nhutxx9z3SxPGWX9f5NAEC7S8O08ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB +/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0XG0D08DYj3rWMB8GA1UdIwQY +MBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG +9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc +aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fX +IwjhmF7DWgh2qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzyn +ANXH/KttgCJwpQzgXQQpAvvLoJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0z +uzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsKxr2EoyNB3tZ3b4XUhRxQ4K5RirqN +Pnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxFKyDuSN/n3QmOGKja +QI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2DFKW +koRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9 +ER/frslKxfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQt +DF4JbAiXfKM9fJP/P6EUp8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/Sfuvm +bJxPgWp6ZKy7PtXny3YuxadIwVyQD8vIP/rmMuGNG2+k5o7Y+SlIis5z/iw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEW +MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVy +c2FsIENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYD +VQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1 +c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0DE81 +WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUG +FF+3Qs17j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdq +XbboW0W63MOhBW9Wjo8QJqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxL +se4YuU6W3Nx2/zu+z18DwPw76L5GG//aQMJS9/7jOvdqdzXQ2o3rXhhqMcceujwb +KNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2WP0+GfPtDCapkzj4T8Fd +IgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP20gaXT73 +y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRt +hAAnZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgoc +QIgfksILAAX/8sgCSqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4 +Lt1ZrtmhN79UNdxzMk+MBB4zsslG8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAfBgNV +HSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8EBAMCAYYwDQYJ +KoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z +dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQ +L1EuxBRa3ugZ4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgr +Fg5fNuH8KrUwJM/gYwx7WBr+mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSo +ag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpqA1Ihn0CoZ1Dy81of398j9tx4TuaY +T1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpgY+RdM4kX2TGq2tbz +GDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiPpm8m +1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJV +OCiNUW7dFGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH +6aLcr34YEoP9VhdBLtUpgn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwX +QMAJKOSLakhT2+zNVVXxxvjpoixMptEmX36vWkzaH6byHCx+rgIW0lbQL1dTR+iS +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG +A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv +b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw +MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i +YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT +aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ +jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp +xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp +1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG +snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ +U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 +9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B +AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz +yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE +38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP +AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad +DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME +HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh +MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE +YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3 +MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo +ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg +MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN +ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA +PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w +wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi +EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY +avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+ +YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE +sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h +/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5 +IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD +ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy +OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P +TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ +HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER +dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf +ReYNnyicsbkqWletNw+vHX/bvZ8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIH6jCCB1OgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARIxCzAJBgNVBAYTAkVT +MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE +ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE +ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEuMCwGA1UECxMl +SVBTIENBIENMQVNFMSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMl +SVBTIENBIENMQVNFMSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEeMBwGCSqGSIb3 +DQEJARYPaXBzQG1haWwuaXBzLmVzMB4XDTAxMTIyOTAwNTkzOFoXDTI1MTIyNzAw +NTkzOFowggESMQswCQYDVQQGEwJFUzESMBAGA1UECBMJQmFyY2Vsb25hMRIwEAYD +VQQHEwlCYXJjZWxvbmExLjAsBgNVBAoTJUlQUyBJbnRlcm5ldCBwdWJsaXNoaW5n +IFNlcnZpY2VzIHMubC4xKzApBgNVBAoUImlwc0BtYWlsLmlwcy5lcyBDLkkuRi4g +IEItNjA5Mjk0NTIxLjAsBgNVBAsTJUlQUyBDQSBDTEFTRTEgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkxLjAsBgNVBAMTJUlQUyBDQSBDTEFTRTEgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkxHjAcBgkqhkiG9w0BCQEWD2lwc0BtYWlsLmlwcy5lczCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4FEnpwvdr9G5Q1uCN0VWcu+atsIS7ywS +zHb5BlmvXSHU0lq4oNTzav3KaY1mSPd05u42veiWkXWmcSjK5yISMmmwPh5r9FBS +YmL9Yzt9fuzuOOpi9GyocY3h6YvJP8a1zZRCb92CRTzo3wno7wpVqVZHYUxJZHMQ +KD/Kvwn/xi8CAwEAAaOCBEowggRGMB0GA1UdDgQWBBTrsxl588GlHKzcuh9morKb +adB4CDCCAUQGA1UdIwSCATswggE3gBTrsxl588GlHKzcuh9morKbadB4CKGCARqk +ggEWMIIBEjELMAkGA1UEBhMCRVMxEjAQBgNVBAgTCUJhcmNlbG9uYTESMBAGA1UE +BxMJQmFyY2Vsb25hMS4wLAYDVQQKEyVJUFMgSW50ZXJuZXQgcHVibGlzaGluZyBT +ZXJ2aWNlcyBzLmwuMSswKQYDVQQKFCJpcHNAbWFpbC5pcHMuZXMgQy5JLkYuICBC +LTYwOTI5NDUyMS4wLAYDVQQLEyVJUFMgQ0EgQ0xBU0UxIENlcnRpZmljYXRpb24g +QXV0aG9yaXR5MS4wLAYDVQQDEyVJUFMgQ0EgQ0xBU0UxIENlcnRpZmljYXRpb24g +QXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYD +VR0TBAUwAwEB/zAMBgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggr +BgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIB +FQYKKwYBBAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhC +AQEEBAMCAAcwGgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGB +D2lwc0BtYWlsLmlwcy5lczBBBglghkgBhvhCAQ0ENBYyQ0xBU0UxIENBIENlcnRp +ZmljYXRlIGlzc3VlZCBieSBodHRwOi8vd3d3Lmlwcy5lcy8wKQYJYIZIAYb4QgEC +BBwWGmh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvMDoGCWCGSAGG+EIBBAQtFito +dHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJDTEFTRTEuY3JsMD8GCWCG +SAGG+EIBAwQyFjBodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3Jldm9jYXRpb25D +TEFTRTEuaHRtbD8wPAYJYIZIAYb4QgEHBC8WLWh0dHA6Ly93d3cuaXBzLmVzL2lw +czIwMDIvcmVuZXdhbENMQVNFMS5odG1sPzA6BglghkgBhvhCAQgELRYraHR0cDov +L3d3dy5pcHMuZXMvaXBzMjAwMi9wb2xpY3lDTEFTRTEuaHRtbDBzBgNVHR8EbDBq +MDGgL6AthitodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJDTEFTRTEu +Y3JsMDWgM6Axhi9odHRwOi8vd3d3YmFjay5pcHMuZXMvaXBzMjAwMi9pcHMyMDAy +Q0xBU0UxLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9v +Y3NwLmlwcy5lcy8wDQYJKoZIhvcNAQEFBQADgYEAK9Dr/drIyllq2tPMMi7JVBuK +Yn4VLenZMdMu9Ccj/1urxUq2ckCuU3T0vAW0xtnIyXf7t/k0f3gA+Nak5FI/LEpj +V4F1Wo7ojPsCwJTGKbqz3Bzosq/SLmJbGqmODszFV0VRFOlOHIilkfSj945RyKm+ +hjM+5i9Ibq9UkE6tsSU= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIH6jCCB1OgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARIxCzAJBgNVBAYTAkVT +MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE +ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE +ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEuMCwGA1UECxMl +SVBTIENBIENMQVNFMyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMl +SVBTIENBIENMQVNFMyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEeMBwGCSqGSIb3 +DQEJARYPaXBzQG1haWwuaXBzLmVzMB4XDTAxMTIyOTAxMDE0NFoXDTI1MTIyNzAx +MDE0NFowggESMQswCQYDVQQGEwJFUzESMBAGA1UECBMJQmFyY2Vsb25hMRIwEAYD +VQQHEwlCYXJjZWxvbmExLjAsBgNVBAoTJUlQUyBJbnRlcm5ldCBwdWJsaXNoaW5n +IFNlcnZpY2VzIHMubC4xKzApBgNVBAoUImlwc0BtYWlsLmlwcy5lcyBDLkkuRi4g +IEItNjA5Mjk0NTIxLjAsBgNVBAsTJUlQUyBDQSBDTEFTRTMgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkxLjAsBgNVBAMTJUlQUyBDQSBDTEFTRTMgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkxHjAcBgkqhkiG9w0BCQEWD2lwc0BtYWlsLmlwcy5lczCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqxf+DrDGaBtT8FK+n/ra+osTBLsBjzLZ +H49NzjaY2uQARIwo2BNEKqRrThckQpzTiKRBgtYj+4vJhuW5qYIF3PHeH+AMmVWY +8jjsbJ0gA8DvqqPGZARRLXgNo9KoOtYkTOmWehisEyMiG3zoMRGzXwmqMHBxRiVr +SXGAK5UBsh8CAwEAAaOCBEowggRGMB0GA1UdDgQWBBS4k/8uy9wsjqLnev42USGj +mFsMNDCCAUQGA1UdIwSCATswggE3gBS4k/8uy9wsjqLnev42USGjmFsMNKGCARqk +ggEWMIIBEjELMAkGA1UEBhMCRVMxEjAQBgNVBAgTCUJhcmNlbG9uYTESMBAGA1UE +BxMJQmFyY2Vsb25hMS4wLAYDVQQKEyVJUFMgSW50ZXJuZXQgcHVibGlzaGluZyBT +ZXJ2aWNlcyBzLmwuMSswKQYDVQQKFCJpcHNAbWFpbC5pcHMuZXMgQy5JLkYuICBC +LTYwOTI5NDUyMS4wLAYDVQQLEyVJUFMgQ0EgQ0xBU0UzIENlcnRpZmljYXRpb24g +QXV0aG9yaXR5MS4wLAYDVQQDEyVJUFMgQ0EgQ0xBU0UzIENlcnRpZmljYXRpb24g +QXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYD +VR0TBAUwAwEB/zAMBgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggr +BgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIB +FQYKKwYBBAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhC +AQEEBAMCAAcwGgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGB +D2lwc0BtYWlsLmlwcy5lczBBBglghkgBhvhCAQ0ENBYyQ0xBU0UzIENBIENlcnRp +ZmljYXRlIGlzc3VlZCBieSBodHRwOi8vd3d3Lmlwcy5lcy8wKQYJYIZIAYb4QgEC +BBwWGmh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvMDoGCWCGSAGG+EIBBAQtFito +dHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJDTEFTRTMuY3JsMD8GCWCG +SAGG+EIBAwQyFjBodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3Jldm9jYXRpb25D +TEFTRTMuaHRtbD8wPAYJYIZIAYb4QgEHBC8WLWh0dHA6Ly93d3cuaXBzLmVzL2lw +czIwMDIvcmVuZXdhbENMQVNFMy5odG1sPzA6BglghkgBhvhCAQgELRYraHR0cDov +L3d3dy5pcHMuZXMvaXBzMjAwMi9wb2xpY3lDTEFTRTMuaHRtbDBzBgNVHR8EbDBq +MDGgL6AthitodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJDTEFTRTMu +Y3JsMDWgM6Axhi9odHRwOi8vd3d3YmFjay5pcHMuZXMvaXBzMjAwMi9pcHMyMDAy +Q0xBU0UzLmNybDAvBggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9v +Y3NwLmlwcy5lcy8wDQYJKoZIhvcNAQEFBQADgYEAF2VcmZVDAyevJuXr0LMXI/dD +qsfwfewPxqmurpYPdikc4gYtfibFPPqhwYHOU7BC0ZdXGhd+pFFhxu7pXu8Fuuu9 +D6eSb9ijBmgpjnn1/7/5p6/ksc7C0YBCJwUENPjDfxZ4IwwHJPJGR607VNCv1TGy +r33I6unUVtkOE7LFRVA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIH9zCCB2CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARQxCzAJBgNVBAYTAkVT +MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE +ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE +ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEvMC0GA1UECxMm +SVBTIENBIENMQVNFQTEgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxLzAtBgNVBAMT +JklQUyBDQSBDTEFTRUExIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJKoZI +hvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMwHhcNMDExMjI5MDEwNTMyWhcNMjUxMjI3 +MDEwNTMyWjCCARQxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQ +BgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hp +bmcgU2VydmljZXMgcy5sLjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5G +LiAgQi02MDkyOTQ1MjEvMC0GA1UECxMmSVBTIENBIENMQVNFQTEgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUExIENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMw +gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALsw19zQVL01Tp/FTILq0VA8R5j8 +m2mdd81u4D/u6zJfX5/S0HnllXNEITLgCtud186Nq1KLK3jgm1t99P1tCeWu4Wwd +ByOgF9H5fahGRpEiqLJpxq339fWUoTCUvQDMRH/uxJ7JweaPCjbB/SQ9AaD1e+J8 +eGZDi09Z8pvZ+kmzAgMBAAGjggRTMIIETzAdBgNVHQ4EFgQUZyaW56G/2LUDnf47 +3P7yiuYV3TAwggFGBgNVHSMEggE9MIIBOYAUZyaW56G/2LUDnf473P7yiuYV3TCh +ggEcpIIBGDCCARQxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQ +BgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hp +bmcgU2VydmljZXMgcy5sLjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5G +LiAgQi02MDkyOTQ1MjEvMC0GA1UECxMmSVBTIENBIENMQVNFQTEgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUExIENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOC +AQAwDAYDVR0TBAUwAwEB/zAMBgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUF +BwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYB +BAGCNwIBFQYKKwYBBAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglg +hkgBhvhCAQEEBAMCAAcwGgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1Ud +EgQTMBGBD2lwc0BtYWlsLmlwcy5lczBCBglghkgBhvhCAQ0ENRYzQ0xBU0VBMSBD +QSBDZXJ0aWZpY2F0ZSBpc3N1ZWQgYnkgaHR0cDovL3d3dy5pcHMuZXMvMCkGCWCG +SAGG+EIBAgQcFhpodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyLzA7BglghkgBhvhC +AQQELhYsaHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0xBU0VBMS5j +cmwwQAYJYIZIAYb4QgEDBDMWMWh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcmV2 +b2NhdGlvbkNMQVNFQTEuaHRtbD8wPQYJYIZIAYb4QgEHBDAWLmh0dHA6Ly93d3cu +aXBzLmVzL2lwczIwMDIvcmVuZXdhbENMQVNFQTEuaHRtbD8wOwYJYIZIAYb4QgEI +BC4WLGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcG9saWN5Q0xBU0VBMS5odG1s +MHUGA1UdHwRuMGwwMqAwoC6GLGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvaXBz +MjAwMkNMQVNFQTEuY3JsMDagNKAyhjBodHRwOi8vd3d3YmFjay5pcHMuZXMvaXBz +MjAwMi9pcHMyMDAyQ0xBU0VBMS5jcmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUF +BzABhhNodHRwOi8vb2NzcC5pcHMuZXMvMA0GCSqGSIb3DQEBBQUAA4GBAH66iqyA +AIQVCtWYUQxkxZwCWINmyq0eB81+atqAB98DNEock8RLWCA1NnHtogo1EqWmZaeF +aQoO42Hu6r4okzPV7Oi+xNtff6j5YzHIa5biKcJboOeXNp13XjFr/tOn2yrb25aL +H2betgPAK7N41lUH5Y85UN4HI3LmvSAUS7SG +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIH9zCCB2CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARQxCzAJBgNVBAYTAkVT +MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE +ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE +ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEvMC0GA1UECxMm +SVBTIENBIENMQVNFQTMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxLzAtBgNVBAMT +JklQUyBDQSBDTEFTRUEzIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJKoZI +hvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMwHhcNMDExMjI5MDEwNzUwWhcNMjUxMjI3 +MDEwNzUwWjCCARQxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQ +BgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hp +bmcgU2VydmljZXMgcy5sLjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5G +LiAgQi02MDkyOTQ1MjEvMC0GA1UECxMmSVBTIENBIENMQVNFQTMgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUEzIENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXMw +gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO6AAPYaZC6tasiDsYun7o/ZttvN +G7uGBiJ2MwwSbUhWYdLcgiViL5/SaTBlA0IjWLxH3GvWdV0XPOH/8lhneaDBgbHU +VqLyjRGZ/fZ98cfEXgIqmuJKtROKAP2Md4bm15T1IHUuDky/dMQ/gT6DtKM4Ninn +6Cr1jIhBqoCm42zvAgMBAAGjggRTMIIETzAdBgNVHQ4EFgQUHp9XUEe2YZM50yz8 +2l09BXW3mQIwggFGBgNVHSMEggE9MIIBOYAUHp9XUEe2YZM50yz82l09BXW3mQKh +ggEcpIIBGDCCARQxCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQ +BgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UEChMlSVBTIEludGVybmV0IHB1Ymxpc2hp +bmcgU2VydmljZXMgcy5sLjErMCkGA1UEChQiaXBzQG1haWwuaXBzLmVzIEMuSS5G +LiAgQi02MDkyOTQ1MjEvMC0GA1UECxMmSVBTIENBIENMQVNFQTMgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkxLzAtBgNVBAMTJklQUyBDQSBDTEFTRUEzIENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5MR4wHAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOC +AQAwDAYDVR0TBAUwAwEB/zAMBgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUF +BwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYB +BAGCNwIBFQYKKwYBBAGCNwIBFgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglg +hkgBhvhCAQEEBAMCAAcwGgYDVR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1Ud +EgQTMBGBD2lwc0BtYWlsLmlwcy5lczBCBglghkgBhvhCAQ0ENRYzQ0xBU0VBMyBD +QSBDZXJ0aWZpY2F0ZSBpc3N1ZWQgYnkgaHR0cDovL3d3dy5pcHMuZXMvMCkGCWCG +SAGG+EIBAgQcFhpodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyLzA7BglghkgBhvhC +AQQELhYsaHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyQ0xBU0VBMy5j +cmwwQAYJYIZIAYb4QgEDBDMWMWh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcmV2 +b2NhdGlvbkNMQVNFQTMuaHRtbD8wPQYJYIZIAYb4QgEHBDAWLmh0dHA6Ly93d3cu +aXBzLmVzL2lwczIwMDIvcmVuZXdhbENMQVNFQTMuaHRtbD8wOwYJYIZIAYb4QgEI +BC4WLGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcG9saWN5Q0xBU0VBMy5odG1s +MHUGA1UdHwRuMGwwMqAwoC6GLGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvaXBz +MjAwMkNMQVNFQTMuY3JsMDagNKAyhjBodHRwOi8vd3d3YmFjay5pcHMuZXMvaXBz +MjAwMi9pcHMyMDAyQ0xBU0VBMy5jcmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUF +BzABhhNodHRwOi8vb2NzcC5pcHMuZXMvMA0GCSqGSIb3DQEBBQUAA4GBAEo9IEca +2on0eisxeewBwMwB9dbB/MjD81ACUZBYKp/nNQlbMAqBACVHr9QPDp5gJqiVp4MI +3y2s6Q73nMify5NF8bpqxmdRSmlPa/59Cy9SKcJQrSRE7SOzSMtEQMEDlQwKeAYS +AfWRMS1Jjbs/RU4s4OjNtckUFQzjB4ObJnXv +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIH9zCCB2CgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCARwxCzAJBgNVBAYTAkVT +MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE +ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE +ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjEzMDEGA1UECxMq +SVBTIENBIENoYWluZWQgQ0FzIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTMwMQYD +VQQDEypJUFMgQ0EgQ2hhaW5lZCBDQXMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx +HjAcBgkqhkiG9w0BCQEWD2lwc0BtYWlsLmlwcy5lczAeFw0wMTEyMjkwMDUzNTha +Fw0yNTEyMjcwMDUzNThaMIIBHDELMAkGA1UEBhMCRVMxEjAQBgNVBAgTCUJhcmNl +bG9uYTESMBAGA1UEBxMJQmFyY2Vsb25hMS4wLAYDVQQKEyVJUFMgSW50ZXJuZXQg +cHVibGlzaGluZyBTZXJ2aWNlcyBzLmwuMSswKQYDVQQKFCJpcHNAbWFpbC5pcHMu +ZXMgQy5JLkYuICBCLTYwOTI5NDUyMTMwMQYDVQQLEypJUFMgQ0EgQ2hhaW5lZCBD +QXMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxMzAxBgNVBAMTKklQUyBDQSBDaGFp +bmVkIENBcyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEeMBwGCSqGSIb3DQEJARYP +aXBzQG1haWwuaXBzLmVzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDcVpJJ +spQgvJhPUOtopKdJC7/SMejHT8KGC/po/UNaivNgkjWZOLtNA1IhW/A3mTXhQSCB +hYEFcYGdtJUZqV92NC5jNzVXjrQfQj8VXOF6wV8TGDIxya2+o8eDZh65nAQTy2nB +Bt4wBrszo7Uf8I9vzv+W6FS+ZoCua9tBhDaiPQIDAQABo4IEQzCCBD8wHQYDVR0O +BBYEFKGtMbH5PuEXpsirNPxShwkeYlJBMIIBTgYDVR0jBIIBRTCCAUGAFKGtMbH5 +PuEXpsirNPxShwkeYlJBoYIBJKSCASAwggEcMQswCQYDVQQGEwJFUzESMBAGA1UE +CBMJQmFyY2Vsb25hMRIwEAYDVQQHEwlCYXJjZWxvbmExLjAsBgNVBAoTJUlQUyBJ +bnRlcm5ldCBwdWJsaXNoaW5nIFNlcnZpY2VzIHMubC4xKzApBgNVBAoUImlwc0Bt +YWlsLmlwcy5lcyBDLkkuRi4gIEItNjA5Mjk0NTIxMzAxBgNVBAsTKklQUyBDQSBD +aGFpbmVkIENBcyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEzMDEGA1UEAxMqSVBT +IENBIENoYWluZWQgQ0FzIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4wHAYJKoZI +hvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYDVR0TBAUwAwEB/zAMBgNVHQ8E +BQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMG +CCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIBFQYKKwYBBAGCNwIBFgYKKwYB +BAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAAcwGgYDVR0RBBMw +EYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGBD2lwc0BtYWlsLmlwcy5lczBC +BglghkgBhvhCAQ0ENRYzQ2hhaW5lZCBDQSBDZXJ0aWZpY2F0ZSBpc3N1ZWQgYnkg +aHR0cDovL3d3dy5pcHMuZXMvMCkGCWCGSAGG+EIBAgQcFhpodHRwOi8vd3d3Lmlw +cy5lcy9pcHMyMDAyLzA3BglghkgBhvhCAQQEKhYoaHR0cDovL3d3dy5pcHMuZXMv +aXBzMjAwMi9pcHMyMDAyQ0FDLmNybDA8BglghkgBhvhCAQMELxYtaHR0cDovL3d3 +dy5pcHMuZXMvaXBzMjAwMi9yZXZvY2F0aW9uQ0FDLmh0bWw/MDkGCWCGSAGG+EIB +BwQsFipodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3JlbmV3YWxDQUMuaHRtbD8w +NwYJYIZIAYb4QgEIBCoWKGh0dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvcG9saWN5 +Q0FDLmh0bWwwbQYDVR0fBGYwZDAuoCygKoYoaHR0cDovL3d3dy5pcHMuZXMvaXBz +MjAwMi9pcHMyMDAyQ0FDLmNybDAyoDCgLoYsaHR0cDovL3d3d2JhY2suaXBzLmVz +L2lwczIwMDIvaXBzMjAwMkNBQy5jcmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUF +BzABhhNodHRwOi8vb2NzcC5pcHMuZXMvMA0GCSqGSIb3DQEBBQUAA4GBAERyMJ1W +WKJBGyi3leGmGpVfp3hAK+/blkr8THFj2XOVvQLiogbHvpcqk4A0hgP63Ng9HgfN +HnNDJGD1HWHc3JagvPsd4+cSACczAsDAK1M92GsDgaPb1pOVIO/Tln4mkImcJpvN +b2ar7QMiRDjMWb2f2/YHogF/JsRj9SVCXmK9 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICtzCCAiACAQAwDQYJKoZIhvcNAQEEBQAwgaMxCzAJBgNVBAYTAkVTMRIwEAYD +VQQIEwlCQVJDRUxPTkExEjAQBgNVBAcTCUJBUkNFTE9OQTEZMBcGA1UEChMQSVBT +IFNlZ3VyaWRhZCBDQTEYMBYGA1UECxMPQ2VydGlmaWNhY2lvbmVzMRcwFQYDVQQD +Ew5JUFMgU0VSVklET1JFUzEeMBwGCSqGSIb3DQEJARYPaXBzQG1haWwuaXBzLmVz +MB4XDTk4MDEwMTIzMjEwN1oXDTA5MTIyOTIzMjEwN1owgaMxCzAJBgNVBAYTAkVT +MRIwEAYDVQQIEwlCQVJDRUxPTkExEjAQBgNVBAcTCUJBUkNFTE9OQTEZMBcGA1UE +ChMQSVBTIFNlZ3VyaWRhZCBDQTEYMBYGA1UECxMPQ2VydGlmaWNhY2lvbmVzMRcw +FQYDVQQDEw5JUFMgU0VSVklET1JFUzEeMBwGCSqGSIb3DQEJARYPaXBzQG1haWwu +aXBzLmVzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsT1J0nznqjtwlxLyY +XZhkJAk8IbPMGbWOlI6H0fg3PqHILVikgDVboXVsHUUMH2Fjal5vmwpMwci4YSM1 +gf/+rHhwLWjhOgeYlQJU3c0jt4BT18g3RXIGJBK6E2Ehim51KODFDzT9NthFf+G4 +Nu+z4cYgjui0OLzhPvYR3oydAQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBACzzw3lY +JN7GO9HgQmm47mSzPWIBubOE3yN93ZjPEKn+ANgilgUTB1RXxafey9m4iEL2mdsU +dx+2/iU94aI+A6mB0i1sR/WWRowiq8jMDQ6XXotBtDvECgZAHd1G9AHduoIuPD14 +cJ58GNCr+Lh3B0Zx8coLY1xq+XKU1QFPoNtC +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIIODCCB6GgAwIBAgIBADANBgkqhkiG9w0BAQUFADCCAR4xCzAJBgNVBAYTAkVT +MRIwEAYDVQQIEwlCYXJjZWxvbmExEjAQBgNVBAcTCUJhcmNlbG9uYTEuMCwGA1UE +ChMlSVBTIEludGVybmV0IHB1Ymxpc2hpbmcgU2VydmljZXMgcy5sLjErMCkGA1UE +ChQiaXBzQG1haWwuaXBzLmVzIEMuSS5GLiAgQi02MDkyOTQ1MjE0MDIGA1UECxMr +SVBTIENBIFRpbWVzdGFtcGluZyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTE0MDIG +A1UEAxMrSVBTIENBIFRpbWVzdGFtcGluZyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eTEeMBwGCSqGSIb3DQEJARYPaXBzQG1haWwuaXBzLmVzMB4XDTAxMTIyOTAxMTAx +OFoXDTI1MTIyNzAxMTAxOFowggEeMQswCQYDVQQGEwJFUzESMBAGA1UECBMJQmFy +Y2Vsb25hMRIwEAYDVQQHEwlCYXJjZWxvbmExLjAsBgNVBAoTJUlQUyBJbnRlcm5l +dCBwdWJsaXNoaW5nIFNlcnZpY2VzIHMubC4xKzApBgNVBAoUImlwc0BtYWlsLmlw +cy5lcyBDLkkuRi4gIEItNjA5Mjk0NTIxNDAyBgNVBAsTK0lQUyBDQSBUaW1lc3Rh +bXBpbmcgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxNDAyBgNVBAMTK0lQUyBDQSBU +aW1lc3RhbXBpbmcgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHjAcBgkqhkiG9w0B +CQEWD2lwc0BtYWlsLmlwcy5lczCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +vLjuVqWajOY2ycJioGaBjRrVetJznw6EZLqVtJCneK/K/lRhW86yIFcBrkSSQxA4 +Efdo/BdApWgnMjvEp+ZCccWZ73b/K5Uk9UmSGGjKALWkWi9uy9YbLA1UZ2t6KaFY +q6JaANZbuxjC3/YeE1Z2m6Vo4pjOxgOKNNtMg0GmqaMCAwEAAaOCBIAwggR8MB0G +A1UdDgQWBBSL0BBQCYHynQnVDmB4AyKiP8jKZjCCAVAGA1UdIwSCAUcwggFDgBSL +0BBQCYHynQnVDmB4AyKiP8jKZqGCASakggEiMIIBHjELMAkGA1UEBhMCRVMxEjAQ +BgNVBAgTCUJhcmNlbG9uYTESMBAGA1UEBxMJQmFyY2Vsb25hMS4wLAYDVQQKEyVJ +UFMgSW50ZXJuZXQgcHVibGlzaGluZyBTZXJ2aWNlcyBzLmwuMSswKQYDVQQKFCJp +cHNAbWFpbC5pcHMuZXMgQy5JLkYuICBCLTYwOTI5NDUyMTQwMgYDVQQLEytJUFMg +Q0EgVGltZXN0YW1waW5nIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MTQwMgYDVQQD +EytJUFMgQ0EgVGltZXN0YW1waW5nIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR4w +HAYJKoZIhvcNAQkBFg9pcHNAbWFpbC5pcHMuZXOCAQAwDAYDVR0TBAUwAwEB/zAM +BgNVHQ8EBQMDB/+AMGsGA1UdJQRkMGIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYB +BQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCAYKKwYBBAGCNwIBFQYKKwYBBAGCNwIB +FgYKKwYBBAGCNwoDAQYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAAcwGgYD +VR0RBBMwEYEPaXBzQG1haWwuaXBzLmVzMBoGA1UdEgQTMBGBD2lwc0BtYWlsLmlw +cy5lczBHBglghkgBhvhCAQ0EOhY4VGltZXN0YW1waW5nIENBIENlcnRpZmljYXRl +IGlzc3VlZCBieSBodHRwOi8vd3d3Lmlwcy5lcy8wKQYJYIZIAYb4QgECBBwWGmh0 +dHA6Ly93d3cuaXBzLmVzL2lwczIwMDIvMEAGCWCGSAGG+EIBBAQzFjFodHRwOi8v +d3d3Lmlwcy5lcy9pcHMyMDAyL2lwczIwMDJUaW1lc3RhbXBpbmcuY3JsMEUGCWCG +SAGG+EIBAwQ4FjZodHRwOi8vd3d3Lmlwcy5lcy9pcHMyMDAyL3Jldm9jYXRpb25U +aW1lc3RhbXBpbmcuaHRtbD8wQgYJYIZIAYb4QgEHBDUWM2h0dHA6Ly93d3cuaXBz +LmVzL2lwczIwMDIvcmVuZXdhbFRpbWVzdGFtcGluZy5odG1sPzBABglghkgBhvhC +AQgEMxYxaHR0cDovL3d3dy5pcHMuZXMvaXBzMjAwMi9wb2xpY3lUaW1lc3RhbXBp +bmcuaHRtbDB/BgNVHR8EeDB2MDegNaAzhjFodHRwOi8vd3d3Lmlwcy5lcy9pcHMy +MDAyL2lwczIwMDJUaW1lc3RhbXBpbmcuY3JsMDugOaA3hjVodHRwOi8vd3d3YmFj +ay5pcHMuZXMvaXBzMjAwMi9pcHMyMDAyVGltZXN0YW1waW5nLmNybDAvBggrBgEF +BQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9vY3NwLmlwcy5lcy8wDQYJKoZI +hvcNAQEFBQADgYEAZbrBzAAalZHK6Ww6vzoeFAh8+4Pua2JR0zORtWB5fgTYXXk3 +6MNbsMRnLWhasl8OCvrNPzpFoeo2zyYepxEoxZSPhExTCMWTs/zif/WN87GphV+I +3pGW7hdbrqXqcGV4LCFkAZXOzkw+UPS2Wctjjba9GNSHSl/c7+lW8AoM6HU= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFSzCCBLSgAwIBAgIBaTANBgkqhkiG9w0BAQQFADCBmTELMAkGA1UEBhMCSFUx +ETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0 +b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9rMTIwMAYDVQQD +EylOZXRMb2NrIFV6bGV0aSAoQ2xhc3MgQikgVGFudXNpdHZhbnlraWFkbzAeFw05 +OTAyMjUxNDEwMjJaFw0xOTAyMjAxNDEwMjJaMIGZMQswCQYDVQQGEwJIVTERMA8G +A1UEBxMIQnVkYXBlc3QxJzAlBgNVBAoTHk5ldExvY2sgSGFsb3phdGJpenRvbnNh +Z2kgS2Z0LjEaMBgGA1UECxMRVGFudXNpdHZhbnlraWFkb2sxMjAwBgNVBAMTKU5l +dExvY2sgVXpsZXRpIChDbGFzcyBCKSBUYW51c2l0dmFueWtpYWRvMIGfMA0GCSqG +SIb3DQEBAQUAA4GNADCBiQKBgQCx6gTsIKAjwo84YM/HRrPVG/77uZmeBNwcf4xK +gZjupNTKihe5In+DCnVMm8Bp2GQ5o+2So/1bXHQawEfKOml2mrriRBf8TKPV/riX +iK+IA4kfpPIEPsgHC+b5sy96YhQJRhTKZPWLgLViqNhr1nGTLbO/CVRY7QbrqHvc +Q7GhaQIDAQABo4ICnzCCApswEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNVHQ8BAf8E +BAMCAAYwEQYJYIZIAYb4QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaCAk1G +SUdZRUxFTSEgRXplbiB0YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFu +b3MgU3pvbGdhbHRhdGFzaSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBh +bGFwamFuIGtlc3p1bHQuIEEgaGl0ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5ldExv +Y2sgS2Z0LiB0ZXJtZWtmZWxlbG9zc2VnLWJpenRvc2l0YXNhIHZlZGkuIEEgZGln +aXRhbGlzIGFsYWlyYXMgZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYXogZWxvaXJ0 +IGVsbGVub3J6ZXNpIGVsamFyYXMgbWVndGV0ZWxlLiBBeiBlbGphcmFzIGxlaXJh +c2EgbWVndGFsYWxoYXRvIGEgTmV0TG9jayBLZnQuIEludGVybmV0IGhvbmxhcGph +biBhIGh0dHBzOi8vd3d3Lm5ldGxvY2submV0L2RvY3MgY2ltZW4gdmFneSBrZXJo +ZXRvIGF6IGVsbGVub3J6ZXNAbmV0bG9jay5uZXQgZS1tYWlsIGNpbWVuLiBJTVBP +UlRBTlQhIFRoZSBpc3N1YW5jZSBhbmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmlj +YXRlIGlzIHN1YmplY3QgdG8gdGhlIE5ldExvY2sgQ1BTIGF2YWlsYWJsZSBhdCBo +dHRwczovL3d3dy5uZXRsb2NrLm5ldC9kb2NzIG9yIGJ5IGUtbWFpbCBhdCBjcHNA +bmV0bG9jay5uZXQuMA0GCSqGSIb3DQEBBAUAA4GBAATbrowXr/gOkDFOzT4JwG06 +sPgzTEdM43WIEJessDgVkcYplswhwG08pXTP2IKlOcNl40JwuyKQ433bNXbhoLXa +n3BukxowOR0w2y7jfLKRstE3Kfq51hdcR0/jHTjrn9V7lagonhVK0dHQKwCXoOKS +NitjrFgBazMpUIaD8QFI +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFTzCCBLigAwIBAgIBaDANBgkqhkiG9w0BAQQFADCBmzELMAkGA1UEBhMCSFUx +ETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0 +b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9rMTQwMgYDVQQD +EytOZXRMb2NrIEV4cHJlc3N6IChDbGFzcyBDKSBUYW51c2l0dmFueWtpYWRvMB4X +DTk5MDIyNTE0MDgxMVoXDTE5MDIyMDE0MDgxMVowgZsxCzAJBgNVBAYTAkhVMREw +DwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6dG9u +c2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0dmFueWtpYWRvazE0MDIGA1UEAxMr +TmV0TG9jayBFeHByZXNzeiAoQ2xhc3MgQykgVGFudXNpdHZhbnlraWFkbzCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6+ywbGGKIyWvYCDj2Z/8kwvbXY2wobNA +OoLO/XXgeDIDhlqGlZHtU/qdQPzm6N3ZW3oDvV3zOwzDUXmbrVWg6dADEK8KuhRC +2VImESLH0iDMgqSaqf64gXadarfSNnU+sYYJ9m5tfk63euyucYT2BDMIJTLrdKwW +RMbkQJMdf60CAwEAAaOCAp8wggKbMBIGA1UdEwEB/wQIMAYBAf8CAQQwDgYDVR0P +AQH/BAQDAgAGMBEGCWCGSAGG+EIBAQQEAwIABzCCAmAGCWCGSAGG+EIBDQSCAlEW +ggJNRklHWUVMRU0hIEV6ZW4gdGFudXNpdHZhbnkgYSBOZXRMb2NrIEtmdC4gQWx0 +YWxhbm9zIFN6b2xnYWx0YXRhc2kgRmVsdGV0ZWxlaWJlbiBsZWlydCBlbGphcmFz +b2sgYWxhcGphbiBrZXN6dWx0LiBBIGhpdGVsZXNpdGVzIGZvbHlhbWF0YXQgYSBO +ZXRMb2NrIEtmdC4gdGVybWVrZmVsZWxvc3NlZy1iaXp0b3NpdGFzYSB2ZWRpLiBB +IGRpZ2l0YWxpcyBhbGFpcmFzIGVsZm9nYWRhc2FuYWsgZmVsdGV0ZWxlIGF6IGVs +b2lydCBlbGxlbm9yemVzaSBlbGphcmFzIG1lZ3RldGVsZS4gQXogZWxqYXJhcyBs +ZWlyYXNhIG1lZ3RhbGFsaGF0byBhIE5ldExvY2sgS2Z0LiBJbnRlcm5ldCBob25s +YXBqYW4gYSBodHRwczovL3d3dy5uZXRsb2NrLm5ldC9kb2NzIGNpbWVuIHZhZ3kg +a2VyaGV0byBheiBlbGxlbm9yemVzQG5ldGxvY2submV0IGUtbWFpbCBjaW1lbi4g +SU1QT1JUQU5UISBUaGUgaXNzdWFuY2UgYW5kIHRoZSB1c2Ugb2YgdGhpcyBjZXJ0 +aWZpY2F0ZSBpcyBzdWJqZWN0IHRvIHRoZSBOZXRMb2NrIENQUyBhdmFpbGFibGUg +YXQgaHR0cHM6Ly93d3cubmV0bG9jay5uZXQvZG9jcyBvciBieSBlLW1haWwgYXQg +Y3BzQG5ldGxvY2submV0LjANBgkqhkiG9w0BAQQFAAOBgQAQrX/XDDKACtiG8XmY +ta3UzbM2xJZIwVzNmtkFLp++UOv0JhQQLdRmF/iewSf98e3ke0ugbLWrmldwpu2g +pO0u9f38vf5NNwgMvOOWgyL1SRt/Syu0VMGAfJlOHdCM7tCs5ZL6dVb+ZKATj7i4 +Fp1hBWeAyNDYpQcCNJgEjTME1A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGfTCCBWWgAwIBAgICAQMwDQYJKoZIhvcNAQEEBQAwga8xCzAJBgNVBAYTAkhV +MRAwDgYDVQQIEwdIdW5nYXJ5MREwDwYDVQQHEwhCdWRhcGVzdDEnMCUGA1UEChMe +TmV0TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQuMRowGAYDVQQLExFUYW51c2l0 +dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9jayBLb3pqZWd5em9pIChDbGFzcyBB +KSBUYW51c2l0dmFueWtpYWRvMB4XDTk5MDIyNDIzMTQ0N1oXDTE5MDIxOTIzMTQ0 +N1owga8xCzAJBgNVBAYTAkhVMRAwDgYDVQQIEwdIdW5nYXJ5MREwDwYDVQQHEwhC +dWRhcGVzdDEnMCUGA1UEChMeTmV0TG9jayBIYWxvemF0Yml6dG9uc2FnaSBLZnQu +MRowGAYDVQQLExFUYW51c2l0dmFueWtpYWRvazE2MDQGA1UEAxMtTmV0TG9jayBL +b3pqZWd5em9pIChDbGFzcyBBKSBUYW51c2l0dmFueWtpYWRvMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHSMD7tM9DceqQWC2ObhbHDqeLVu0ThEDaiD +zl3S1tWBxdRL51uUcCbbO51qTGL3cfNk1mE7PetzozfZz+qMkjvN9wfcZnSX9EUi +3fRc4L9t875lM+QVOr/bmJBVOMTtplVjC7B4BPTjbsE/jvxReB+SnoPC/tmwqcm8 +WgD/qaiYdPv2LD4VOQ22BFWoDpggQrOxJa1+mm9dU7GrDPzr4PN6s6iz/0b2Y6LY +Oph7tqyF/7AlT3Rj5xMHpQqPBffAZG9+pyeAlt7ULoZgx2srXnN7F+eRP2QM2Esi +NCubMvJIH5+hCoR64sKtlz2O1cH5VqNQ6ca0+pii7pXmKgOM3wIDAQABo4ICnzCC +ApswDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB/wQIMAYBAf8CAQQwEQYJYIZIAYb4 +QgEBBAQDAgAHMIICYAYJYIZIAYb4QgENBIICURaCAk1GSUdZRUxFTSEgRXplbiB0 +YW51c2l0dmFueSBhIE5ldExvY2sgS2Z0LiBBbHRhbGFub3MgU3pvbGdhbHRhdGFz +aSBGZWx0ZXRlbGVpYmVuIGxlaXJ0IGVsamFyYXNvayBhbGFwamFuIGtlc3p1bHQu +IEEgaGl0ZWxlc2l0ZXMgZm9seWFtYXRhdCBhIE5ldExvY2sgS2Z0LiB0ZXJtZWtm +ZWxlbG9zc2VnLWJpenRvc2l0YXNhIHZlZGkuIEEgZGlnaXRhbGlzIGFsYWlyYXMg +ZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYXogZWxvaXJ0IGVsbGVub3J6ZXNpIGVs +amFyYXMgbWVndGV0ZWxlLiBBeiBlbGphcmFzIGxlaXJhc2EgbWVndGFsYWxoYXRv +IGEgTmV0TG9jayBLZnQuIEludGVybmV0IGhvbmxhcGphbiBhIGh0dHBzOi8vd3d3 +Lm5ldGxvY2submV0L2RvY3MgY2ltZW4gdmFneSBrZXJoZXRvIGF6IGVsbGVub3J6 +ZXNAbmV0bG9jay5uZXQgZS1tYWlsIGNpbWVuLiBJTVBPUlRBTlQhIFRoZSBpc3N1 +YW5jZSBhbmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGlzIHN1YmplY3Qg +dG8gdGhlIE5ldExvY2sgQ1BTIGF2YWlsYWJsZSBhdCBodHRwczovL3d3dy5uZXRs +b2NrLm5ldC9kb2NzIG9yIGJ5IGUtbWFpbCBhdCBjcHNAbmV0bG9jay5uZXQuMA0G +CSqGSIb3DQEBBAUAA4IBAQBIJEb3ulZv+sgoA0BO5TE5ayZrU3/b39/zcT0mwBQO +xmd7I6gMc90Bu8bKbjc5VdXHjFYgDigKDtIqpLBJUsY4B/6+CgmM0ZjPytoUMaFP +0jn8DxEsQ8Pdq5PHVT5HfBgaANzze9jyf1JsIPQLX2lS9O74silg6+NJMSEN1rUQ +QeJBCWziGppWS3cC9qCbmieH6FUpccKQn0V4GuEVZD3QDtigdp+uxdAu6tYPVuxk +f1qbFFgBJ34TUMdrKuZoPL9coAob4Q566eKAw+np9v1sEZ7Q5SgnK1QyQhSCdeZK +8CtmdWOMovsEPoMOmzbwGOQmIMOM8CgHrTwXZoi1/baI +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIG0TCCBbmgAwIBAgIBezANBgkqhkiG9w0BAQUFADCByTELMAkGA1UEBhMCSFUx +ETAPBgNVBAcTCEJ1ZGFwZXN0MScwJQYDVQQKEx5OZXRMb2NrIEhhbG96YXRiaXp0 +b25zYWdpIEtmdC4xGjAYBgNVBAsTEVRhbnVzaXR2YW55a2lhZG9rMUIwQAYDVQQD +EzlOZXRMb2NrIE1pbm9zaXRldHQgS296amVneXpvaSAoQ2xhc3MgUUEpIFRhbnVz +aXR2YW55a2lhZG8xHjAcBgkqhkiG9w0BCQEWD2luZm9AbmV0bG9jay5odTAeFw0w +MzAzMzAwMTQ3MTFaFw0yMjEyMTUwMTQ3MTFaMIHJMQswCQYDVQQGEwJIVTERMA8G +A1UEBxMIQnVkYXBlc3QxJzAlBgNVBAoTHk5ldExvY2sgSGFsb3phdGJpenRvbnNh +Z2kgS2Z0LjEaMBgGA1UECxMRVGFudXNpdHZhbnlraWFkb2sxQjBABgNVBAMTOU5l +dExvY2sgTWlub3NpdGV0dCBLb3pqZWd5em9pIChDbGFzcyBRQSkgVGFudXNpdHZh +bnlraWFkbzEeMBwGCSqGSIb3DQEJARYPaW5mb0BuZXRsb2NrLmh1MIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1Ilstg91IRVCacbvWy5FPSKAtt2/Goq +eKvld/Bu4IwjZ9ulZJm53QE+b+8tmjwi8F3JV6BVQX/yQ15YglMxZc4e8ia6AFQe +r7C8HORSjKAyr7c3sVNnaHRnUPYtLmTeriZ539+Zhqurf4XsoPuAzPS4DB6TRWO5 +3Lhbm+1bOdRfYrCnjnxmOCyqsQhjF2d9zL2z8cM/z1A57dEZgxXbhxInlrfa6uWd +vLrqOU+L73Sa58XQ0uqGURzk/mQIKAR5BevKxXEOC++r6uwSEaEYBTJp0QwsGj0l +mT+1fMptsK6ZmfoIYOcZwvK9UdPM0wKswREMgM6r3JSda6M5UzrWhQIDAMV9o4IC +wDCCArwwEgYDVR0TAQH/BAgwBgEB/wIBBDAOBgNVHQ8BAf8EBAMCAQYwggJ1Bglg +hkgBhvhCAQ0EggJmFoICYkZJR1lFTEVNISBFemVuIHRhbnVzaXR2YW55IGEgTmV0 +TG9jayBLZnQuIE1pbm9zaXRldHQgU3pvbGdhbHRhdGFzaSBTemFiYWx5emF0YWJh +biBsZWlydCBlbGphcmFzb2sgYWxhcGphbiBrZXN6dWx0LiBBIG1pbm9zaXRldHQg +ZWxla3Ryb25pa3VzIGFsYWlyYXMgam9naGF0YXMgZXJ2ZW55ZXN1bGVzZW5laywg +dmFsYW1pbnQgZWxmb2dhZGFzYW5hayBmZWx0ZXRlbGUgYSBNaW5vc2l0ZXR0IFN6 +b2xnYWx0YXRhc2kgU3phYmFseXphdGJhbiwgYXogQWx0YWxhbm9zIFN6ZXJ6b2Rl +c2kgRmVsdGV0ZWxla2JlbiBlbG9pcnQgZWxsZW5vcnplc2kgZWxqYXJhcyBtZWd0 +ZXRlbGUuIEEgZG9rdW1lbnR1bW9rIG1lZ3RhbGFsaGF0b2sgYSBodHRwczovL3d3 +dy5uZXRsb2NrLmh1L2RvY3MvIGNpbWVuIHZhZ3kga2VyaGV0b2sgYXogaW5mb0Bu +ZXRsb2NrLm5ldCBlLW1haWwgY2ltZW4uIFdBUk5JTkchIFRoZSBpc3N1YW5jZSBh +bmQgdGhlIHVzZSBvZiB0aGlzIGNlcnRpZmljYXRlIGFyZSBzdWJqZWN0IHRvIHRo +ZSBOZXRMb2NrIFF1YWxpZmllZCBDUFMgYXZhaWxhYmxlIGF0IGh0dHBzOi8vd3d3 +Lm5ldGxvY2suaHUvZG9jcy8gb3IgYnkgZS1tYWlsIGF0IGluZm9AbmV0bG9jay5u +ZXQwHQYDVR0OBBYEFAlqYhaSsFq7VQ7LdTI6MuWyIckoMA0GCSqGSIb3DQEBBQUA +A4IBAQCRalCc23iBmz+LQuM7/KbD7kPgz/PigDVJRXYC4uMvBcXxKufAQTPGtpvQ +MznNwNuhrWw3AkxYQTvyl5LGSKjN5Yo5iWH5Upfpvfb5lHTocQ68d4bDBsxafEp+ +NFAwLvt/MpqNPfMgW/hqyobzMUwsWYACff44yTB1HLdV47yfuqhthCgFdbOLDcCR +VCHnpgu0mfVRQdzNo0ci2ccBgcTcR08m6h/t280NmPSjnLRzMkqWmf68f8glWPhY +83ZmiVSkpj7EUFy6iRiCdUgh0k8T6GB+B3bbELVR5qq5aKrN9p2QdRLqOBrKROi3 +macqaJVmlaut74nLYKkGEsaUR+ko +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBi +MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu +MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp +dHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV +UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO +ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz +c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP +OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl +mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF +BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4 +qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcw +gZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwu +bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp +dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc8 +6fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/ +h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH +/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv +wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN +pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC +TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz +MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw +IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR +dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp +li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D +rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ +WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug +F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU +xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC +Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv +dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw +ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl +IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh +c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy +ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh +Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI +KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T +KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq +y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p +dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD +VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL +MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk +fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8 +7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R +cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y +mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW +xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK +SnQ2+Q== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x +GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv +b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV +BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W +YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa +GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg +Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J +WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB +rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp ++ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 +ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i +Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz +PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og +/zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH +oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI +yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud +EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 +A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL +MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT +ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f +BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn +g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl +fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K +WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha +B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc +hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR +TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD +mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z +ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y +4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza +8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x +GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv +b3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV +BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W +YWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM +V0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNggDhoB +4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUr +H556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd +8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9Cabwv +vWhDFlaJKjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLT +mZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhe +btfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjc +T5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDt +WAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZ +c6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A +4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYD +VR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG +CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0 +aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 +aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu +dC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2Nw +czALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4G +A1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJC +TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMg +Um9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM0 +7ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem +d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd ++LJ2w/w4E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B +4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadN +t54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x +DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57 +k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s +zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j +Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT +mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK +4SVhM7JZG+Ju1zdXtg2pEto= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0 +IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz +BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y +aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG +9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMjIzM1oXDTE5MDYy +NjAwMjIzM1owgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y +azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs +YXNzIDMgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw +Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl +cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjmFGWHOjVsQaBalfD +cnWTq8+epvzzFlLWLU2fNUSoLgRNB0mKOCn1dzfnt6td3zZxFJmP3MKS8edgkpfs +2Ejcv8ECIMYkpChMMFp2bbFc893enhBxoYjHW5tBbcqwuI4V7q0zK89HBFx1cQqY +JJgpp0lZpd34t0NiYfPT4tBVPwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFa7AliE +Zwgs3x/be0kz9dNnnfS0ChCzycUs4pJqcXgn8nCDQtM+z6lU9PHYkhaM0QTLS6vJ +n0WuPIqpsHEzXcjFV9+vqDWzf4mH6eglkrh/hXqu1rweN1gqZ8mRzyqBPu3GOd/A +PhmcGcwTTYJBtYze4D1gCCAPRX5ron+jjBXu +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICXDCCAcWgAwIBAgIQCgEBAQAAAnwAAAALAAAAAjANBgkqhkiG9w0BAQUFADA6 +MRkwFwYDVQQKExBSU0EgU2VjdXJpdHkgSW5jMR0wGwYDVQQLExRSU0EgU2VjdXJp +dHkgMTAyNCBWMzAeFw0wMTAyMjIyMTAxNDlaFw0yNjAyMjIyMDAxNDlaMDoxGTAX +BgNVBAoTEFJTQSBTZWN1cml0eSBJbmMxHTAbBgNVBAsTFFJTQSBTZWN1cml0eSAx +MDI0IFYzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDV3f5mCc8kPD6ugU5O +isRpgFtZO9+5TUzKtS3DJy08rwBCbbwoppbPf9dYrIMKo1W1exeQFYRMiu4mmdxY +78c4pqqv0I5CyGLXq6yp+0p9v+r+Ek3d/yYtbzZUaMjShFbuklNhCbM/OZuoyZu9 +zp9+1BlqFikYvtc6adwlWzMaUQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBTEwBykB5T9zU0B1FTapQxf3q4FWjAd +BgNVHQ4EFgQUxMAcpAeU/c1NAdRU2qUMX96uBVowDQYJKoZIhvcNAQEFBQADgYEA +Py1q4yZDlX2Jl2X7deRyHUZXxGFraZ8SmyzVWujAovBDleMf6XbN3Ou8k6BlCsdN +T1+nr6JGFLkM88y9am63nd4lQtBU/55oc2PcJOsiv6hy8l4A4Q1OOkNumU4/iXgD +mMrzVcydro7BqkWY+o8aoI2II/EVQQ2lRj6RP4vr93E= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDYTCCAkmgAwIBAgIQCgEBAQAAAnwAAAAKAAAAAjANBgkqhkiG9w0BAQUFADA6 +MRkwFwYDVQQKExBSU0EgU2VjdXJpdHkgSW5jMR0wGwYDVQQLExRSU0EgU2VjdXJp +dHkgMjA0OCBWMzAeFw0wMTAyMjIyMDM5MjNaFw0yNjAyMjIyMDM5MjNaMDoxGTAX +BgNVBAoTEFJTQSBTZWN1cml0eSBJbmMxHTAbBgNVBAsTFFJTQSBTZWN1cml0eSAy +MDQ4IFYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt49VcdKA3Xtp +eafwGFAyPGJn9gqVB93mG/Oe2dJBVGutn3y+Gc37RqtBaB4Y6lXIL5F4iSj7Jylg +/9+PjDvJSZu1pJTOAeo+tWN7fyb9Gd3AIb2E0S1PRsNO3Ng3OTsor8udGuorryGl +wSMiuLgbWhOHV4PR8CDn6E8jQrAApX2J6elhc5SYcSa8LWrg903w8bYqODGBDSnh +AMFRD0xS+ARaqn1y07iHKrtjEAMqs6FPDVpeRrc9DvV07Jmf+T0kgYim3WBU6JU2 +PcYJk5qjEoAAVZkZR73QpXzDuvsf9/UP+Ky5tfQ3mBMY3oVbtwyCO4dvlTlYMNpu +AWgXIszACwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAfBgNVHSMEGDAWgBQHw1EwpKrpRa41JPr/JCwz0LGdjDAdBgNVHQ4EFgQUB8NR +MKSq6UWuNST6/yQsM9CxnYwwDQYJKoZIhvcNAQEFBQADggEBAF8+hnZuuDU8TjYc +HnmYv/3VEhF5Ug7uMYm83X/50cYVIeiKAVQNOvtUudZj1LGqlk2iQk3UUx+LEN5/ +Zb5gEydxiKRz44Rj0aRV4VCT5hsOedBnvEbIvz8XDZXmxpBp3ue0L96VfdASPz0+ +f00/FGj1EVDVwfSQpQgdMWD/YIwjVAqv/qFuxdF6Kmh4zx6CCiC0H63lhbJqaHVO +rSU3lIW+vaHU6rcMSzyd6BIA8F+sDeGscGNz9395nzIlQnQFgCi/vcEkllgVsRch +6YlL2weIZ/QVrXA+L02FO8K32/6YaCOJ4XQP3vTFhGMpG8zLB8kApKnXwiJPZ9d3 +7CAFYd4= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI +MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x +FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz +MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv +cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz +Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO +0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao +wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj +7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS +8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT +BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg +JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC +NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3 +6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/ +3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm +D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS +CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR +3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK +MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x +GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx +MjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg +Q29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ +iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa +/FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ +jnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI +HmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7 +sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w +gZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw +KaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG +AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L +URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO +H0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm +I50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY +iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc +f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY +MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t +dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5 +WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD +VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8 +9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ +DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9 +Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N +QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ +xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G +A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG +kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr +Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5 +Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU +JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot +RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBJDANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP +MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MxIENBMB4XDTAx +MDQwNjEwNDkxM1oXDTIxMDQwNjEwNDkxM1owOTELMAkGA1UEBhMCRkkxDzANBgNV +BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMSBDQTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBALWJHytPZwp5/8Ue+H887dF+2rDNbS82rDTG +29lkFwhjMDMiikzujrsPDUJVyZ0upe/3p4zDq7mXy47vPxVnqIJyY1MPQYx9EJUk +oVqlBvqSV536pQHydekfvFYmUk54GWVYVQNYwBSujHxVX3BbdyMGNpfzJLWaRpXk +3w0LBUXl0fIdgrvGE+D+qnr9aTCU89JFhfzyMlsy3uhsXR/LpCJ0sICOXZT3BgBL +qdReLjVQCfOAl/QMF6452F/NM8EcyonCIvdFEu1eEpOdY6uCLrnrQkFEy0oaAIIN +nvmLVz5MxxftLItyM19yejhW1ebZrgUaHXVFsculJRwSVzb9IjcCAwEAAaMzMDEw +DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIR+IMi/ZTiFIwCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBBQUAA4IBAQCLGrLJXWG04bkruVPRsoWdd44W7hE928Jj2VuX +ZfsSZ9gqXLar5V7DtxYvyOirHYr9qxp81V9jz9yw3Xe5qObSIjiHBxTZ/75Wtf0H +DjxVyhbMp6Z3N/vbXB9OWQaHowND9Rart4S9Tu+fMTfwRvFAttEMpWT4Y14h21VO +TzF2nBBhjrZTOqMRvq9tfB69ri3iDGnHhVNoomG6xT60eVR4ngrHAr5i0RGCS2Uv +kVrCqIexVmiUefkl98HVrhq4uz2PqYo4Ffdz0Fpg0YCw8NzVUM1O7pJIae2yIx4w +zMiUyLb1O4Z/P6Yun/Y+LLWSlj7fLJOK/4GMDw9ZIRlXvVWa +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP +MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAx +MDQwNjA3Mjk0MFoXDTIxMDQwNjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNV +BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3/Ei9vX+ALTU74W+o +Z6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybTdXnt +5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s +3TmVToMGf+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2Ej +vOr7nQKV0ba5cTppCD8PtOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu +8nYybieDwnPz3BjotJPqdURrBGAgcVeHnfO+oJAjPYok4doh28MCAwEAAaMzMDEw +DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITTXjwwCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt0jSv9zil +zqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/ +3DEIcbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvD +FNr450kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6 +Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2 +ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9M +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgIEAJiWijANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJO +TDEeMBwGA1UEChMVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSYwJAYDVQQDEx1TdGFh +dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQTAeFw0wMjEyMTcwOTIzNDlaFw0xNTEy +MTYwOTE1MzhaMFUxCzAJBgNVBAYTAk5MMR4wHAYDVQQKExVTdGFhdCBkZXIgTmVk +ZXJsYW5kZW4xJjAkBgNVBAMTHVN0YWF0IGRlciBOZWRlcmxhbmRlbiBSb290IENB +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNK1URF6gaYUmHFtvszn +ExvWJw56s2oYHLZhWtVhCb/ekBPHZ+7d89rFDBKeNVU+LCeIQGv33N0iYfXCxw71 +9tV2U02PjLwYdjeFnejKScfST5gTCaI+Ioicf9byEGW07l8Y1Rfj+MX94p2i71MO +hXeiD+EwR+4A5zN9RGcaC1Hoi6CeUJhoNFIfLm0B8mBF8jHrqTFoKbt6QZ7GGX+U +tFE5A3+y3qcym7RHjm+0Sq7lr7HcsBthvJly3uSJt3omXdozSVtSnA71iq3DuD3o +BmrC1SoLbHuEvVYFy4ZlkuxEK7COudxwC0barbxjiDn622r+I/q85Ej0ZytqERAh +SQIDAQABo4GRMIGOMAwGA1UdEwQFMAMBAf8wTwYDVR0gBEgwRjBEBgRVHSAAMDww +OgYIKwYBBQUHAgEWLmh0dHA6Ly93d3cucGtpb3ZlcmhlaWQubmwvcG9saWNpZXMv +cm9vdC1wb2xpY3kwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSofeu8Y6R0E3QA +7Jbg0zTBLL9s+DANBgkqhkiG9w0BAQUFAAOCAQEABYSHVXQ2YcG70dTGFagTtJ+k +/rvuFbQvBgwp8qiSpGEN/KtcCFtREytNwiphyPgJWPwtArI5fZlmgb9uXJVFIGzm +eafR2Bwp/MIgJ1HI8XxdNGdphREwxgDS1/PTfLbwMVcoEoJz6TMvplW0C5GUR5z6 +u3pCMuiufi3IvKwUv9kP2Vv8wfl6leF9fpb8cbDCTMjfRTTJzg3ynGQI0DvDKcWy +7ZAEwbEpkcUwb8GpcjPM/l0WFywRaed+/sWDCN+83CI6LiBpIzlWYGeQiy52OfsR +iJf2fL1LuCAWZwWN4jvBcj+UlTfHXbme2JOhF4//DGYVwSR8MnwDHTuhWEUykw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl +MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp +U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw +NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE +ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp +ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3 +DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf +8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN ++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0 +X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa +K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA +1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G +A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR +zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0 +YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD +bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w +DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3 +L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D +eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl +xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp +VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY +WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW +MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg +Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9 +MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi +U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh +cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA +A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk +pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf +OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C +Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT +Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi +HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM +Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w ++2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+ +Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3 +Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B +26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID +AQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE +FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9j +ZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3Js +LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFM +BgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0 +Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFy +dGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3Rh +cnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlh +YmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2Yg +dGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFp +bGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJ +YIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNT +TCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEAFmyZ +9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8 +jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUW +FjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJz +ewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1 +ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3fsNrarnDy0RLrHiQi+fHLB5L +EUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZEoalHmdkrQYu +L6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq +yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuC +O3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6V +um0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkySh +NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFFjCCBH+gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBsDELMAkGA1UEBhMCSUwx +DzANBgNVBAgTBklzcmFlbDEOMAwGA1UEBxMFRWlsYXQxFjAUBgNVBAoTDVN0YXJ0 +Q29tIEx0ZC4xGjAYBgNVBAsTEUNBIEF1dGhvcml0eSBEZXAuMSkwJwYDVQQDEyBG +cmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS +YWRtaW5Ac3RhcnRjb20ub3JnMB4XDTA1MDMxNzE3Mzc0OFoXDTM1MDMxMDE3Mzc0 +OFowgbAxCzAJBgNVBAYTAklMMQ8wDQYDVQQIEwZJc3JhZWwxDjAMBgNVBAcTBUVp +bGF0MRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMRowGAYDVQQLExFDQSBBdXRob3Jp +dHkgRGVwLjEpMCcGA1UEAxMgRnJlZSBTU0wgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkxITAfBgkqhkiG9w0BCQEWEmFkbWluQHN0YXJ0Y29tLm9yZzCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEA7YRgACOeyEpRKSfeOqE5tWmrCbIvNP1h3D3TsM+x +18LEwrHkllbEvqoUDufMOlDIOmKdw6OsWXuO7lUaHEe+o5c5s7XvIywI6Nivcy+5 +yYPo7QAPyHWlLzRMGOh2iCNJitu27Wjaw7ViKUylS7eYtAkUEKD4/mJ2IhULpNYI +LzUCAwEAAaOCAjwwggI4MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgHmMB0G +A1UdDgQWBBQcicOWzL3+MtUNjIExtpidjShkjTCB3QYDVR0jBIHVMIHSgBQcicOW +zL3+MtUNjIExtpidjShkjaGBtqSBszCBsDELMAkGA1UEBhMCSUwxDzANBgNVBAgT +BklzcmFlbDEOMAwGA1UEBxMFRWlsYXQxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4x +GjAYBgNVBAsTEUNBIEF1dGhvcml0eSBEZXAuMSkwJwYDVQQDEyBGcmVlIFNTTCBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSYWRtaW5Ac3Rh +cnRjb20ub3JnggEAMB0GA1UdEQQWMBSBEmFkbWluQHN0YXJ0Y29tLm9yZzAdBgNV +HRIEFjAUgRJhZG1pbkBzdGFydGNvbS5vcmcwEQYJYIZIAYb4QgEBBAQDAgAHMC8G +CWCGSAGG+EIBDQQiFiBGcmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAy +BglghkgBhvhCAQQEJRYjaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL2NhLWNybC5j +cmwwKAYJYIZIAYb4QgECBBsWGWh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy8wOQYJ +YIZIAYb4QgEIBCwWKmh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9pbmRleC5waHA/ +YXBwPTExMTANBgkqhkiG9w0BAQQFAAOBgQBscSXhnjSRIe/bbL0BCFaPiNhBOlP1 +ct8nV0t2hPdopP7rPwl+KLhX6h/BquL/lp9JmeaylXOWxkjHXo0Hclb4g4+fd68p +00UOpO6wNnQt8M2YI3s3S9r+UZjEHjQ8iP2ZO1CnwYszx8JSFhKVU2Ui77qLzmLb +cCOxgN8aIDjnfg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln +biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF +MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT +d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8 +76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+ +bbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c +6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE +emA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd +MmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt +MDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y +MszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y +FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi +aG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM +gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB +qTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7 +lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn +8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov +L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6 +45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO +UYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5 +O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC +bwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv +GPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a +77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC +hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3 +92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp +Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w +ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt +Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFwTCCA6mgAwIBAgIITrIAZwwDXU8wDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE +BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEjMCEGA1UEAxMaU3dpc3NTaWdu +IFBsYXRpbnVtIENBIC0gRzIwHhcNMDYxMDI1MDgzNjAwWhcNMzYxMDI1MDgzNjAw +WjBJMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMSMwIQYDVQQD +ExpTd2lzc1NpZ24gUGxhdGludW0gQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAMrfogLi2vj8Bxax3mCq3pZcZB/HL37PZ/pEQtZ2Y5Wu669y +IIpFR4ZieIbWIDkm9K6j/SPnpZy1IiEZtzeTIsBQnIJ71NUERFzLtMKfkr4k2Htn +IuJpX+UFeNSH2XFwMyVTtIc7KZAoNppVRDBopIOXfw0enHb/FZ1glwCNioUD7IC+ +6ixuEFGSzH7VozPY1kneWCqv9hbrS3uQMpe5up1Y8fhXSQQeol0GcN1x2/ndi5ob +jM89o03Oy3z2u5yg+gnOI2Ky6Q0f4nIoj5+saCB9bzuohTEJfwvH6GXp43gOCWcw +izSC+13gzJ2BbWLuCB4ELE6b7P6pT1/9aXjvCR+htL/68++QHkwFix7qepF6w9fl ++zC8bBsQWJj3Gl/QKTIDE0ZNYWqFTFJ0LwYfexHihJfGmfNtf9dng34TaNhxKFrY +zt3oEBSa/m0jh26OWnA81Y0JAKeqvLAxN23IhBQeW71FYyBrS3SMvds6DsHPWhaP +pZjydomyExI7C3d3rLvlPClKknLKYRorXkzig3R3+jVIeoVNjZpTxN94ypeRSCtF +KwH3HBqi7Ri6Cr2D+m+8jVeTO9TUps4e8aCxzqv9KyiaTxvXw3LbpMS/XUz13XuW +ae5ogObnmLo2t/5u7Su9IPhlGdpVCX4l3P5hYnL5fhgC72O00Puv5TtjjGePAgMB +AAGjgawwgakwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O +BBYEFFCvzAeHFUdvOMW0ZdHelarp35zMMB8GA1UdIwQYMBaAFFCvzAeHFUdvOMW0 +ZdHelarp35zMMEYGA1UdIAQ/MD0wOwYJYIV0AVkBAQEBMC4wLAYIKwYBBQUHAgEW +IGh0dHA6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vMA0GCSqGSIb3DQEBBQUA +A4ICAQAIhab1Fgz8RBrBY+D5VUYI/HAcQiiWjrfFwUF1TglxeeVtlspLpYhg0DB0 +uMoI3LQwnkAHFmtllXcBrqS3NQuB2nEVqXQXOHtYyvkv+8Bldo1bAbl93oI9ZLi+ +FHSjClTTLJUYFzX1UWs/j6KWYTl4a0vlpqD4U99REJNi54Av4tHgvI42Rncz7Lj7 +jposiU0xEQ8mngS7twSNC/K5/FqdOxa3L8iYq/6KUFkuozv8KV2LwUvJ4ooTHbG/ +u0IdUt1O2BReEMYxB+9xJ/cbOQncguqLs5WGXv312l0xpuAxtpTmREl0xRbl9x8D +YSjFyMsSoEJL+WuICI20MhjzdZ/EfwBPBZWcoxcCw7NTm6ogOSkrZvqdr16zktK1 +puEa+S1BaYEUtLS17Yk9zvupnTVCRLEcFHOBzyoBNZox1S2PbYTfgE1X4z/FhHXa +icYwu+uPyyIIoK6q8QNsOktNCaUOcsZWayFCTiMlFGiudgp8DAdwZPmaL/YFOSbG +DI8Zf0NebvRbFS/bYV3mZy8/CJT5YLSYMdp08YSTcU1f+2BY0fvEwW2JorsgH51x +kcsymxM9Pn2SUjWskpSi0xjCfMfqr3YFFt1nJ8J+HAciIfNAChs0B0QTwoRqjt8Z +Wr9/6x3iGjjRXK9HkmuAtTClyY3YqzGBH9/CZjfTk6mFhnll0g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE +BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu +IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow +RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY +U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv +Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br +YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF +nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH +6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt +eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/ +c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ +MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH +HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf +jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6 +5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB +rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU +F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c +wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0 +cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB +AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp +WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9 +xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ +2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ +IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8 +aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X +em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR +dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/ +OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+ +hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy +tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIF2TCCA8GgAwIBAgIQXAuFXAvnWUHfV8w/f52oNjANBgkqhkiG9w0BAQUFADBk +MQswCQYDVQQGEwJjaDERMA8GA1UEChMIU3dpc3Njb20xJTAjBgNVBAsTHERpZ2l0 +YWwgQ2VydGlmaWNhdGUgU2VydmljZXMxGzAZBgNVBAMTElN3aXNzY29tIFJvb3Qg +Q0EgMTAeFw0wNTA4MTgxMjA2MjBaFw0yNTA4MTgyMjA2MjBaMGQxCzAJBgNVBAYT +AmNoMREwDwYDVQQKEwhTd2lzc2NvbTElMCMGA1UECxMcRGlnaXRhbCBDZXJ0aWZp +Y2F0ZSBTZXJ2aWNlczEbMBkGA1UEAxMSU3dpc3Njb20gUm9vdCBDQSAxMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0LmwqAzZuz8h+BvVM5OAFmUgdbI9 +m2BtRsiMMW8Xw/qabFbtPMWRV8PNq5ZJkCoZSx6jbVfd8StiKHVFXqrWW/oLJdih +FvkcxC7mlSpnzNApbjyFNDhhSbEAn9Y6cV9Nbc5fuankiX9qUvrKm/LcqfmdmUc/ +TilftKaNXXsLmREDA/7n29uj/x2lzZAeAR81sH8A25Bvxn570e56eqeqDFdvpG3F +EzuwpdntMhy0XmeLVNxzh+XTF3xmUHJd1BpYwdnP2IkCb6dJtDZd0KTeByy2dbco +kdaXvij1mB7qWybJvbCXc9qukSbraMH5ORXWZ0sKbU/Lz7DkQnGMU3nn7uHbHaBu +HYwadzVcFh4rUx80i9Fs/PJnB3r1re3WmquhsUvhzDdf/X/NTa64H5xD+SpYVUNF +vJbNcA78yeNmuk6NO4HLFWR7uZToXTNShXEuT46iBhFRyePLoW4xCGQMwtI89Tbo +19AOeCMgkckkKmUpWyL3Ic6DXqTz3kvTaI9GdVyDCW4pa8RwjPWd1yAv/0bSKzjC +L3UcPX7ape8eYIVpQtPM+GP+HkM5haa2Y0EQs3MevNP6yn0WR+Kn1dCjigoIlmJW +bjTb2QK5MHXjBNLnj8KwEUAKrNVxAmKLMb7dxiNYMUJDLXT5xp6mig/p/r+D5kNX +JLrvRjSq1xIBOO0CAwEAAaOBhjCBgzAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0hBBYw +FDASBgdghXQBUwABBgdghXQBUwABMBIGA1UdEwEB/wQIMAYBAf8CAQcwHwYDVR0j +BBgwFoAUAyUv3m+CATpcLNwroWm1Z9SM0/0wHQYDVR0OBBYEFAMlL95vggE6XCzc +K6FptWfUjNP9MA0GCSqGSIb3DQEBBQUAA4ICAQA1EMvspgQNDQ/NwNurqPKIlwzf +ky9NfEBWMXrrpA9gzXrzvsMnjgM+pN0S734edAY8PzHyHHuRMSG08NBsl9Tpl7Ik +Vh5WwzW9iAUPWxAaZOHHgjD5Mq2eUCzneAXQMbFamIp1TpBcahQq4FJHgmDmHtqB +sfsUC1rxn9KVuj7QG9YVHaO+htXbD8BJZLsuUBlL0iT43R4HVtA4oJVwIHaM190e +3p9xxCPvgxNcoyQVTSlAPGrEqdi3pkSlDfTgnXceQHAm/NrZNuR55LU/vJtlvrsR +ls/bxig5OgjOR1tTWsWZ/l2p3e9M1MalrQLmjAcSHm8D0W+go/MpvRLHUKKwf4ip +mXeascClOS5cfGniLLDqN2qk4Vrh9VDlg++luyqI54zb/W1elxmofmZ1a3Hqv7HH +b6D0jqTsNFFbjCYDcKF31QESVwA12yPeDooomf2xEG9L/zgtYE4snOtnta1J7ksf +rK/7DZBaZmBwXarNeNQk7shBoJMBkpxqnvy5JMWzFYJ+vq6VK+uxwNrjAWALXmms +hFZhvnEX/h0TD/7Gh0Xp/jKgGg0TpJRVcaUWi7rKibCyx/yP2FS1k2Kdzs9Z+z0Y +zirLNRWCXf9UIltxUvu3yf5gmwBBZPCqKuy2QkPOiWaByIufOVQDJdMWNY6E0F/6 +MBr1mmz0DlP5OlvRHA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDXDCCAsWgAwIBAgICA+owDQYJKoZIhvcNAQEEBQAwgbwxCzAJBgNVBAYTAkRF +MRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFU +QyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJI +MSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBMSkwJwYJKoZIhvcN +AQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw05ODAzMDkxMTU5NTla +Fw0xMTAxMDExMTU5NTlaMIG8MQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVy +ZzEQMA4GA1UEBxMHSGFtYnVyZzE6MDgGA1UEChMxVEMgVHJ1c3RDZW50ZXIgZm9y +IFNlY3VyaXR5IGluIERhdGEgTmV0d29ya3MgR21iSDEiMCAGA1UECxMZVEMgVHJ1 +c3RDZW50ZXIgQ2xhc3MgMiBDQTEpMCcGCSqGSIb3DQEJARYaY2VydGlmaWNhdGVA +dHJ1c3RjZW50ZXIuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANo46O0y +AClxgwENv4wB3NrGrTmkqYov1YtcaF9QxmL1Zr3KkSLsqh1R1z2zUbKDTl3LSbDw +TFXlay3HhQswHJJOgtTKAu33b77c4OMUuAVT8pr0VotanoWT0bSCVq5Nu6hLVxa8 +/vhYnvgpjbB7zXjJT6yLZwzxnPv8V5tXXE8NAgMBAAGjazBpMA8GA1UdEwEB/wQF +MAMBAf8wDgYDVR0PAQH/BAQDAgGGMDMGCWCGSAGG+EIBCAQmFiRodHRwOi8vd3d3 +LnRydXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwEQYJYIZIAYb4QgEBBAQDAgAHMA0G +CSqGSIb3DQEBBAUAA4GBAIRS+yjf/x91AbwBvgRWl2p0QiQxg/lGsQaKic+WLDO/ +jLVfenKhhQbOhvgFjuj5Jcrag4wGrOs2bYWRNAQ29ELw+HkuCkhcq8xRT3h2oNms +Gb0q0WkEKJHKNhAngFdb0lz1wlurZIFjdFH0l7/NEij3TWZ/p/AcASZ4smZHcFFk +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDXDCCAsWgAwIBAgICA+swDQYJKoZIhvcNAQEEBQAwgbwxCzAJBgNVBAYTAkRF +MRAwDgYDVQQIEwdIYW1idXJnMRAwDgYDVQQHEwdIYW1idXJnMTowOAYDVQQKEzFU +QyBUcnVzdENlbnRlciBmb3IgU2VjdXJpdHkgaW4gRGF0YSBOZXR3b3JrcyBHbWJI +MSIwIAYDVQQLExlUQyBUcnVzdENlbnRlciBDbGFzcyAzIENBMSkwJwYJKoZIhvcN +AQkBFhpjZXJ0aWZpY2F0ZUB0cnVzdGNlbnRlci5kZTAeFw05ODAzMDkxMTU5NTla +Fw0xMTAxMDExMTU5NTlaMIG8MQswCQYDVQQGEwJERTEQMA4GA1UECBMHSGFtYnVy +ZzEQMA4GA1UEBxMHSGFtYnVyZzE6MDgGA1UEChMxVEMgVHJ1c3RDZW50ZXIgZm9y +IFNlY3VyaXR5IGluIERhdGEgTmV0d29ya3MgR21iSDEiMCAGA1UECxMZVEMgVHJ1 +c3RDZW50ZXIgQ2xhc3MgMyBDQTEpMCcGCSqGSIb3DQEJARYaY2VydGlmaWNhdGVA +dHJ1c3RjZW50ZXIuZGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALa0wTUF +Lg2N7KBAahwOJ6ZQkmtQGwfeLud2zODa/ISoXoxjaitN2U4CdhHBC/KNecoAtvGw +Dtf7pBc9r6tpepYnv68zoZoqWarEtTcI8hKlMbZD9TKWcSgoq40oht+77uMMfTDW +w1Krj10nnGvAo+cFa1dJRLNu6mTP0o56UHd3AgMBAAGjazBpMA8GA1UdEwEB/wQF +MAMBAf8wDgYDVR0PAQH/BAQDAgGGMDMGCWCGSAGG+EIBCAQmFiRodHRwOi8vd3d3 +LnRydXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwEQYJYIZIAYb4QgEBBAQDAgAHMA0G +CSqGSIb3DQEBBAUAA4GBABY9xs3Bu4VxhUafPiCPUSiZ7C1FIWMjWwS7TJC4iJIE +Tb19AaM/9uzO8d7+feXhPrvGq14L3T2WxMup1Pkm5gZOngylerpuw3yCGdHHsbHD +2w2Om0B8NwvxXej9H5CIpQ5ON2QhqE6NtJ/x3kit1VYYUimLRzQSCdS7kjXvD9s0 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEKzCCAxOgAwIBAgIEOsylTDANBgkqhkiG9w0BAQUFADBDMQswCQYDVQQGEwJE +SzEVMBMGA1UEChMMVERDIEludGVybmV0MR0wGwYDVQQLExRUREMgSW50ZXJuZXQg +Um9vdCBDQTAeFw0wMTA0MDUxNjMzMTdaFw0yMTA0MDUxNzAzMTdaMEMxCzAJBgNV +BAYTAkRLMRUwEwYDVQQKEwxUREMgSW50ZXJuZXQxHTAbBgNVBAsTFFREQyBJbnRl +cm5ldCBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLhA +vJHVYx/XmaCLDEAedLdInUaMArLgJF/wGROnN4NrXceO+YQwzho7+vvOi20jxsNu +Zp+Jpd/gQlBn+h9sHvTQBda/ytZO5GhgbEaqHF1j4QeGDmUApy6mcca8uYGoOn0a +0vnRrEvLznWv3Hv6gXPU/Lq9QYjUdLP5Xjg6PEOo0pVOd20TDJ2PeAG3WiAfAzc1 +4izbSysseLlJ28TQx5yc5IogCSEWVmb/Bexb4/DPqyQkXsN/cHoSxNK1EKC2IeGN +eGlVRGn1ypYcNIUXJXfi9i8nmHj9eQY6otZaQ8H/7AQ77hPv01ha/5Lr7K7a8jcD +R0G2l8ktCkEiu7vmpwIDAQABo4IBJTCCASEwEQYJYIZIAYb4QgEBBAQDAgAHMGUG +A1UdHwReMFwwWqBYoFakVDBSMQswCQYDVQQGEwJESzEVMBMGA1UEChMMVERDIElu +dGVybmV0MR0wGwYDVQQLExRUREMgSW50ZXJuZXQgUm9vdCBDQTENMAsGA1UEAxME +Q1JMMTArBgNVHRAEJDAigA8yMDAxMDQwNTE2MzMxN1qBDzIwMjEwNDA1MTcwMzE3 +WjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUbGQBx/2FbazI2p5QCIUItTxWqFAw +HQYDVR0OBBYEFGxkAcf9hW2syNqeUAiFCLU8VqhQMAwGA1UdEwQFMAMBAf8wHQYJ +KoZIhvZ9B0EABBAwDhsIVjUuMDo0LjADAgSQMA0GCSqGSIb3DQEBBQUAA4IBAQBO +Q8zR3R0QGwZ/t6T609lN+yOfI1Rb5osvBCiLtSdtiaHsmGnc540mgwV5dOy0uaOX +wTUA/RXaOYE6lTGQ3pfphqiZdwzlWqCE/xIWrG64jcN7ksKsLtB9KOy282A4aW8+ +2ARVPp7MVdK6/rtHBNcK2RYKNCn1WBPVT8+PVkuzHu7TmHnaCB4Mb7j4Fifvwm89 +9qNLPg7kbWzbO0ESm70NRyN/PErQr8Cv9u8btRXE64PECV90i9kR+8JWsTz4cMo0 +jUNAE4z9mQNUecYu6oah9jrUCbz0vGbMPVjQV0kK7iXiQe4T+Zs4NNEA9X7nlB38 +aQNiuJkFBT1reBK9sG9l +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFGTCCBAGgAwIBAgIEPki9xDANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJE +SzEMMAoGA1UEChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTAeFw0wMzAyMTEw +ODM5MzBaFw0zNzAyMTEwOTA5MzBaMDExCzAJBgNVBAYTAkRLMQwwCgYDVQQKEwNU +REMxFDASBgNVBAMTC1REQyBPQ0VTIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEArGL2YSCyz8DGhdfjeebM7fI5kqSXLmSjhFuHnEz9pPPEXyG9VhDr +2y5h7JNp46PMvZnDBfwGuMo2HP6QjklMxFaaL1a8z3sM8W9Hpg1DTeLpHTk0zY0s +2RKY+ePhwUp8hjjEqcRhiNJerxomTdXkoCJHhNlktxmW/OwZ5LKXJk5KTMuPJItU +GBxIYXvViGjaXbXqzRowwYCDdlCqT9HU3Tjw7xb04QxQBr/q+3pJoSgrHPb8FTKj +dGqPqcNiKXEx5TukYBdedObaE+3pHx8b0bJoc8YQNHVGEBDjkAB2QMuLt0MJIf+r +TpPGWOmlgtt3xDqZsXKVSQTwtyv6e1mO3QIDAQABo4ICNzCCAjMwDwYDVR0TAQH/ +BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwgewGA1UdIASB5DCB4TCB3gYIKoFQgSkB +AQEwgdEwLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuY2VydGlmaWthdC5kay9yZXBv +c2l0b3J5MIGdBggrBgEFBQcCAjCBkDAKFgNUREMwAwIBARqBgUNlcnRpZmlrYXRl +ciBmcmEgZGVubmUgQ0EgdWRzdGVkZXMgdW5kZXIgT0lEIDEuMi4yMDguMTY5LjEu +MS4xLiBDZXJ0aWZpY2F0ZXMgZnJvbSB0aGlzIENBIGFyZSBpc3N1ZWQgdW5kZXIg +T0lEIDEuMi4yMDguMTY5LjEuMS4xLjARBglghkgBhvhCAQEEBAMCAAcwgYEGA1Ud +HwR6MHgwSKBGoESkQjBAMQswCQYDVQQGEwJESzEMMAoGA1UEChMDVERDMRQwEgYD +VQQDEwtUREMgT0NFUyBDQTENMAsGA1UEAxMEQ1JMMTAsoCqgKIYmaHR0cDovL2Ny +bC5vY2VzLmNlcnRpZmlrYXQuZGsvb2Nlcy5jcmwwKwYDVR0QBCQwIoAPMjAwMzAy +MTEwODM5MzBagQ8yMDM3MDIxMTA5MDkzMFowHwYDVR0jBBgwFoAUYLWF7FZkfhIZ +J2cdUBVLc647+RIwHQYDVR0OBBYEFGC1hexWZH4SGSdnHVAVS3OuO/kSMB0GCSqG +SIb2fQdBAAQQMA4bCFY2LjA6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEACrom +JkbTc6gJ82sLMJn9iuFXehHTuJTXCRBuo7E4A9G28kNBKWKnctj7fAXmMXAnVBhO +inxO5dHKjHiIzxvTkIvmI/gLDjNDfZziChmPyQE+dF10yYscA+UYyAFMP8uXBV2Y +caaYb7Z8vTd/vuGTJW1v8AqtFxjhA7wHKcitJuj4YfD9IQl+mo6paH1IYnK9AOoB +mbgGglGBTvH1tJFUuSN6AJqfXY3gPGS5GhKSKseCRHI53OI8xthV9RVOyAUO28bQ +YqbsFbS1AoLbrIyigfCbmTH1ICCoiGEKB5+U/NDXG8wuF/MEJ3Zn61SD/aSQfgY9 +BKNDLdr8C2LqL19iUw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID+zCCAuOgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBtzE/MD0GA1UEAww2VMOc +UktUUlVTVCBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sx +c8SxMQswCQYDVQQGDAJUUjEPMA0GA1UEBwwGQU5LQVJBMVYwVAYDVQQKDE0oYykg +MjAwNSBUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8 +dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLjAeFw0wNTA1MTMxMDI3MTdaFw0xNTAz +MjIxMDI3MTdaMIG3MT8wPQYDVQQDDDZUw5xSS1RSVVNUIEVsZWt0cm9uaWsgU2Vy +dGlmaWthIEhpem1ldCBTYcSfbGF5xLFjxLFzxLExCzAJBgNVBAYMAlRSMQ8wDQYD +VQQHDAZBTktBUkExVjBUBgNVBAoMTShjKSAyMDA1IFTDnFJLVFJVU1QgQmlsZ2kg +xLBsZXRpxZ9pbSB2ZSBCaWxpxZ9pbSBHw7x2ZW5sacSfaSBIaXptZXRsZXJpIEEu +xZ4uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylIF1mMD2Bxf3dJ7 +XfIMYGFbazt0K3gNfUW9InTojAPBxhEqPZW8qZSwu5GXyGl8hMW0kWxsE2qkVa2k +heiVfrMArwDCBRj1cJ02i67L5BuBf5OI+2pVu32Fks66WJ/bMsW9Xe8iSi9BB35J +YbOG7E6mQW6EvAPs9TscyB/C7qju6hJKjRTP8wrgUDn5CDX4EVmt5yLqS8oUBt5C +urKZ8y1UiBAG6uEaPj1nH/vO+3yC6BFdSsG5FOpU2WabfIl9BJpiyelSPJ6c79L1 +JuTm5Rh8i27fbMx4W09ysstcP4wFjdFMjK2Sx+F4f2VsSQZQLJ4ywtdKxnWKWU51 +b0dewQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAV +9VX/N5aAWSGk/KEVTCD21F/aAyT8z5Aa9CEKmu46sWrv7/hg0Uw2ZkUd82YCdAR7 +kjCo3gp2D++Vbr3JN+YaDayJSFvMgzbC9UZcWYJWtNX+I7TYVBxEq8Sn5RTOPEFh +fEPmzcSBCYsk+1Ql1haolgxnB2+zUEfjHCQo3SqYpGH+2+oSN7wBGjSFvW5P55Fy +B0SFHljKVETd96y5y4khctuPwGkplyqjrhgjlxxBKot8KsF8kOipKMDTkcatKIdA +aLX/7KfS0zgYnNN9aV3wxqUeJBujR/xpB2jn5Jq07Q+hh4cCzofSSE7hvP/L8XKS +RGQDJereW26fyfJOrN3H +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEPDCCAySgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBvjE/MD0GA1UEAww2VMOc +UktUUlVTVCBFbGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sx +c8SxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMV0wWwYDVQQKDFRUw5xS +S1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnEn2kg +SGl6bWV0bGVyaSBBLsWeLiAoYykgS2FzxLFtIDIwMDUwHhcNMDUxMTA3MTAwNzU3 +WhcNMTUwOTE2MTAwNzU3WjCBvjE/MD0GA1UEAww2VMOcUktUUlVTVCBFbGVrdHJv +bmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxMQswCQYDVQQGEwJU +UjEPMA0GA1UEBwwGQW5rYXJhMV0wWwYDVQQKDFRUw5xSS1RSVVNUIEJpbGdpIMSw +bGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWe +LiAoYykgS2FzxLFtIDIwMDUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCpNn7DkUNMwxmYCMjHWHtPFoylzkkBH3MOrHUTpvqeLCDe2JAOCtFp0if7qnef +J1Il4std2NiDUBd9irWCPwSOtNXwSadktx4uXyCcUHVPr+G1QRT0mJKIx+XlZEdh +R3n9wFHxwZnn3M5q+6+1ATDcRhzviuyV79z/rxAc653YsKpqhRgNF8k+v/Gb0AmJ +Qv2gQrSdiVFVKc8bcLyEVK3BEx+Y9C52YItdP5qtygy/p1Zbj3e41Z55SZI/4PGX +JHpsmxcPbe9TmJEr5A++WXkHeLuXlfSfadRYhwqp48y2WBmfJiGxxFmNskF1wK1p +zpwACPI2/z7woQ8arBT9pmAPAgMBAAGjQzBBMB0GA1UdDgQWBBTZN7NOBf3Zz58S +Fq62iS/rJTqIHDAPBgNVHQ8BAf8EBQMDBwYAMA8GA1UdEwEB/wQFMAMBAf8wDQYJ +KoZIhvcNAQEFBQADggEBAHJglrfJ3NgpXiOFX7KzLXb7iNcX/nttRbj2hWyfIvwq +ECLsqrkw9qtY1jkQMZkpAL2JZkH7dN6RwRgLn7Vhy506vvWolKMiVW4XSf/SKfE4 +Jl3vpao6+XF75tpYHdN0wgH6PmlYX63LaL4ULptswLbcoCb6dxriJNoaN+BnrdFz +gw2lGh1uEpJ+hGIAF728JRhX8tepb1mIvDS3LoV4nZbcFMMsilKbloxSZj2GFotH +uFEJjOp9zYhys2AzsfAKRO8P9Qk3iCQOLGsgOqL6EfJANZxEaGM7rDNvY7wsu/LS +y3Z9fYjYHcgFHW68lKlmjHdxx/qR+i9Rnuk5UrbnBEI= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUFADA/ +MQswCQYDVQQGEwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5MB4XDTAyMTIwNTEzMjMzM1oXDTMyMTIwNTEzMjMzM1ow +PzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dvdmVybm1lbnQgUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +AJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN86aXfTEc2pBsBHH8eV4qNw8XR +IePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UKIXZ3/6m3xnOUT0b3EEk3+qhZSV1q +gQdW8or5BtD3cCJNtLdBuTK4sfCxw5w/cP1T3YGq2GN49thTbqGsaoQkclSGxtKy +yhwOeYHWtXBiCAEuTk8O1RGvqa/lmr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAts +F/tnyMKtsc2AtJfcdgEWFelq16TheEfOhtX7MfP6Mb40qij7cEwdScevLJ1tZqa2 +jWR+tSBqnTuBto9AAGdLiYa4zGX+FVPpBMHWXx1E1wovJ5pGfaENda1UhhXcSTvx +ls4Pm6Dso3pdvtUqdULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7Q3hub/FC +VGqY8A2tl+lSXunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHK +YS1tB6iEfC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoH +EgKXTiCQ8P8NHuJBO9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThN +Xo+EHWbNxWCWtFJaBYmOlXqYwZE8lSOyDvR5tMl8wUohAgMBAAGjajBoMB0GA1Ud +DgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNVHRMEBTADAQH/MDkGBGcqBwAE +MTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg209yewDL7MTqK +UWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2WPWus4MzeKR6dBcZ +TulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2JyftB8M3jh+Vzj8jeJPXgyf +qzvS/3WXy6TjZwj/5cAWtUgBfen5Cv8b5Wppv3ghqMKnI6mGq3ZW6A4M9hPdKmaK +ZEk9GhiHkASfQlK3T8v+R0F2Ne//AHY2RTKbxkaFXeIksB7jSJaYV0eUVXoPQbFE +JPPB/hprv4j9wabak2BegUqZIJxIZhm1AHlUD7gsL0u8qV1bYH+Mh6XgUmMqvtg7 +hUAV/h62ZT/FS9p+tXo1KaMuephgIqP0fSdOLeq0dDzpD6QzDxARvBMB1uUO07+1 +EqLhRSPAzAhuYbeJq4PjJB7mXQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+HbkZ6Mm +nD+iMsJKxYEYMRBWqoTvLQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WX +udpVBrkk7tfGOB5jGxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44Vbnz +ssQwmSNOXfJIoRIM3BKQCZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDe +LMDDav7v3Aun+kbfYNucpllQdSNpc5Oy+fwC00fmcc4QAu4njIT/rEUNE1yDMuAl +pYYsfPQS +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDITCCAoqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCWkEx +FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD +VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT +ZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFBlcnNvbmFsIEJhc2lj +IENBMSgwJgYJKoZIhvcNAQkBFhlwZXJzb25hbC1iYXNpY0B0aGF3dGUuY29tMB4X +DTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgcsxCzAJBgNVBAYTAlpBMRUw +EwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UE +ChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy +dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQZXJzb25hbCBCYXNpYyBD +QTEoMCYGCSqGSIb3DQEJARYZcGVyc29uYWwtYmFzaWNAdGhhd3RlLmNvbTCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvLyTU23AUE+CFeZIlDWmWr5vQvoPR+53 +dXLdjUmbllegeNTKP1GzaQuRdhciB5dqxFGTS+CN7zeVoQxN2jSQHReJl+A1OFdK +wPQIcOk8RHtQfmGakOMj04gRRif1CwcOu93RfyAKiLlWCy4cgNrx454p7xS9CkT7 +G1sY0b8jkyECAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQQF +AAOBgQAt4plrsD16iddZopQBHyvdEktTwq1/qqcAXJFAVyVKOKqEcLnZgA+le1z7 +c8a914phXAPjLSeoF+CEhULcXpvGt7Jtu3Sv5D/Lp7ew4F2+eIMllNLbgQ95B21P +9DkVWlIBe94y1k049hJcBlDfBVu9FEuh3ym6O0GN92NWod8isQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDLTCCApagAwIBAgIBADANBgkqhkiG9w0BAQQFADCB0TELMAkGA1UEBhMCWkEx +FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD +VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT +ZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVt +YWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUu +Y29tMB4XDTk2MDEwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgdExCzAJBgNVBAYT +AlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEa +MBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRp +b24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBG +cmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhh +d3RlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1GnX1LCUZFtx6UfY +DFG26nKRsIRefS0Nj3sS34UldSh0OkIsYyeflXtL734Zhx2G6qPduc6WZBrCFG5E +rHzmj+hND3EfQDimAKOHePb5lIZererAXnbr2RSjXW56fAylS1V/Bhkpf56aJtVq +uzgkCGqYx7Hao5iR/Xnb5VrEHLkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zAN +BgkqhkiG9w0BAQQFAAOBgQDH7JJ+Tvj1lqVnYiqk8E0RYNBvjWBYYawmu1I1XAjP +MPuoSpaKH2JCI4wXD/S6ZJwXrEcp352YXtJsYHFcoqzceePnbgBHH7UNKOgCneSa +/RP0ptl8sfjcXyMmCZGAc9AUG95DqYMl8uacLxXK/qarigd1iwzdUYRr5PjRznei +gQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDKTCCApKgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBzzELMAkGA1UEBhMCWkEx +FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYD +VQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT +ZXJ2aWNlcyBEaXZpc2lvbjEjMCEGA1UEAxMaVGhhd3RlIFBlcnNvbmFsIFByZW1p +dW0gQ0ExKjAoBgkqhkiG9w0BCQEWG3BlcnNvbmFsLXByZW1pdW1AdGhhd3RlLmNv +bTAeFw05NjAxMDEwMDAwMDBaFw0yMDEyMzEyMzU5NTlaMIHPMQswCQYDVQQGEwJa +QTEVMBMGA1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAY +BgNVBAoTEVRoYXd0ZSBDb25zdWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9u +IFNlcnZpY2VzIERpdmlzaW9uMSMwIQYDVQQDExpUaGF3dGUgUGVyc29uYWwgUHJl +bWl1bSBDQTEqMCgGCSqGSIb3DQEJARYbcGVyc29uYWwtcHJlbWl1bUB0aGF3dGUu +Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJZtn4B0TPuYwu8KHvE0Vs +Bd/eJxZRNkERbGw77f4QfRKe5ZtCmv5gMcNmt3M6SK5O0DI3lIi1DbbZ8/JE2dWI +Et12TfIa/G8jHnrx2JhFTgcQ7xZC0EN1bUre4qrJMf8fAHB8Zs8QJQi6+u4A6UYD +ZicRFTuqW/KY3TZCstqIdQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqG +SIb3DQEBBAUAA4GBAGk2ifc0KjNyL2071CKyuG+axTZmDhs8obF1Wub9NdP4qPIH +b4Vnjt4rueIXsDqg8A6iAJrf8xQVbrvIhVqYgPn/vnQdPfP+MCXRNzRn+qVxeTBh +KXLA4CxM+1bkOqhv5TJZUtt1KFBZDPgLGeSs2a+WjS9Q2wfD6h+rM+D1KzGJ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx +FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD +VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv +biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy +dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t +MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB +MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG +A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp +b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl +cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv +bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE +VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ +ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR +uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG +9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI +hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM +pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx +FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD +VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv +biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm +MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx +MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT +DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3 +dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl +cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3 +DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91 +yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX +L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj +EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG +7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e +QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ +qdq5snUb9kLy78fyGPmJvKP/iiMucEc= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICoTCCAgqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBizELMAkGA1UEBhMCWkEx +FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTEUMBIGA1UEBxMLRHVyYmFudmlsbGUxDzAN +BgNVBAoTBlRoYXd0ZTEdMBsGA1UECxMUVGhhd3RlIENlcnRpZmljYXRpb24xHzAd +BgNVBAMTFlRoYXd0ZSBUaW1lc3RhbXBpbmcgQ0EwHhcNOTcwMTAxMDAwMDAwWhcN +MjAxMjMxMjM1OTU5WjCBizELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4g +Q2FwZTEUMBIGA1UEBxMLRHVyYmFudmlsbGUxDzANBgNVBAoTBlRoYXd0ZTEdMBsG +A1UECxMUVGhhd3RlIENlcnRpZmljYXRpb24xHzAdBgNVBAMTFlRoYXd0ZSBUaW1l +c3RhbXBpbmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANYrWHhhRYZT +6jR7UZztsOYuGA7+4F+oJ9O0yeB8WU4WDnNUYMF/9p8u6TqFJBU820cEY8OexJQa +Wt9MevPZQx08EHp5JduQ/vBR5zDWQQD9nyjfeb6Uu522FOMjhdepQeBMpHmwKxqL +8vg7ij5FrHGSALSQQZj7X+36ty6K+Ig3AgMBAAGjEzARMA8GA1UdEwEB/wQFMAMB +Af8wDQYJKoZIhvcNAQEEBQADgYEAZ9viwuaHPUCDhjc1fR/OmsMMZiCouqoEiYbC +9RAIDb/LogWK0E02PvTX72nGXuSwlG9KuefeW4i2e9vjJ+V2w/A1wcu1J5szedyQ +pgCed/r8zSeUQhac0xxo7L9c3eWpexAKMnRUEzGLhQOEkbdYATAUOK8oyvyxUBkZ +CayJSdM= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEZDCCA0ygAwIBAgIQRL4Mi1AAJLQR0zYwS8AzdzANBgkqhkiG9w0BAQUFADCB +ozELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug +Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho +dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xKzApBgNVBAMTIlVUTi1VU0VSRmlyc3Qt +TmV0d29yayBBcHBsaWNhdGlvbnMwHhcNOTkwNzA5MTg0ODM5WhcNMTkwNzA5MTg1 +NzQ5WjCBozELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0 +IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYD +VQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xKzApBgNVBAMTIlVUTi1VU0VS +Rmlyc3QtTmV0d29yayBBcHBsaWNhdGlvbnMwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQCz+5Gh5DZVhawGNFugmliy+LUPBXeDrjKxdpJo7CNKyXY/45y2 +N3kDuatpjQclthln5LAbGHNhSuh+zdMvZOOmfAz6F4CjDUeJT1FxL+78P/m4FoCH +iZMlIJpDgmkkdihZNaEdwH+DBmQWICzTSaSFtMBhf1EI+GgVkYDLpdXuOzr0hARe +YFmnjDRy7rh4xdE7EkpvfmUnuaRVxblvQ6TFHSyZwFKkeEwVs0CYCGtDxgGwenv1 +axwiP8vv/6jQOkt2FZ7S0cYu49tXGzKiuG/ohqY/cKvlcJKrRB5AUPuco2LkbG6g +yN7igEL66S/ozjIEj3yNtxyjNTwV3Z7DrpelAgMBAAGjgZEwgY4wCwYDVR0PBAQD +AgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFPqGydvguul49Uuo1hXf8NPh +ahQ8ME8GA1UdHwRIMEYwRKBCoECGPmh0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9V +VE4tVVNFUkZpcnN0LU5ldHdvcmtBcHBsaWNhdGlvbnMuY3JsMA0GCSqGSIb3DQEB +BQUAA4IBAQCk8yXM0dSRgyLQzDKrm5ZONJFUICU0YV8qAhXhi6r/fWRRzwr/vH3Y +IWp4yy9Rb/hCHTO967V7lMPDqaAt39EpHx3+jz+7qEUqf9FuVSTiuwL7MT++6Lzs +QCv4AdRWOOTKRIK1YSAhZ2X28AvnNPilwpyjXEAfhZOVBt5P1CeptqX8Fs1zMT+4 +ZSfP1FMa8Kxun08FDAOBp4QpxFq9ZFdyrTvPNximmMatBrTcCKME1SmklpoSZ0qM +YEWd8SOasACcaLWYUNPvji6SZbFIPiG+FTAqDbUMo2s/rn9X9R+WfN9v3YIwLGUb +QErNaLly7HF27FSOH4UMAWr6pjisH8SE +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEXjCCA0agAwIBAgIQRL4Mi1AAIbQR0ypoBqmtaTANBgkqhkiG9w0BAQUFADCB +kzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug +Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho +dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xGzAZBgNVBAMTElVUTiAtIERBVEFDb3Jw +IFNHQzAeFw05OTA2MjQxODU3MjFaFw0xOTA2MjQxOTA2MzBaMIGTMQswCQYDVQQG +EwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYD +VQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cu +dXNlcnRydXN0LmNvbTEbMBkGA1UEAxMSVVROIC0gREFUQUNvcnAgU0dDMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+5YEKIrblXEjr8uRgnn4AgPLit6 +E5Qbvfa2gI5lBZMAHryv4g+OGQ0SR+ysraP6LnD43m77VkIVni5c7yPeIbkFdicZ +D0/Ww5y0vpQZY/KmEQrrU0icvvIpOxboGqBMpsn0GFlowHDyUwDAXlCCpVZvNvlK +4ESGoE1O1kduSUrLZ9emxAW5jh70/P/N5zbgnAVssjMiFdC04MwXwLLA9P4yPykq +lXvY8qdOD1R8oQ2AswkDwf9c3V6aPryuvEeKaq5xyh+xKrhfQgUL7EYw0XILyulW +bfXv33i+Ybqypa4ETLyorGkVl73v67SMvzX41MPRKA5cOp9wGDMgd8SirwIDAQAB +o4GrMIGoMAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRT +MtGzz3/64PGgXYVOktKeRR20TzA9BgNVHR8ENjA0MDKgMKAuhixodHRwOi8vY3Js +LnVzZXJ0cnVzdC5jb20vVVROLURBVEFDb3JwU0dDLmNybDAqBgNVHSUEIzAhBggr +BgEFBQcDAQYKKwYBBAGCNwoDAwYJYIZIAYb4QgQBMA0GCSqGSIb3DQEBBQUAA4IB +AQAnNZcAiosovcYzMB4p/OL31ZjUQLtgyr+rFywJNn9Q+kHcrpY6CiM+iVnJowft +Gzet/Hy+UUla3joKVAgWRcKZsYfNjGjgaQPpxE6YsjuMFrMOoAyYUJuTqXAJyCyj +j98C5OBxOvG0I3KgqgHf35g+FFCgMSa9KOlaMCZ1+XtgHI3zzVAmbQQnmt/VDUVH +KWss5nbZqSl9Mt3JNjy9rjXxEZ4du5A/EkdOjtd+D2JzHVImOBwYSf0wdJrE5SIv +2MCN7ZF6TACPcn9d2t0bi0Vr591pl6jFVkwPDPafepE39peC4N1xaf92P2BNPM/3 +mfnGV/TJVTl4uix5yaaIK/QI +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEojCCA4qgAwIBAgIQRL4Mi1AAJLQR0zYlJWfJiTANBgkqhkiG9w0BAQUFADCB +rjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug +Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho +dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNVBAMTLVVUTi1VU0VSRmlyc3Qt +Q2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBFbWFpbDAeFw05OTA3MDkxNzI4NTBa +Fw0xOTA3MDkxNzM2NThaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAV +BgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5l +dHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UE +AxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWls +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjmFpPJ9q0E7YkY3rs3B +YHW8OWX5ShpHornMSMxqmNVNNRm5pELlzkniii8efNIxB8dOtINknS4p1aJkxIW9 +hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQylbsMTzC9mKALi+VuG6JG+ni8om+rWV6l +L8/K2m2qL+usobNqqrcuZzWLeeEeaYji5kbNoKXqvgvOdjp6Dpvq/NonWz1zHyLm +SGHGTPNpsaguG7bUMSAsvIKKjqQOpdeJQ/wWWq8dcdcRWdq6hw2v+vPhwvCkxWeM +1tZUOt4KpLoDd7NlyP0e03RiqhjKaJMeoYV+9Udly/hNVyh00jT/MLbu9mIwFIws +6wIDAQABo4G5MIG2MAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud +DgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTBYBgNVHR8EUTBPME2gS6BJhkdodHRw +Oi8vY3JsLnVzZXJ0cnVzdC5jb20vVVROLVVTRVJGaXJzdC1DbGllbnRBdXRoZW50 +aWNhdGlvbmFuZEVtYWlsLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUH +AwQwDQYJKoZIhvcNAQEFBQADggEBALFtYV2mGn98q0rkMPxTbyUkxsrt4jFcKw7u +7mFVbwQ+zznexRtJlOTrIEy05p5QLnLZjfWqo7NK2lYcYJeA3IKirUq9iiv/Cwm0 +xtcgBEXkzYABurorbs6q15L+5K/r9CYdFip/bDCVNy8zEqx/3cfREYxRmLLQo5HQ +rfafnoOTHh1CuEava2bwm3/q4wMC5QJRwarVNZ1yQAOJujEdxRBoUp7fooXFXAim +eOZTT7Hot9MUnpOmw2TjrH5xzbyf6QMbzPvprDHBr3wVdAKZw7JHpsIyYdfHb0gk +USeh1YdV8nuPmD0Wnu51tvjQjvLzxq4oW6fw8zYX/MMF08oDSlQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEdDCCA1ygAwIBAgIQRL4Mi1AAJLQR0zYq/mUK/TANBgkqhkiG9w0BAQUFADCB +lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug +Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho +dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt +SGFyZHdhcmUwHhcNOTkwNzA5MTgxMDQyWhcNMTkwNzA5MTgxOTIyWjCBlzELMAkG +A1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEe +MBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8v +d3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3QtSGFyZHdh +cmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx98M4P7Sof885glFn +0G2f0v9Y8+efK+wNiVSZuTiZFvfgIXlIwrthdBKWHTxqctU8EGc6Oe0rE81m65UJ +M6Rsl7HoxuzBdXmcRl6Nq9Bq/bkqVRcQVLMZ8Jr28bFdtqdt++BxF2uiiPsA3/4a +MXcMmgF6sTLjKwEHOG7DpV4jvEWbe1DByTCP2+UretNb+zNAHqDVmBe8i4fDidNd +oI6yqqr2jmmIBsX6iSHzCJ1pLgkzmykNRg+MzEk0sGlRvfkGzWitZky8PqxhvQqI +DsjfPe58BEydCl5rkdbux+0ojatNh4lz0G6k0B4WixThdkQDf2Os5M1JnMWS9Ksy +oUhbAgMBAAGjgbkwgbYwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYD +VR0OBBYEFKFyXyYbKJhDlV0HN9WFlp1L0sNFMEQGA1UdHwQ9MDswOaA3oDWGM2h0 +dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0LUhhcmR3YXJlLmNy +bDAxBgNVHSUEKjAoBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUFBwMGBggrBgEF +BQcDBzANBgkqhkiG9w0BAQUFAAOCAQEARxkP3nTGmZev/K0oXnWO6y1n7k57K9cM +//bey1WiCuFMVGWTYGufEpytXoMs61quwOQt9ABjHbjAbPLPSbtNk28Gpgoiskli +CE7/yMgUsogWXecB5BKV5UU0s4tpvc+0hY91UZ59Ojg6FEgSxvunOxqNDYJAB+gE +CJChicsZUN/KHAG8HQQZexB2lzvukJDKxA4fFm517zP4029bHpbj4HR3dHuKom4t +3XbWOTCC8KucUvIqx69JXn7HaOWCgchqJ/kniCrVWFCVH/A7HFe7fRQ5YiuayZSS +KqMiDP+JJn1fIytH1xUdqWqeUQ0qUZ6B+dQ7XnASfxAynB67nfhmqA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0 +IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz +BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y +aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG +9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNTIyMjM0OFoXDTE5MDYy +NTIyMjM0OFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y +azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs +YXNzIDEgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw +Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl +cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYWYJ6ibiWuqYvaG9Y +LqdUHAZu9OqNSLwxlBfw8068srg1knaw0KWlAdcAAxIiGQj4/xEjm84H9b9pGib+ +TunRf50sQB1ZaG6m+FiwnRqP0z/x3BkGgagO4DrdyFNFCQbmD3DD+kCmDuJWBQ8Y +TfwggtFzVXSNdnKgHZ0dwN0/cQIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAFBoPUn0 +LBwGlN+VYH+Wexf+T3GtZMjdd9LvWVXoP+iOBSoh8gfStadS/pyxtuJbdxdA6nLW +I8sogTLDAHkY7FkXicnGah5xyf23dKUlRWnFSKsZ4UWKJWsZ7uW7EvV/96aNUcPw +nXS3qT6gpf+2SQMT2iLM7XGCK5nPOrf1LXLI +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0 +IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz +BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y +aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG +9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy +NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y +azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs +YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw +Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl +cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY +dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9 +WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS +v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v +UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu +IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC +W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW +ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp +U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1 +nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex +t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz +SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG +BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+ +rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/ +NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E +BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH +BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy +aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv +MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE +p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y +5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK +WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ +4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N +hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICPTCCAaYCEQDNun9W8N/kvFT+IqyzcqpVMA0GCSqGSIb3DQEBAgUAMF8xCzAJ +BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh +c3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05 +NjAxMjkwMDAwMDBaFw0yODA4MDEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD +VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJp +bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB +jQAwgYkCgYEA5Rm/baNWYS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0N +H8xlbgyw0FaEGIeaBpsQoXPftFg5a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR +4k5FVmkfeAKA2txHkSm7NsljXMXg1y2He6G3MrB7MLoqLzGq7qNn2tsCAwEAATAN +BgkqhkiG9w0BAQIFAAOBgQBMP7iLxmjf7kMzDl3ppssHhE16M/+SG/Q2rdiVIjZo +EWx8QszznC7EBz8UsA9P/5CSdvnivErpj82ggAr3xSnxgiJduLHdgSOjeyUVRjB5 +FvjqBUuUfx3CHMjjt/QQQDwTw18fU+hI5Ia0e6E1sHslurjTjqs/OJ0ANACY89Fx +lA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDAjCCAmsCEEzH6qqYPnHTkxD4PTqJkZIwDQYJKoZIhvcNAQEFBQAwgcExCzAJ +BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh +c3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy +MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp +emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X +DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw +FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMSBQdWJsaWMg +UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo +YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5 +MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQCq0Lq+Fi24g9TK0g+8djHKlNgdk4xWArzZbxpvUjZudVYK +VdPfQ4chEWWKfo+9Id5rMj8bhDSVBZ1BNeuS65bdqlk/AVNtmU/t5eIqWpDBucSm +Fc/IReumXY6cPvBkJHalzasab7bYe1FhbqZ/h8jit+U03EGI6glAvnOSPWvndQID +AQABMA0GCSqGSIb3DQEBBQUAA4GBAKlPww3HZ74sy9mozS11534Vnjty637rXC0J +h9ZrbWB85a7FkCMMXErQr7Fd88e2CtvgFZMN3QO8x3aKtd1Pw5sTdbgBwObJW2ul +uIncrKTdcu1OofdPvAbT6shkdHvClUGcZXNY8ZCaPGqxmMnEh7zPRW1F4m4iP/68 +DzFc6PLZ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGjCCAwICEQCLW3VWhFSFCwDPrzhIzrGkMA0GCSqGSIb3DQEBBQUAMIHKMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl +cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu +LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT +aWduIENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD +VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT +aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ +bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu +IENsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN2E1Lm0+afY8wR4 +nN493GwTFtl63SRRZsDHJlkNrAYIwpTRMx/wgzUfbhvI3qpuFU5UJ+/EbRrsC+MO +8ESlV8dAWB6jRx9x7GD2bZTIGDnt/kIYVt/kTEkQeE4BdjVjEjbdZrwBBDajVWjV +ojYJrKshJlQGrT/KFOCsyq0GHZXi+J3x4GD/wn91K0zM2v6HmSHquv4+VNfSWXjb +PG7PoBMAGrgnoeS+Z5bKoMWznN3JdZ7rMJpfo83ZrngZPyPpXNspva1VyBtUjGP2 +6KbqxzcSXKMpHgLZ2x87tNcPVkeBFQRKr4Mn0cVYiMHd9qqnoxjaaKptEVHhv2Vr +n5Z20T0CAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAq2aN17O6x5q25lXQBfGfMY1a +qtmqRiYPce2lrVNWYgFHKkTp/j90CxObufRNG7LRX7K20ohcs5/Ny9Sn2WCVhDr4 +wTcdYcrnsMXlkdpUpqwxga6X3s0IrLjAl4B/bnKk52kTlWUfxJM8/XmPBNQ+T+r3 +ns7NZ3xPZQL/kYVUc8f/NveGLezQXk//EZ9yBta4GvFMDSZl4kSAHsef493oCtrs +pSCAaWihT37ha88HQfqDjrw43bAuEbFrskLMmrz5SCJ5ShkPshw+IHTZasO+8ih4 +E1Z5T21Q6huwtVexN2ZYI/PcD98Kh8TvhgXVOBRgmaNL3gaWcSzy27YfpO8/7g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICPDCCAaUCEC0b/EoXjaOR6+f/9YtFvgswDQYJKoZIhvcNAQECBQAwXzELMAkG +A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz +cyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 +MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV +BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAyIFB1YmxpYyBQcmlt +YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQC2WoujDWojg4BrzzmH9CETMwZMJaLtVRKXxaeAufqDwSCg+i8VDXyh +YGt+eSz6Bg86rvYbb7HS/y8oUl+DfUvEerf4Zh+AVPy3wo5ZShRXRtGak75BkQO7 +FYCTXOvnzAhsPz6zSvz/S2wj1VCCJkQZjiPDceoZJEcEnnW/yKYAHwIDAQABMA0G +CSqGSIb3DQEBAgUAA4GBAIobK/o5wXTXXtgZZKJYSi034DNHD6zt96rbHuSLBlxg +J8pFUs4W7z8GZOeUaHxgMxURaa+dYo2jA1Rrpr7l7gUYYAS/QoD90KioHgE796Nc +r6Pc5iaAIzy4RHT3Cq5Ji2F4zCS/iIqnDupzGUH9TQPwiNHleI2lKk/2lw0Xd8rY +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDAzCCAmwCEQC5L2DMiJ+hekYJuFtwbIqvMA0GCSqGSIb3DQEBBQUAMIHBMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNVBAsTM0Ns +YXNzIDIgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH +MjE6MDgGA1UECxMxKGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9y +aXplZCB1c2Ugb25seTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazAe +Fw05ODA1MTgwMDAwMDBaFw0yODA4MDEyMzU5NTlaMIHBMQswCQYDVQQGEwJVUzEX +MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xPDA6BgNVBAsTM0NsYXNzIDIgUHVibGlj +IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjE6MDgGA1UECxMx +KGMpIDE5OTggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s +eTEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazCBnzANBgkqhkiG9w0B +AQEFAAOBjQAwgYkCgYEAp4gBIXQs5xoD8JjhlzwPIQjxnNuX6Zr8wgQGE75fUsjM +HiwSViy4AWkszJkfrbCWrnkE8hM5wXuYuggs6MKEEyyqaekJ9MepAqRCwiNPStjw +DqL7MWzJ5m+ZJwf15vRMeJ5t60aG+rmGyVTyssSv1EYcWskVMP8NbPUtDm3Of3cC +AwEAATANBgkqhkiG9w0BAQUFAAOBgQByLvl/0fFx+8Se9sVeUYpAmLho+Jscg9ji +nb3/7aHmZuovCfTK1+qlK5X2JGCGTUQug6XELaDTrnhpb3LabK4I8GOSN+a7xDAX +rXfMSTWqz9iP0b63GJZHc2pUIjRkLbYWm1lbtFFZOrMLFPQS32eg9K0yZF6xRnIn +jBJ7xUS0rg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGTCCAwECEGFwy0mMX5hFKeewptlQW3owDQYJKoZIhvcNAQEFBQAwgcoxCzAJ +BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVy +aVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24s +IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNp +Z24gQ2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eSAtIEczMB4XDTk5MTAwMTAwMDAwMFoXDTM2MDcxNjIzNTk1OVowgcoxCzAJBgNV +BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp +Z24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMxKGMpIDE5OTkgVmVyaVNpZ24sIElu +Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTFFMEMGA1UEAxM8VmVyaVNpZ24g +Q2xhc3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt +IEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwoNwtUs22e5LeWU +J92lvuCwTY+zYVY81nzD9M0+hsuiiOLh2KRpxbXiv8GmR1BeRjmL1Za6tW8UvxDO +JxOeBUebMXoT2B/Z0wI3i60sR/COgQanDTAM6/c8DyAd3HJG7qUCyFvDyVZpTMUY +wZF7C9UTAJu878NIPkZgIIUq1ZC2zYugzDLdt/1AVbJQHFauzI13TccgTacxdu9o +koqQHgiBVrKtaaNS0MscxCM9H5n+TOgWY47GCI72MfbS+uV23bUckqNJzc0BzWjN +qWm6o+sdDZykIKbBoMXRRkwXbdKsZj+WjOCE1Db/IlnF+RFgqF8EffIa9iVCYQ/E +Srg+iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA0JhU8wI1NQ0kdvekhktdmnLfe +xbjQ5F1fdiLAJvmEOjr5jLX77GDx6M4EsMjdpwOPMPOY36TmpDHf0xwLRtxyID+u +7gU8pDM/CzmscHhzS5kr3zDCVLCoO1Wh/hYozUK9dG6A2ydEp85EXdQbkJgNHkKU +sQAsBNB0owIFImNjzYO1+8FtYmtpdf1dcEG59b98377BMnMiIYtYgXsVkXq642RI +sH/7NiXaldDxJBQX3RiAa0YjOVT1jmIJBB2UkKab5iXiQkWquJCtvgiPqQtCGJTP +cjnhsUPgKM+351psE2tJs//jGHyJizNdrDPXp/naOlXJWBD5qu9ats9LS98q +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG +A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz +cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 +MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV +BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt +YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN +ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE +BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is +I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G +CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do +lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc +AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJ +BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh +c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy +MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp +emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X +DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw +FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg +UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo +YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5 +MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4 +pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg0 +13gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwID +AQABMA0GCSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSk +U01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7i +F6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo1KpY +oJ2daZH9 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl +cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu +LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT +aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD +VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT +aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ +bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu +IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b +N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t +KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu +kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm +CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ +Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu +imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te +2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe +DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC +/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p +F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt +TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDAjCCAmsCEDKIjprS9esTR/h/xCA3JfgwDQYJKoZIhvcNAQEFBQAwgcExCzAJ +BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh +c3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy +MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp +emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X +DTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw +FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgNCBQdWJsaWMg +UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo +YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5 +MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQC68OTP+cSuhVS5B1f5j8V/aBH4xBewRNzjMHPVKmIquNDM +HO0oW369atyzkSTKQWI8/AIBvxwWMZQFl3Zuoq29YRdsTjCG8FE3KlDHqGKB3FtK +qsGgtG7rL+VXxbErQHDbWk2hjh+9Ax/YA9SPTJlxvOKCzFjomDqG04Y48wApHwID +AQABMA0GCSqGSIb3DQEBBQUAA4GBAIWMEsGnuVAVess+rLhDityq3RS6iYF+ATwj +cSGIL4LcY/oCRaxFWdcqWERbt5+BO5JoPeI3JPV7bI92NZYJqFmduc4jq3TWg/0y +cyfYaT5DdPauxYma51N86Xv2S/PBZYPejYqcPIiNOVn8qj8ijaHBZlCBckztImRP +T8qAkbYp +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEGjCCAwICEQDsoKeLbnVqAc/EfMwvlF7XMA0GCSqGSIb3DQEBBQUAMIHKMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl +cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu +LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT +aWduIENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD +VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT +aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ +bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu +IENsYXNzIDQgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK3LpRFpxlmr8Y+1 +GQ9Wzsy1HyDkniYlS+BzZYlZ3tCD5PUPtbut8XzoIfzk6AzufEUiGXaStBO3IFsJ ++mGuqPKljYXCKtbeZjbSmwL0qJJgfJxptI8kHtCGUvYynEFYHiK9zUVilQhu0Gbd +U6LM8BDcVHOLBKFGMzNcF0C5nk3T875Vg+ixiY5afJqWIpA7iCXy0lOIAgwLePLm +NxdLMEYH5IBtptiWLugs+BGzOA1mppvqySNb247i8xOOGlktqgLw7KSHZtzBP/XY +ufTsgsbSPZUd5cBPhMnZo0QoBmrXRazwa2rvTl/4EYIeOGM0ZlDUPpNz+jDDZq3/ +ky2X7wMCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAj/ola09b5KROJ1WrIhVZPMq1 +CtRK26vdoV9TxaBXOcLORyu+OshWv8LZJxA6sQU8wHcxuzrTBXttmhwwjIDLk5Mq +g6sFUYICABFna/OIYUdfA5PVWw3g8dShMjWFsjrbsIKr0csKvE+MW8VLADsfKoKm +fjaF3H48ZwC15DtS4KjrXRX5xm3wrR0OhbepmnMUWluPQSjA1egtTaRezarZ7c7c +2NU8Qh0XwRJdRTjDOPP8hS6DRkiy1yBfkjaP53kPmF6Z6PDQpLv1U70qzlmwr25/ +bLvSHgCwIe34QWKCudiyxLtGUPMxxY8BqHTr9Xgn2uf3ZkPznoM+IKrDNWCRzg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG +A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD +VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0 +MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV +BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy +dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ +ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII +0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI +uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI +hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3 +YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc +1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDzTCCAzagAwIBAgIQU2GyYK7bcY6nlLMTM/QHCTANBgkqhkiG9w0BAQUFADCB +wTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTwwOgYDVQQL +EzNDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRzIxOjA4BgNVBAsTMShjKSAxOTk4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1 +dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv +cmswHhcNMDAwOTI2MDAwMDAwWhcNMTAwOTI1MjM1OTU5WjCBpTEXMBUGA1UEChMO +VmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsx +OzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5j +b20vcnBhIChjKTAwMSwwKgYDVQQDEyNWZXJpU2lnbiBUaW1lIFN0YW1waW5nIEF1 +dGhvcml0eSBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0hmdZ8IAIVli +zrQJIkRpivglWtvtDbc2fk7gu5Q+kCWHwmFHKdm9VLhjzCx9abQzNvQ3B5rB3UBU +/OB4naCTuQk9I1F/RMIUdNsKvsvJMDRAmD7Q1yUQgZS9B0+c1lQn3y6ov8uQjI11 +S7zi6ESHzeZBCiVu6PQkAsVSD27smHUCAwEAAaOB3zCB3DAPBgNVHRMECDAGAQH/ +AgEAMEUGA1UdIAQ+MDwwOgYMYIZIAYb4RQEHFwEDMCowKAYIKwYBBQUHAgEWHGh0 +dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwMQYDVR0fBCowKDAmoCSgIoYgaHR0 +cDovL2NybC52ZXJpc2lnbi5jb20vcGNhMy5jcmwwCwYDVR0PBAQDAgEGMEIGCCsG +AQUFBwEBBDYwNDAyBggrBgEFBQcwAaYmFiRodHRwOi8vb2NzcC52ZXJpc2lnbi5j +b20vb2NzcC9zdGF0dXMwDQYJKoZIhvcNAQEFBQADgYEAgnBold+2DcIBcBlK0lRW +HqzyRUyHuPU163hLBanInTsZIS5wNEqi9YngFXVF5yg3ADQnKeg3S/LvRJdrF1Ea +w1adPBqK9kpGRjeM+sv1ZFo4aC4cw+9wzrhGBha/937ntag+RaypJXUie28/sJyU +58dzq6wf7iWbwBbtt8pb8BQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDgDCCAmigAwIBAgICAx4wDQYJKoZIhvcNAQEFBQAwYTELMAkGA1UEBhMCVVMx +DTALBgNVBAoTBFZJU0ExLzAtBgNVBAsTJlZpc2EgSW50ZXJuYXRpb25hbCBTZXJ2 +aWNlIEFzc29jaWF0aW9uMRIwEAYDVQQDEwlHUCBSb290IDIwHhcNMDAwODE2MjI1 +MTAwWhcNMjAwODE1MjM1OTAwWjBhMQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklT +QTEvMC0GA1UECxMmVmlzYSBJbnRlcm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRp +b24xEjAQBgNVBAMTCUdQIFJvb3QgMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAKkBcLWqxEDwq2omYXkZAPy/mzdZDK9vZBv42pWUJGkzEXDK41Z0ohdX +ZFwgBuHW73G3O/erwWnQSaSxBNf0V2KJXLB1LRckaeNCYOTudNargFbYiCjh+20i +/SN8RnNPflRzHqgsVVh1t0zzWkWlAhr62p3DRcMiXvOL8WAp0sdftAw6UYPvMPjU +58fy+pmjIlC++QU3o63tmsPm7IgbthknGziLgE3sucfFicv8GjLtI/C1AVj59o/g +halMCXI5Etuz9c9OYmTaxhkVOmMd6RdVoUwiPDQyRvhlV7or7zaMavrZ2UT0qt2E +1w0cslSsMoW0ZA3eQbuxNMYBhjJk1Z8CAwEAAaNCMEAwHQYDVR0OBBYEFJ59SzS/ +ca3CBfYDdYDOqU8axCRMMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG +MA0GCSqGSIb3DQEBBQUAA4IBAQAhpXYUVfmtJ3CPPPTVbMjMCqujmAuKBiPFyWHb +mQdpNSYx/scuhMKZYdQN6X0uEyt8joW2hcdLzzW2LEc9zikv2G+fiRxkk78IvXbQ +kIqUs38oW26sTTMs7WXcFsziza6kPWKSBpUmv9+55CCmc2rBvveURNZNbyoLaxhN +dBA2aGpawWqn3TYpjLgwi08hPwAuVDAHOrqK5MOeyti12HvOdUVmB/RtLdh6yumJ +ivIj2C/LbgA2T/vwLwHMD8AiZfSr4k5hLQOCfZEWtTDVFN5ex5D8ofyrEK9ca3Cn +B+8phuiyJccg/ybdd+95RBTEvd07xQObdyPsoOy7Wjm1zK0G +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBr +MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl +cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv +bW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2WhcNMjIwNjI0MDAxNjEyWjBrMQsw +CQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5h +dGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1l +cmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h +2mCxlCfLF9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4E +lpF7sDPwsRROEW+1QK8bRaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdV +ZqW1LS7YgFmypw23RuwhY/81q6UCzyr0TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq +299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI/k4+oKsGGelT84ATB+0t +vz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzsGHxBvfaL +dXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUF +AAOCAQEAX/FBfXxcCLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcR +zCSs00Rsca4BIGsDoo8Ytyk6feUWYFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3 +LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pzzkWKsKZJ/0x9nXGIxHYdkFsd +7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBuYQa7FkKMcPcw +++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt +398znM/jra6O1I7mT1GvFpLgXPYHDw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEvTCCA6WgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBhTELMAkGA1UEBhMCVVMx +IDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxs +cyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9v +dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMjEzMTcwNzU0WhcNMjIxMjE0 +MDAwNzU0WjCBhTELMAkGA1UEBhMCVVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdl +bGxzU2VjdXJlMRwwGgYDVQQLDBNXZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQD +DC1XZWxsc1NlY3VyZSBQdWJsaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDub7S9eeKPCCGeOARBJe+r +WxxTkqxtnt3CxC5FlAM1iGd0V+PfjLindo8796jE2yljDpFoNoqXjopxaAkH5OjU +Dk/41itMpBb570OYj7OeUt9tkTmPOL13i0Nj67eT/DBMHAGTthP796EfvyXhdDcs +HqRePGj4S78NuR4uNuip5Kf4D8uCdXw1LSLWwr8L87T8bJVhHlfXBIEyg1J55oNj +z7fLY4sR4r1e6/aN7ZVyKLSsEmLpSjPmgzKuBXWVvYSV2ypcm44uDLiBK0HmOFaf +SZtsdvqKXfcBeYF8wYNABf5x/Qw/zE5gCQ5lRxAvAcAFP4/4s0HvWkJ+We/Slwxl +AgMBAAGjggE0MIIBMDAPBgNVHRMBAf8EBTADAQH/MDkGA1UdHwQyMDAwLqAsoCqG +KGh0dHA6Ly9jcmwucGtpLndlbGxzZmFyZ28uY29tL3dzcHJjYS5jcmwwDgYDVR0P +AQH/BAQDAgHGMB0GA1UdDgQWBBQmlRkQ2eihl5H/3BnZtQQ+0nMKajCBsgYDVR0j +BIGqMIGngBQmlRkQ2eihl5H/3BnZtQQ+0nMKaqGBi6SBiDCBhTELMAkGA1UEBhMC +VVMxIDAeBgNVBAoMF1dlbGxzIEZhcmdvIFdlbGxzU2VjdXJlMRwwGgYDVQQLDBNX +ZWxscyBGYXJnbyBCYW5rIE5BMTYwNAYDVQQDDC1XZWxsc1NlY3VyZSBQdWJsaWMg +Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHmCAQEwDQYJKoZIhvcNAQEFBQADggEB +ALkVsUSRzCPIK0134/iaeycNzXK7mQDKfGYZUMbVmO2rvwNa5U3lHshPcZeG1eMd +/ZDJPHV3V3p9+N701NX3leZ0bh08rnyd2wIDBSxxSyU+B+NemvVmFymIGjifz6pB +A4SXa5M4esowRBskRDPQ5NHcKDj0E0M1NSljqHyita04pO2t/caaH/+Xc/77szWn +k4bGdpEA5qxRFsQnMlzbc9qlk1eOPm01JghZ1edE13YgY+esE2fDbbFwRnzVlhE9 +iW9dqKHrjQrawx0zbKPqZxmamX9LPYNRKh3KL4YMon4QLSvUFpULB6ouFJJJtylv +2G0xffX8oRAHh84vWdw+WNs= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID5TCCAs2gAwIBAgIEOeSXnjANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMC +VVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSwwKgYDVQQLEyNXZWxscyBGYXJnbyBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0GA1UEAxMmV2VsbHMgRmFyZ28gUm9v +dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDAxMDExMTY0MTI4WhcNMjEwMTE0 +MTY0MTI4WjCBgjELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSww +KgYDVQQLEyNXZWxscyBGYXJnbyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0G +A1UEAxMmV2VsbHMgRmFyZ28gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVqDM7Jvk0/82bfuUER84A4n13 +5zHCLielTWi5MbqNQ1mXx3Oqfz1cQJ4F5aHiidlMuD+b+Qy0yGIZLEWukR5zcUHE +SxP9cMIlrCL1dQu3U+SlK93OvRw6esP3E48mVJwWa2uv+9iWsWCaSOAlIiR5NM4O +JgALTqv9i86C1y8IcGjBqAr5dE8Hq6T54oN+J3N0Prj5OEL8pahbSCOz6+MlsoCu +ltQKnMJ4msZoGK43YjdeUXWoWGPAUe5AeH6orxqg4bB4nVCMe+ez/I4jsNtlAHCE +AQgAFG5Uhpq6zPk3EPbg3oQtnaSFN9OH4xXQwReQfhkhahKpdv0SAulPIV4XAgMB +AAGjYTBfMA8GA1UdEwEB/wQFMAMBAf8wTAYDVR0gBEUwQzBBBgtghkgBhvt7hwcB +CzAyMDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3LndlbGxzZmFyZ28uY29tL2NlcnRw +b2xpY3kwDQYJKoZIhvcNAQEFBQADggEBANIn3ZwKdyu7IvICtUpKkfnRLb7kuxpo +7w6kAOnu5+/u9vnldKTC2FJYxHT7zmu1Oyl5GFrvm+0fazbuSCUlFLZWohDo7qd/ +0D+j0MNdJu4HzMPBJCGHHt8qElNvQRbn7a6U+oxy+hNH8Dx+rn0ROhPs7fpvcmR7 +nX1/Jv16+yWt6j4pf0zjAFcysLPp7VMX2YuyFA4w6OXVE8Zkr8QA1dhYJPz1j+zx +x32l2w8n0cbyQIjmH/ZhqPRCyLk306m+LFZ4wnKbWV01QIroTmMatukgalHizqSQ +33ZwmVxwQ023tqcZZE6St8WRPH9IFmV7Fv3L/PvZ1dZPIWU7Sn9Ho/s= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB +gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk +MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY +UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx +NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3 +dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy +dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6 +38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP +KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q +DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4 +qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa +JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi +PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P +BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs +jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0 +eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD +ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR +vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt +qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa +IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy +i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ +O+7ETPTsJ3xCwnR8gooJybQDJbw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFajCCBFKgAwIBAgIEPLU9RjANBgkqhkiG9w0BAQUFADBmMRIwEAYDVQQKEwli +ZVRSVVNUZWQxGzAZBgNVBAsTEmJlVFJVU1RlZCBSb290IENBczEzMDEGA1UEAxMq +YmVUUlVTVGVkIFJvb3QgQ0EtQmFsdGltb3JlIEltcGxlbWVudGF0aW9uMB4XDTAy +MDQxMTA3Mzg1MVoXDTIyMDQxMTA3Mzg1MVowZjESMBAGA1UEChMJYmVUUlVTVGVk +MRswGQYDVQQLExJiZVRSVVNUZWQgUm9vdCBDQXMxMzAxBgNVBAMTKmJlVFJVU1Rl +ZCBSb290IENBLUJhbHRpbW9yZSBJbXBsZW1lbnRhdGlvbjCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALx+xDmcjOPWHIb/ymKt4H8wRXqOGrO4x/nRNv8i +805qX4QQ+2aBw5R5MdKR4XeOGCrDFN5R9U+jK7wYFuK13XneIviCfsuBH/0nLI/6 +l2Qijvj/YaOcGx6Sj8CoCd8JEey3fTGaGuqDIQY8n7pc/5TqarjDa1U0Tz0yH92B +FODEPM2dMPgwqZfT7syj0B9fHBOB1BirlNFjw55/NZKeX0Tq7PQiXLfoPX2k+Ymp +kbIq2eszh+6l/ePazIjmiSZuxyuC0F6dWdsU7JGDBcNeDsYq0ATdcT0gTlgn/FP7 +eHgZFLL8kFKJOGJgB7Sg7KxrUNb9uShr71ItOrL/8QFArDcCAwEAAaOCAh4wggIa +MA8GA1UdEwEB/wQFMAMBAf8wggG1BgNVHSAEggGsMIIBqDCCAaQGDysGAQQBsT4A +AAEJKIORMTCCAY8wggFIBggrBgEFBQcCAjCCAToaggE2UmVsaWFuY2Ugb24gb3Ig +dXNlIG9mIHRoaXMgQ2VydGlmaWNhdGUgY3JlYXRlcyBhbiBhY2tub3dsZWRnbWVu +dCBhbmQgYWNjZXB0YW5jZSBvZiB0aGUgdGhlbiBhcHBsaWNhYmxlIHN0YW5kYXJk +IHRlcm1zIGFuZCBjb25kaXRpb25zIG9mIHVzZSwgdGhlIENlcnRpZmljYXRpb24g +UHJhY3RpY2UgU3RhdGVtZW50IGFuZCB0aGUgUmVseWluZyBQYXJ0eSBBZ3JlZW1l +bnQsIHdoaWNoIGNhbiBiZSBmb3VuZCBhdCB0aGUgYmVUUlVTVGVkIHdlYiBzaXRl +LCBodHRwOi8vd3d3LmJldHJ1c3RlZC5jb20vcHJvZHVjdHNfc2VydmljZXMvaW5k +ZXguaHRtbDBBBggrBgEFBQcCARY1aHR0cDovL3d3dy5iZXRydXN0ZWQuY29tL3By +b2R1Y3RzX3NlcnZpY2VzL2luZGV4Lmh0bWwwHQYDVR0OBBYEFEU9w6nR3D8kVpgc +cxiIav+DR+22MB8GA1UdIwQYMBaAFEU9w6nR3D8kVpgccxiIav+DR+22MA4GA1Ud +DwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEASZK8o+6svfoNyYt5hhwjdrCA +WXf82n+0S9/DZEtqTg6t8n1ZdwWtColzsPq8y9yNAIiPpqCy6qxSJ7+hSHyXEHu6 +7RMdmgduyzFiEuhjA6p9beP4G3YheBufS0OM00mG9htc9i5gFdPp43t1P9ACg9AY +gkHNZTfqjjJ+vWuZXTARyNtIVBw74acT02pIk/c9jH8F6M7ziCpjBLjqflh8AXtb +4cV97yHgjQ5dUX2xZ/2jvTg2xvI4hocalmhgRvsoFEdV4aeADGvi6t9NfJBIoDa9 +CReJf8Py05yc493EG931t3GzUwWJBtDLSoDByFOQtTwxiBdQn8nEDovYqAJjDQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFLDCCBBSgAwIBAgIEOU99hzANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJX +VzESMBAGA1UEChMJYmVUUlVTVGVkMRswGQYDVQQDExJiZVRSVVNUZWQgUm9vdCBD +QXMxGjAYBgNVBAMTEWJlVFJVU1RlZCBSb290IENBMB4XDTAwMDYyMDE0MjEwNFoX +DTEwMDYyMDEzMjEwNFowWjELMAkGA1UEBhMCV1cxEjAQBgNVBAoTCWJlVFJVU1Rl +ZDEbMBkGA1UEAxMSYmVUUlVTVGVkIFJvb3QgQ0FzMRowGAYDVQQDExFiZVRSVVNU +ZWQgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANS0c3oT +CjhVAb6JVuGUntS+WutKNHUbYSnE4a0IYCF4SP+00PpeQY1hRIfo7clY+vyTmt9P +6j41ffgzeubx181vSUs9Ty1uDoM6GHh3o8/n9E1z2Jo7Gh2+lVPPIJfCzz4kUmwM +jmVZxXH/YgmPqsWPzGCgc0rXOD8Vcr+il7dw6K/ifhYGTPWqZCZyByWtNfwYsSbX +2P8ZDoMbjNx4RWc0PfSvHI3kbWvtILNnmrRhyxdviTX/507AMhLn7uzf/5cwdO2N +R47rtMNE5qdMf1ZD6Li8tr76g5fmu/vEtpO+GRg+jIG5c4gW9JZDnGdzF5DYCW5j +rEq2I8QBoa2k5MUCAwEAAaOCAfgwggH0MA8GA1UdEwEB/wQFMAMBAf8wggFZBgNV +HSAEggFQMIIBTDCCAUgGCisGAQQBsT4BAAAwggE4MIIBAQYIKwYBBQUHAgIwgfQa +gfFSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1 +bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0 +ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGFuZCBjZXJ0aWZpY2F0aW9uIHBy +YWN0aWNlIHN0YXRlbWVudCwgd2hpY2ggY2FuIGJlIGZvdW5kIGF0IGJlVFJVU1Rl +ZCdzIHdlYiBzaXRlLCBodHRwczovL3d3dy5iZVRSVVNUZWQuY29tL3ZhdWx0L3Rl +cm1zMDEGCCsGAQUFBwIBFiVodHRwczovL3d3dy5iZVRSVVNUZWQuY29tL3ZhdWx0 +L3Rlcm1zMDQGA1UdHwQtMCswKaAnoCWkIzAhMRIwEAYDVQQKEwliZVRSVVNUZWQx +CzAJBgNVBAYTAldXMB0GA1UdDgQWBBQquZtpLjub2M3eKjEENGvKBxirZzAfBgNV +HSMEGDAWgBQquZtpLjub2M3eKjEENGvKBxirZzAOBgNVHQ8BAf8EBAMCAf4wDQYJ +KoZIhvcNAQEFBQADggEBAHlh26Nebhax6nZR+csVm8tpvuaBa58oH2U+3RGFktTo +Qb9+M70j5/Egv6S0phkBxoyNNXxlpE8JpNbYIxUFE6dDea/bow6be3ga8wSGWsb2 +jCBHOElQBp1yZzrwmAOtlmdE/D8QDYZN5AA7KXvOOzuZhmElQITcE2K3+spZ1gMe +1lMBzW1MaFVA4e5rxyoAAEiCswoBw2AqDPeCNe5IhpbkdNQ96gFxugR1QKepfzk5 +mlWXKWWuGVUlBXJH0+gY3Ljpr0NzARJ0o+FcXxVdJPP55PS2Z2cS52QiivalQaYc +tmBjRYoQtLpGEK5BV2VsPyMQPyEQWbfkQN0mDCP2qq4= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIGUTCCBTmgAwIBAgIEPLVPQDANBgkqhkiG9w0BAQUFADBmMRIwEAYDVQQKEwli +ZVRSVVNUZWQxGzAZBgNVBAsTEmJlVFJVU1RlZCBSb290IENBczEzMDEGA1UEAxMq +YmVUUlVTVGVkIFJvb3QgQ0EgLSBFbnRydXN0IEltcGxlbWVudGF0aW9uMB4XDTAy +MDQxMTA4MjQyN1oXDTIyMDQxMTA4NTQyN1owZjESMBAGA1UEChMJYmVUUlVTVGVk +MRswGQYDVQQLExJiZVRSVVNUZWQgUm9vdCBDQXMxMzAxBgNVBAMTKmJlVFJVU1Rl +ZCBSb290IENBIC0gRW50cnVzdCBJbXBsZW1lbnRhdGlvbjCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALr0RAOqEmq1Q+xVkrYwfTVXDNvzDSduTPdQqJtO +K2/b9a0cS12zqcH+e0TrW6MFDR/FNCswACnxeECypP869AGIF37m1CbTukzqMvtD +d5eHI8XbQ6P1KqNRXuE70mVpflUVm3rnafdE4Fe1FehmYA8NA/uCjqPoEXtsvsdj +DheT389Lrm5zdeDzqrmkwAkbhepxKYhBMvnwKg5sCfJ0a2ZsUhMfGLzUPvfYbiCe +yv78IZTuEyhL11xeDGbu6bsPwTSxfwh28z0mcMmLJR1iJAzqHHVOwBLkuhMdMCkt +VjMFu5dZfsZJT4nXLySotohAtWSSU1Yk5KKghbNekLQSM80CAwEAAaOCAwUwggMB +MIIBtwYDVR0gBIIBrjCCAaowggGmBg8rBgEEAbE+AAACCSiDkTEwggGRMIIBSQYI +KwYBBQUHAgIwggE7GoIBN1JlbGlhbmNlIG9uIG9yIHVzZSBvZiB0aGlzIENlcnRp +ZmljYXRlIGNyZWF0ZXMgYW4gYWNrbm93bGVkZ21lbnQgYW5kIGFjY2VwdGFuY2Ug +b2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0 +aW9ucyBvZiB1c2UsIHRoZSBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu +dCBhbmQgdGhlIFJlbHlpbmcgUGFydHkgQWdyZWVtZW50LCB3aGljaCBjYW4gYmUg +Zm91bmQgYXQgdGhlIGJlVFJVU1RlZCB3ZWIgc2l0ZSwgaHR0cHM6Ly93d3cuYmV0 +cnVzdGVkLmNvbS9wcm9kdWN0c19zZXJ2aWNlcy9pbmRleC5odG1sMEIGCCsGAQUF +BwIBFjZodHRwczovL3d3dy5iZXRydXN0ZWQuY29tL3Byb2R1Y3RzX3NlcnZpY2Vz +L2luZGV4Lmh0bWwwEQYJYIZIAYb4QgEBBAQDAgAHMIGJBgNVHR8EgYEwfzB9oHug +eaR3MHUxEjAQBgNVBAoTCWJlVFJVU1RlZDEbMBkGA1UECxMSYmVUUlVTVGVkIFJv +b3QgQ0FzMTMwMQYDVQQDEypiZVRSVVNUZWQgUm9vdCBDQSAtIEVudHJ1c3QgSW1w +bGVtZW50YXRpb24xDTALBgNVBAMTBENSTDEwKwYDVR0QBCQwIoAPMjAwMjA0MTEw +ODI0MjdagQ8yMDIyMDQxMTA4NTQyN1owCwYDVR0PBAQDAgEGMB8GA1UdIwQYMBaA +FH1w5a44iwY/qhwaj/nPJDCqhIQWMB0GA1UdDgQWBBR9cOWuOIsGP6ocGo/5zyQw +qoSEFjAMBgNVHRMEBTADAQH/MB0GCSqGSIb2fQdBAAQQMA4bCFY2LjA6NC4wAwIE +kDANBgkqhkiG9w0BAQUFAAOCAQEAKrgXzh8QlOu4mre5X+za95IkrNySO8cgjfKZ +5V04ocI07cUTWVwFtStPYZuR+0H8/NU8TZh2BvWBfevdkObRVlTa4y0MnxEylCIB +evZsLHRnBMylj44ss0O1lKLQfelifwa+JwGDnjr9iu6YQ0pr17WXOzq/T220Y/oz +ADQuLW2WyXvKmWO6vvT2MKAtmJbpVkQFqUSjYRDrgqFnXbxdJ3Wqiig2KjiS2d2k +XgClzMx8KSreKJCrt+G2/30lC0DYqjSjLd4H61/OCt3Kfjp9JsFiaDrmLzfzgYYh +xKlkqu9FNtEaZnz46TfW1mG+oq1I59/mdP7TbX3SJdysYlep9w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFaDCCBFCgAwIBAgIQO1nHe81bV569N1KsdrSqGjANBgkqhkiG9w0BAQUFADBi +MRIwEAYDVQQKEwliZVRSVVNUZWQxGzAZBgNVBAsTEmJlVFJVU1RlZCBSb290IENB +czEvMC0GA1UEAxMmYmVUUlVTVGVkIFJvb3QgQ0EgLSBSU0EgSW1wbGVtZW50YXRp +b24wHhcNMDIwNDExMTExODEzWhcNMjIwNDEyMTEwNzI1WjBiMRIwEAYDVQQKEwli +ZVRSVVNUZWQxGzAZBgNVBAsTEmJlVFJVU1RlZCBSb290IENBczEvMC0GA1UEAxMm +YmVUUlVTVGVkIFJvb3QgQ0EgLSBSU0EgSW1wbGVtZW50YXRpb24wggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkujQwCY5X0LkGLG9uJIAiv11DpvpPrILn +HGhwhRujbrWqeNluB0s/6d/16uhUoWGKDi9pdRi3DOUUjXFumLhV/AyV0Jtu4S2I +1DpAa5LxmZZk3tv/ePTulh1HiXzUvrmIdyM6CeYEnm2qXtLIvZpOGd+J6lsOfsPk +tPDgaTuID0GQ+NRxQyTBjyZLO1bp/4xsN+lFrYWMU8NghpBKlsmzVLC7F/AcRdnU +GxlkVgoZ98zh/4avflherHqQH8koOUV7orbHnB/ahdQhhlkwk75TMzf270HPM8er +cmsl9fNTGwxMLvF1S++gh/f+ihXQbNXL+WhTuXAVE8L1LvtDNXUtAgMBAAGjggIY +MIICFDAMBgNVHRMEBTADAQH/MIIBtQYDVR0gBIIBrDCCAagwggGkBg8rBgEEAbE+ +AAADCSiDkTEwggGPMEEGCCsGAQUFBwIBFjVodHRwOi8vd3d3LmJldHJ1c3RlZC5j +b20vcHJvZHVjdHNfc2VydmljZXMvaW5kZXguaHRtbDCCAUgGCCsGAQUFBwICMIIB +OhqCATZSZWxpYW5jZSBvbiBvciB1c2Ugb2YgdGhpcyBDZXJ0aWZpY2F0ZSBjcmVh +dGVzIGFuIGFja25vd2xlZGdtZW50IGFuZCBhY2NlcHRhbmNlIG9mIHRoZSB0aGVu +IGFwcGxpY2FibGUgc3RhbmRhcmQgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNl +LCB0aGUgQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQgYW5kIHRoZSBS +ZWx5aW5nIFBhcnR5IEFncmVlbWVudCwgd2hpY2ggY2FuIGJlIGZvdW5kIGF0IHRo +ZSBiZVRSVVNUZWQgd2ViIHNpdGUsIGh0dHA6Ly93d3cuYmV0cnVzdGVkLmNvbS9w +cm9kdWN0c19zZXJ2aWNlcy9pbmRleC5odG1sMAsGA1UdDwQEAwIBBjAfBgNVHSME +GDAWgBSp7BR++dlDzFMrFK3P9/BZiUHNGTAdBgNVHQ4EFgQUqewUfvnZQ8xTKxSt +z/fwWYlBzRkwDQYJKoZIhvcNAQEFBQADggEBANuXsHXqDMTBmMpWBcCorSZIry0g +6IHHtt9DwSwddUvUQo3neqh03GZCWYez9Wlt2ames30cMcH1VOJZJEnl7r05pmuK +mET7m9cqg5c0Lcd9NUwtNLg+DcTsiCevnpL9UGGCqGAHFFPMZRPB9kdEadIxyKbd +LrML3kqNWz2rDcI1UqJWN8wyiyiFQpyRQHpwKzg21eFzGh/l+n5f3NacOzDq28Bb +J1zTcwfBwvNMm2+fG8oeqqg4MwlYsq78B+g23FW6L09A/nq9BqaBwZMifIYRCgZ3 +SK41ty8ymmFei74pnykkiFY5LKjSq5YDWtRIn7lAhAuYaPsBQ9Yb4gmxlxw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB +qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf +Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw +MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV +BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw +NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j +LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG +A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl +IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs +W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta +3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk +6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6 +Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J +NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP +r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU +DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz +YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX +xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2 +/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/ +LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7 +jVaMaA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIETzCCAzegAwIBAgIEO63vKTANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJQTDEfMB0GA1UE +ChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2Fjamkg +U2lnbmV0MRswGQYDVQQDExJDQyBTaWduZXQgLSBSb290Q0EwHhcNMDEwOTIzMTQxODE3WhcNMTEw +OTIzMTMxODE3WjB1MQswCQYDVQQGEwJQTDEfMB0GA1UEChMWVFAgSW50ZXJuZXQgU3AuIHogby5v +LjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2FjamkgU2lnbmV0MR8wHQYDVQQDExZDQyBTaWdu +ZXQgLSBDQSBLbGFzYSAxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4SRW9Q58g5DY1Hw7h +gCRKBEdPdGn0MFHsfw7rlu/oQm7IChI/uWd9q5wwo77YojtTDjRnpgZsjqBeynX8T90vFILqsY2K +5CF1OESalwvVr3sZiQX79lisuFKat92u6hBFikFIVxfHHB67Af+g7u0dEHdDW7lwy81MwFYxBTRy +9wIDAQABo4IBbTCCAWkwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwggEEBgNVHSAE +gfwwgfkwgfYGDSsGAQQBvj8CAQoBAQAwgeQwgZoGCCsGAQUFBwICMIGNGoGKQ2VydHlmaWthdCB3 +eXN0YXdpb255IHpnb2RuaWUgeiBkb2t1bWVudGVtOiAiUG9saXR5a2EgQ2VydHlmaWthY2ppIGRs +YSBSb290Q0EiLiBDZXJ0eWZpa2F0IHd5c3Rhd2lvbnkgcHJ6ZXogUm9vdENBIHcgaGllcmFyY2hp +aSBDQyBTaWduZXQuMEUGCCsGAQUFBwIBFjlodHRwOi8vd3d3LnNpZ25ldC5wbC9yZXBvenl0b3Jp +dW0vZG9rdW1lbnR5L3BjX3Jvb3RjYS50eHQwHwYDVR0jBBgwFoAUwJvFIw0C4aZOSGsfAOnjmhQb +sa8wHQYDVR0OBBYEFMODHtVZd1T7TftXR/nEI1zR54njMA0GCSqGSIb3DQEBBQUAA4IBAQBRIHQB +FIGh8Jpxt87AgSLwIEEk4+oGy769u3NtoaR0R3WNMdmt7fXTi0tyTQ9V4AIszxVjhnUPaKnF1KYy +f8Tl+YTzk9ZfFkZ3kCdSaILZAOIrmqWNLPmjUQ5/JiMGho0e1YmWUcMci84+pIisTsytFzVP32/W ++sz2H4FQAvOIMmxB7EJX9AdbnXn9EXZ+4nCqi0ft5z96ZqOJJiCB3vSaoYg+wdkcvb6souMJzuc2 +uptXtR1Xf3ihlHaGW+hmnpcwFA6AoNrom6Vgzk6U1ienx0Cw28BhRSKqzKkyXkuK8gRflZUx84uf +tXncwKJrMiE3lvgOOBITRzcahirLer4c +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIE9zCCA9+gAwIBAgIEPL/xoTANBgkqhkiG9w0BAQUFADB2MQswCQYDVQQGEwJQTDEfMB0GA1UE +ChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2Fjamkg +U2lnbmV0MSAwHgYDVQQDExdDQyBTaWduZXQgLSBQQ0EgS2xhc2EgMjAeFw0wMjA0MTkxMDI5NTNa +Fw0xNzA0MTgxMjUzMDdaMHUxCzAJBgNVBAYTAlBMMR8wHQYDVQQKExZUUCBJbnRlcm5ldCBTcC4g +eiBvLm8uMSQwIgYDVQQLExtDZW50cnVtIENlcnR5ZmlrYWNqaSBTaWduZXQxHzAdBgNVBAMTFkND +IFNpZ25ldCAtIENBIEtsYXNhIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqgLJu +QqY4yavbSgHg8CyfKTx4BokNSDOVz4eD9vptUr11Kqd06ED1hlH7Sg0goBFAfntNU/QTKwSBaNui +me7C4sSEdgsKrPoAhGb4Mq8y7Ty7RqZz7mkzNMqzL2L2U4yQ2QjvpH8MH0IBqOWEcpSkpwnrCDIm +RoTfd+YlZWKi2JceQixUUYIQ45Ox8+x8hHbvvZdgqtcvo8PW27qoHkp/7hMuJ44kDAGrmxffBXl/ +OBRZp0uO1CSLcMcVJzyr2phKhy406MYdWrtNPEluGs0GFDzd0nrIctiWAO4cmct4S72S9Q6e//0G +O9f3/Ca5Kb2I1xYLj/xE+HgjHX9aD2MhAgMBAAGjggGMMIIBiDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjCB4wYDVR0gBIHbMIHYMIHVBg0rBgEEAb4/AhQKAQEAMIHDMHUGCCsGAQUF +BwICMGkaZ0NlcnR5ZmlrYXQgd3lzdGF3aW9ueSB6Z29kbmllIHogZG9rdW1lbnRlbTogIlBvbGl0 +eWthIENlcnR5ZmlrYWNqaSBQQ0EyIC0gQ2VydHlmaWthdHkgVXJ6ZWRvdyBLbGFzeSAyIi4wSgYI +KwYBBQUHAgEWPmh0dHA6Ly93d3cuc2lnbmV0LnBsL3JlcG96eXRvcml1bS9kb2t1bWVudHkva2xh +c2EyL3BjX3BjYTIudHh0MD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly93d3cuc2lnbmV0LnBsL3Jl +cG96eXRvcml1bS9jcmwvcGNhMi5jcmwwHwYDVR0jBBgwFoAUwGxGyl2CfpYHRonE82AVXO08kMIw +HQYDVR0OBBYEFLtFBlILy4HNKVSzvHxBTM0HDowlMA0GCSqGSIb3DQEBBQUAA4IBAQBWTsCbqXrX +hBBev5v5cIuc6gJM8ww7oR0uMQRZoFSqvQUPWBYM2/TLI/f8UM9hSShUVj3zEsSj/vFHagUVmzuV +Xo5u0WK8iaqATSyEVBhADHrPG6wYcLKJlagge/ILA0m+SieyP2sjYD9MUB9KZIEyBKv0429UuDTw +6P7pslxMWJBSNyQxaLIs0SRKsqZZWkc7ZYAj2apSkBMX2Is1oHA+PwkF6jQMwCao/+CndXPUzfCF +6caa9WwW31W26MlXCvSmJgfiTPwGvm4PkPmOnmWZ3CczzhHl4q7ztHFzshJH3sZWDnrWwBFjzz5e +Pr3WHV1wA7EY6oT4zBx+2gT9XBTB +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEUzCCAzugAwIBAgIEPq+qjzANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQGEwJQTDE3MDUGA1UE +ChMuQ1ppQyBDZW50cmFzdCBTQSB3IGltaWVuaXUgTWluaXN0cmEgR29zcG9kYXJraTEZMBcGA1UE +AxMQQ1ppQyBDZW50cmFzdCBTQTAeFw0wMzA0MzAxMDUwNTVaFw0wODA0MjgxMDUwNTVaMGgxCzAJ +BgNVBAYTAlBMMR8wHQYDVQQKExZUUCBJbnRlcm5ldCBTcC4geiBvLm8uMR8wHQYDVQQDExZDQyBT +aWduZXQgLSBDQSBLbGFzYSAzMRcwFQYDVQQFEw5OdW1lciB3cGlzdTogNDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALVdeOM62cPH2NERFxbS5FIp/HSv3fgesdVsTUFxZbGtE+/E0RMl +KZQJHH9emx7vRYubsi4EOLCjYsCOTFvgGRIpZzx7R7T5c0Di5XFkRU4gjBl7aHJoKb5SLzGlWdoX +GsekVtl6keEACrizV2EafqjI8cnBWY7OxQ1ooLQp5AeFjXg+5PT0lO6TUZAubqjFbhVbxSWjqvdj +93RGfyYE76MnNn4c2xWySD07n7uno06TC0IJe6+3WSX1h+76VsIFouWBXOoM7cxxiLjoqdBVu24+ +P8e81SukE7qEvOwDPmk9ZJFtt1nBNg8a1kaixcljrA/43XwOPz6qnJ+cIj/xywECAwEAAaOCAQow +ggEGMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMDMGA1UdIAEB/wQpMCcwJQYEVR0g +ADAdMBsGCCsGAQUFBwIBFg93d3cuY2VudHJhc3QucGwwgY4GA1UdIwSBhjCBg4AU2a7r85Cp1iJN +W0Ca1LR6VG3996ShZaRjMGExCzAJBgNVBAYTAlBMMTcwNQYDVQQKEy5DWmlDIENlbnRyYXN0IFNB +IHcgaW1pZW5pdSBNaW5pc3RyYSBHb3Nwb2RhcmtpMRkwFwYDVQQDExBDWmlDIENlbnRyYXN0IFNB +ggQ9/0sQMB0GA1UdDgQWBBR7Y8wZkHq0zrY7nn1tFSdQ0PlJuTANBgkqhkiG9w0BAQUFAAOCAQEA +ldt/svO5c1MU08FKgrOXCGEbEPbQxhpM0xcd6Iv3dCo6qugEgjEs9Qm5CwUNKMnFsvR27cJWUvZb +MVcvwlwCwclOdwF6u/QRS8bC2HYErhYo9bp9yuxxzuow2A94c5fPqfVrjXy+vDouchAm6+A5Wjzv +J8wxVFDCs+9iGACmyUWr/JGXCYiQIbQkwlkRKHHlan9ymKf1NvIej/3EpeT8fKr6ywxGuhAfqofW +pg3WJY/RCB4lTzD8vZGNwfMFGkWhJkypad3i9w3lGmDVpsHaWtCgGfd0H7tUtWPkP+t7EjIRCD9J +HYnTR+wbbewc5vOI+UobR15ynGfFIaSIiMTVtQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEejCCA2KgAwIBAgIEP4vk6TANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJQ +TDEfMB0GA1UEChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEkMCIGA1UECxMbQ2Vu +dHJ1bSBDZXJ0eWZpa2FjamkgU2lnbmV0MR8wHQYDVQQDExZDQyBTaWduZXQgLSBD +QSBLbGFzYSAyMB4XDTAzMTAxNDExNTgyMloXDTE3MDQxODEyNTMwN1owdzELMAkG +A1UEBhMCUEwxHzAdBgNVBAoTFlRQIEludGVybmV0IFNwLiB6IG8uby4xJDAiBgNV +BAsTG0NlbnRydW0gQ2VydHlmaWthY2ppIFNpZ25ldDEhMB8GA1UEAxMYQ0MgU2ln +bmV0IC0gT0NTUCBLbGFzYSAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCo +VCsaBStblXQYVNthe3dvaCrfvKpPXngh4almm988iIlEv9CVTaAdCfaJNihvA+Vs +Qw8++ix1VqteMQE474/MV/YaXigP0Zr0QB+g+/7PWVlv+5U9Gzp9+Xx4DJay8AoI +iB7Iy5Qf9iZiHm5BiPRIuUXT4ZRbZRYPh0/76vgRsQIDAQABo4IBkjCCAY4wDgYD +VR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMJMEEGA1UdHwQ6MDgwNqA0 +oDKGMGh0dHA6Ly93d3cuc2lnbmV0LnBsL3JlcG96eXRvcml1bS9jcmwva2xhc2Ey +LmNybDCB2AYDVR0gBIHQMIHNMIHKBg4rBgEEAb4/AoFICgwBADCBtzBsBggrBgEF +BQcCAjBgGl5DZXJ0eWZpa2F0IHd5ZGFueSB6Z29kbmllIHogZG9rdW1lbnRlbSAi +UG9saXR5a2EgQ2VydHlmaWthY2ppIC0gQ2VydHlmaWthdHkgcmVzcG9uZGVyb3cg +T0NTUCIuMEcGCCsGAQUFBwIBFjtodHRwOi8vd3d3LnNpZ25ldC5wbC9yZXBvenl0 +b3JpdW0vZG9rdW1lbnR5L3BjX29jc3BfMV8wLnBkZjAfBgNVHSMEGDAWgBS7RQZS +C8uBzSlUs7x8QUzNBw6MJTAdBgNVHQ4EFgQUKEVrOY7cEHvsVgvoyZdytlbtgwEw +CQYDVR0TBAIwADANBgkqhkiG9w0BAQUFAAOCAQEAQrRg5MV6dxr0HU2IsLInxhvt +iUVmSFkIUsBCjzLoewOXA16d2oDyHhI/eE+VgAsp+2ANjZu4xRteHIHoYMsN218M +eD2MLRsYS0U9xxAFK9gDj/KscPbrrdoqLvtPSMhUb4adJS9HLhvUe6BicvBf3A71 +iCNe431axGNDWKnpuj2KUpj4CFHYsWCXky847YtTXDjri9NIwJJauazsrSjK+oXp +ngRS506mdQ7vWrtApkh8zhhWp7duCkjcCo1O8JxqYr2qEW1fXmgOISe010v2mmuv +hHxPyVwoAU4KkOw0nbXZn53yak0is5+XmAjh0wWue44AssHrjC9nUh3mkLt6eQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEezCCA2OgAwIBAgIEP4vnLzANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJQ +TDEfMB0GA1UEChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEfMB0GA1UEAxMWQ0Mg +U2lnbmV0IC0gQ0EgS2xhc2EgMzEXMBUGA1UEBRMOTnVtZXIgd3Bpc3U6IDQwHhcN +MDMxMDE0MTIwODAwWhcNMDgwNDI4MTA1MDU1WjB3MQswCQYDVQQGEwJQTDEfMB0G +A1UEChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEkMCIGA1UECxMbQ2VudHJ1bSBD +ZXJ0eWZpa2FjamkgU2lnbmV0MSEwHwYDVQQDExhDQyBTaWduZXQgLSBPQ1NQIEts +YXNhIDMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM/9GwvARNuCVN+PqZmO +4FqH8vTqhenUyqRkmAVT4YhLu0a9AXeLAYVDu+NTkYzsAUMAfu55rIKHNLlm6WbF +KvLiKKz4p4pbUr+ToPcwl/TDotidloUdBAxDg0SL+PmQqACZDe3seJho2IYf2vDL +/G4TLMbKmNB0mlWFuN0f4fJNAgMBAAGjggGgMIIBnDAOBgNVHQ8BAf8EBAMCB4Aw +EwYDVR0lBAwwCgYIKwYBBQUHAwkwTwYDVR0fBEgwRjBEoEKgQIY+aHR0cDovL3d3 +dy5zaWduZXQucGwva3dhbGlmaWtvd2FuZS9yZXBvenl0b3JpdW0vY3JsL2tsYXNh +My5jcmwwgdgGA1UdIASB0DCBzTCBygYOKwYBBAG+PwKCLAoCAQAwgbcwbAYIKwYB +BQUHAgIwYBpeQ2VydHlmaWthdCB3eWRhbnkgemdvZG5pZSB6IGRva3VtZW50ZW0g +IlBvbGl0eWthIENlcnR5ZmlrYWNqaSAtIENlcnR5ZmlrYXR5IHJlc3BvbmRlcm93 +IE9DU1AiLjBHBggrBgEFBQcCARY7aHR0cDovL3d3dy5zaWduZXQucGwvcmVwb3p5 +dG9yaXVtL2Rva3VtZW50eS9wY19vY3NwXzFfMC5wZGYwHwYDVR0jBBgwFoAUe2PM +GZB6tM62O559bRUnUND5SbkwHQYDVR0OBBYEFG4jnCMvBALRQXtmDn9TyXQ/EKP+ +MAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBACXrKG5Def5lpRwmZom3UEDq +bl7y4U3qomG4B+ok2FVZGgPZti+ZgvrenPj7PtbYCUBPsCSTNrznKinoT3gD9lQQ +xkEHwdc6VD1GlFp+qI64u0+wS9Epatrdf7aBnizrOIB4LJd4E2TWQ6trspetjMIU +upyWls1BmYUxB91R7QkTiAUSNZ87s3auhZuG4f0V0JLVCcg2rn7AN1rfMkgxCbHk +GxiQbYWFljl6aatxR3odnnzVUe1I8uoY2JXpmmUcOG4dNGuQYziyKG3mtXCQWvug +5qi9Mf3KUh1oSTKx6HfLjjNl1+wMB5Mdb8LF0XyZLdJM9yIZh7SBRsYm9QiXevY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFGjCCBAKgAwIBAgIEPL7eEDANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJQTDEfMB0GA1UE +ChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2Fjamkg +U2lnbmV0MRswGQYDVQQDExJDQyBTaWduZXQgLSBSb290Q0EwHhcNMDIwNDE4MTQ1NDA4WhcNMjYw +OTIxMTU0MjE5WjB2MQswCQYDVQQGEwJQTDEfMB0GA1UEChMWVFAgSW50ZXJuZXQgU3AuIHogby5v +LjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2FjamkgU2lnbmV0MSAwHgYDVQQDExdDQyBTaWdu +ZXQgLSBQQ0EgS2xhc2EgMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM7BrBlbN5ma +M5eg0BOTqoZ+9NBDvU8Lm5rTdrMswFTCathzpVVLK/JD4K3+4oCZ9SRAspEXE4gvwb08ASY6w5s+ +HpRkeJw8YzMFR5kDZD5adgnCAy4vDfIXYZgppXPaTQ8wnfUZ7BZ7Zfa7QBemUIcJIzJBB0UqgtxW +Ceol9IekpBRVmuuSA6QG0Jkm+pGDJ05yj2eQG8jTcBENM7sVA8rGRMyFA4skSZ+D0OG6FS2xC1i9 +JyN0ag1yII/LPx8HK5J4W9MaPRNjAEeaa2qI9EpchwrOxnyVbQfSedCG1VRJfAsE/9tT9CMUPZ3x +W20QjQcSZJqVcmGW9gVsXKQOVLsCAwEAAaOCAbMwggGvMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P +AQH/BAQDAgEGMIIBBAYDVR0gBIH8MIH5MIH2Bg0rBgEEAb4/AgEKAQEBMIHkMIGaBggrBgEFBQcC +AjCBjRqBikNlcnR5ZmlrYXQgd3lzdGF3aW9ueSB6Z29kbmllIHogZG9rdW1lbnRlbTogIlBvbGl0 +eWthIENlcnR5ZmlrYWNqaSBkbGEgUm9vdENBIi4gQ2VydHlmaWthdCB3eXN0YXdpb255IHByemV6 +IFJvb3RDQSB3IGhpZXJhcmNoaWkgQ0MgU2lnbmV0LjBFBggrBgEFBQcCARY5aHR0cDovL3d3dy5z +aWduZXQucGwvcmVwb3p5dG9yaXVtL2Rva3VtZW50eS9wY19yb290Y2EudHh0MEQGA1UdHwQ9MDsw +OaA3oDWGM2h0dHA6Ly93d3cuc2lnbmV0LnBsL3JlcG96eXRvcml1bS9yb290Y2Evcm9vdGNhLmNy +bDAfBgNVHSMEGDAWgBTAm8UjDQLhpk5Iax8A6eOaFBuxrzAdBgNVHQ4EFgQUwGxGyl2CfpYHRonE +82AVXO08kMIwDQYJKoZIhvcNAQEFBQADggEBABp1TAUsa+BeVWg4cjowc8yTJ5XN3GvN96GObMkx +UGY7U9kVrLI71xBgoNVyzXTiMNDBvjh7vdPWjpl5SDiRpnnKiOFXA43HvNWzUaOkTu1mxjJsZsan +ot1Xt6j0ZDC+03FjLHdYMyM9kSWp6afb4980EPYZCcSzgM5TOGfJmNii5Tq468VFKrX+52Aou1G2 +2Ohu+EEOlOrG7ylKv1hHUJJCjwN0ZVEIn1nDbrU9FeGCz8J9ihVUvnENEBbBkU37PWqWuHitKQDV +tcwTwJJdR8cmKq3NmkwAm9fPacidQLpaw0WkuGrS+fEDhu1Nhy9xELP6NA9GRTCNxm/dXlcwnmY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFGjCCBAKgAwIBAgIEPV0tNDANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJQTDEfMB0GA1UE +ChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2Fjamkg +U2lnbmV0MRswGQYDVQQDExJDQyBTaWduZXQgLSBSb290Q0EwHhcNMDIwODE2MTY0OTU2WhcNMjYw +OTIxMTU0MjE5WjB2MQswCQYDVQQGEwJQTDEfMB0GA1UEChMWVFAgSW50ZXJuZXQgU3AuIHogby5v +LjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2FjamkgU2lnbmV0MSAwHgYDVQQDExdDQyBTaWdu +ZXQgLSBQQ0EgS2xhc2EgMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALN3LanJtdue +Ne6geWUTFENa+lEuzqELcoqhYB+a/tJcPEkc6TX/bYPzalRRjqs+quMP6KZTU0DixOrV+K7iWaqA +iQ913HX5IBLmKDCrTVW/ZvSDpiBKbxlHfSNuJxAuVT6HdbzK7yAW38ssX+yS2tZYHZ5FhZcfqzPE +OpO94mAKcBUhk6T/ki0evXX/ZvvktwmF3hKattzwtM4JMLurAEl8SInyEYULw5JdlfcBez2Tg6Db +w34hA1A+ckTwhxzecrB8TUe2BnQKOs9vr2cCACpFFcOmPkM0Drtjctr1QHm1tYSqRFRf9VcV5tfC +3P8QqoK4ONjtLPHc9x5NE1uK/FMCAwEAAaOCAbMwggGvMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P +AQH/BAQDAgEGMIIBBAYDVR0gBIH8MIH5MIH2Bg0rBgEEAb4/AgEKAQECMIHkMIGaBggrBgEFBQcC +AjCBjRqBikNlcnR5ZmlrYXQgd3lzdGF3aW9ueSB6Z29kbmllIHogZG9rdW1lbnRlbTogIlBvbGl0 +eWthIENlcnR5ZmlrYWNqaSBkbGEgUm9vdENBIi4gQ2VydHlmaWthdCB3eXN0YXdpb255IHByemV6 +IFJvb3RDQSB3IGhpZXJhcmNoaWkgQ0MgU2lnbmV0LjBFBggrBgEFBQcCARY5aHR0cDovL3d3dy5z +aWduZXQucGwvcmVwb3p5dG9yaXVtL2Rva3VtZW50eS9wY19yb290Y2EudHh0MEQGA1UdHwQ9MDsw +OaA3oDWGM2h0dHA6Ly93d3cuc2lnbmV0LnBsL3JlcG96eXRvcml1bS9yb290Y2Evcm9vdGNhLmNy +bDAfBgNVHSMEGDAWgBTAm8UjDQLhpk5Iax8A6eOaFBuxrzAdBgNVHQ4EFgQUXvthcPHlH5BgGhlM +ErJNXWlhlgAwDQYJKoZIhvcNAQEFBQADggEBACIce95Mvn710KCAISA0CuHD4aznTU6pLoCDShW4 +7OR+GTpJUm1coTcUqlBHV9mra4VFrBcBuOkHZoBLq/jmE0QJWnpSEULDcH9J3mF0nqO9SM+mWyJG +dsJF/XU/7smummgjMNQXwzQTtWORF+6v5KUbWX85anO2wR+M6YTBWC55zWpWi4RG3vkHFs5Ze2oF +JTlpuxw9ZgxTnWlwI9QR2MvEhYIUMKMOWxw1nt0kKj+5TCNQQGh/VJJ1dsiroGh/io1DOcePEhKz +1Ag52y6Wf0nJJB9yk0sFakqZH18F7eQecQImgZyyeRtsG95leNugB3BXWCW+KxwiBrtQTXv4dTE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEzzCCA7egAwIBAgIEO6ocGTANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJQTDEfMB0GA1UE +ChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2Fjamkg +U2lnbmV0MRswGQYDVQQDExJDQyBTaWduZXQgLSBSb290Q0EwHhcNMDEwOTIwMTY0MjE5WhcNMjYw +OTIxMTU0MjE5WjBxMQswCQYDVQQGEwJQTDEfMB0GA1UEChMWVFAgSW50ZXJuZXQgU3AuIHogby5v +LjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2FjamkgU2lnbmV0MRswGQYDVQQDExJDQyBTaWdu +ZXQgLSBSb290Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrr2vydnNpELfGW3Ks +ARiDhJvwDtUe4AbWev+OfMc3+vA29nX8ZmIwno3gmItjo5DbUCCRiCMq5c9epcGu+kg4a3BJChVX +REl8gVh0ST15rr3RKrSc4VgsvQzl0ZUraeQLl8JoRT5PLsUj3qwF78jUCQVckiiLVcnGfZtFCm+D +CJXliQBDMB9XFAUEiO/DtEBs0B7wJGx7lgJeJpQUcGiaOPjcJDYOk7rNAYmmD2gWeSlepufO8luU +YG/YDxTC4mqhRqfa4MnVO5dqy+ICj2UvUpHbZDB0KfGRibgBYeQP1kuqgIzJN4UqknVAJb0aMBSP +l+9k2fAUdchx1njlbdcbAgMBAAGjggFtMIIBaTAPBgNVHRMBAf8EBTADAQH/MIIBBAYDVR0gBIH8 +MIH5MIH2Bg0rBgEEAb4/AgEKAQEAMIHkMIGaBggrBgEFBQcCAjCBjRqBikNlcnR5ZmlrYXQgd3lz +dGF3aW9ueSB6Z29kbmllIHogZG9rdW1lbnRlbTogIlBvbGl0eWthIENlcnR5ZmlrYWNqaSBkbGEg +Um9vdENBIi4gQ2VydHlmaWthdCB3eXN0YXdpb255IHByemV6IFJvb3RDQSB3IGhpZXJhcmNoaWkg +Q0MgU2lnbmV0LjBFBggrBgEFBQcCARY5aHR0cDovL3d3dy5zaWduZXQucGwvcmVwb3p5dG9yaXVt +L2Rva3VtZW50eS9wY19yb290Y2EudHh0MB0GA1UdDgQWBBTAm8UjDQLhpk5Iax8A6eOaFBuxrzAf +BgNVHSMEGDAWgBTAm8UjDQLhpk5Iax8A6eOaFBuxrzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcN +AQEFBQADggEBAGnY5QmYqnnO9OqFOWZxxb25UHRnaRF6IV9aaGit5BZufZj2Tq3v8L3SgE34GOoI +cdRMMG5JEpEU4mN/Ef3oY6Eo+7HfqaPHI4KFmbDSPiK5s+wmf+bQSm0Yq5/h4ZOdcAESlLQeLSt1 +CQk2JoKQJ6pyAf6xJBgWEIlm4RXE4J3324PUiOp83kW6MDvaa1xY976WyInr4rwoLgxVl11LZeKW +ha0RJJxJgw/NyWpKG7LWCm1fglF8JH51vZNndGYq1iKtfnrIOvLZq6bzaCiZm1EurD8HE6P7pmAB +KK6o3C2OXlNfNIgwkDN/cDqk5TYsTkrpfriJPdxXBH8hQOkW89g= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIID/TCCA2agAwIBAgIEP4/gkTANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQGEwJQTDEfMB0GA1UE +ChMWVFAgSW50ZXJuZXQgU3AuIHogby5vLjEkMCIGA1UECxMbQ2VudHJ1bSBDZXJ0eWZpa2Fjamkg +U2lnbmV0MR8wHQYDVQQDExZDQyBTaWduZXQgLSBDQSBLbGFzYSAxMB4XDTAzMTAxNzEyMjkwMloX +DTExMDkyMzExMTgxN1owdjELMAkGA1UEBhMCUEwxHzAdBgNVBAoTFlRQIEludGVybmV0IFNwLiB6 +IG8uby4xJDAiBgNVBAsTG0NlbnRydW0gQ2VydHlmaWthY2ppIFNpZ25ldDEgMB4GA1UEAxMXQ0Mg +U2lnbmV0IC0gVFNBIEtsYXNhIDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOJYrISEtSsd +uHajROh5/n7NGrkpYTT9NEaPe9+ucuQ37KxIbfJwXJjgUc1dw4wCkcQ12FJarD1X6mSQ4cfN/60v +LfKI5ZD4nhJTMKlAj1pX9ScQ/MuyvKStCbn5WTkjPhjRAM0tdwXSnzuTEunfw0Oup559y3Iqxg1c +ExflB6cfAgMBAAGjggGXMIIBkzBBBgNVHR8EOjA4MDagNKAyhjBodHRwOi8vd3d3LnNpZ25ldC5w +bC9yZXBvenl0b3JpdW0vY3JsL2tsYXNhMS5jcmwwDgYDVR0PAQH/BAQDAgeAMBYGA1UdJQEB/wQM +MAoGCCsGAQUFBwMIMIHaBgNVHSAEgdIwgc8wgcwGDSsGAQQBvj8CZAoRAgEwgbowbwYIKwYBBQUH +AgIwYxphQ2VydHlmaWthdCB3eXN0YXdpb255IHpnb2RuaWUgeiBkb2t1bWVudGVtICJQb2xpdHlr +YSBDZXJ0eWZpa2FjamkgQ0MgU2lnbmV0IC0gWm5ha293YW5pZSBjemFzZW0iLjBHBggrBgEFBQcC +ARY7aHR0cDovL3d3dy5zaWduZXQucGwvcmVwb3p5dG9yaXVtL2Rva3VtZW50eS9wY190c2ExXzJf +MS5wZGYwHwYDVR0jBBgwFoAUw4Me1Vl3VPtN+1dH+cQjXNHnieMwHQYDVR0OBBYEFJdDwEqtcavO +Yd9u9tej53vWXwNBMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADgYEAnpiQkqLCJQYXUrqMHUEz ++z3rOqS0XzSFnVVLhkVssvXc8S3FkJIiQTUrkScjI4CToCzujj3EyfNxH6yiLlMbskF8I31JxIeB +vueqV+s+o76CZm3ycu9hb0I4lswuxoT+q5ZzPR8Irrb51rZXlolR+7KtwMg4sFDJZ8RNgOf7tbA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEFTCCA36gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBvjELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0luZGlhbmExFTATBgNVBAcTDEluZGlhbmFwb2xpczEoMCYGA1UE +ChMfU29mdHdhcmUgaW4gdGhlIFB1YmxpYyBJbnRlcmVzdDETMBEGA1UECxMKaG9z +dG1hc3RlcjEgMB4GA1UEAxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJTAjBgkq +hkiG9w0BCQEWFmhvc3RtYXN0ZXJAc3BpLWluYy5vcmcwHhcNMDMwMTE1MTYyOTE3 +WhcNMDcwMTE0MTYyOTE3WjCBvjELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0luZGlh +bmExFTATBgNVBAcTDEluZGlhbmFwb2xpczEoMCYGA1UEChMfU29mdHdhcmUgaW4g +dGhlIFB1YmxpYyBJbnRlcmVzdDETMBEGA1UECxMKaG9zdG1hc3RlcjEgMB4GA1UE +AxMXQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJTAjBgkqhkiG9w0BCQEWFmhvc3Rt +YXN0ZXJAc3BpLWluYy5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPB6 +rdoiLR3RodtM22LMcfwfqb5OrJNl7fwmvskgF7yP6sdD2bOfDIXhg9852jhY8/kL +VOFe1ELAL2OyN4RAxk0rliZQVgeTgqvgkOVIBbNwgnjN6mqtuWzFiPL+NXQExq40 +I3whM+4lEiwSHaV+MYxWanMdhc+kImT50LKfkxcdAgMBAAGjggEfMIIBGzAdBgNV +HQ4EFgQUB63oQR1/vda/G4F6P4xLiN4E0vowgesGA1UdIwSB4zCB4IAUB63oQR1/ +vda/G4F6P4xLiN4E0vqhgcSkgcEwgb4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdJ +bmRpYW5hMRUwEwYDVQQHEwxJbmRpYW5hcG9saXMxKDAmBgNVBAoTH1NvZnR3YXJl +IGluIHRoZSBQdWJsaWMgSW50ZXJlc3QxEzARBgNVBAsTCmhvc3RtYXN0ZXIxIDAe +BgNVBAMTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5MSUwIwYJKoZIhvcNAQkBFhZo +b3N0bWFzdGVyQHNwaS1pbmMub3JnggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN +AQEEBQADgYEAm/Abn8c2y1nO3fgpAIslxvi9iNBZDhQtJ0VQZY6wgSfANyDOR4DW +iexO/AlorB49KnkFS7TjCAoLOZhcg5FaNiKnlstMI5krQmau1Qnb/vGSNsE/UGms +1ts+QYPUs0KmGEAFUri2XzLy+aQo9Kw74VBvqnxvaaMeY5yMcKNOieY= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIIDjCCBfagAwIBAgIJAOiOtsn4KhQoMA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD +VQQGEwJVUzEQMA4GA1UECBMHSW5kaWFuYTEVMBMGA1UEBxMMSW5kaWFuYXBvbGlz +MSgwJgYDVQQKEx9Tb2Z0d2FyZSBpbiB0aGUgUHVibGljIEludGVyZXN0MRMwEQYD +VQQLEwpob3N0bWFzdGVyMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkx +JTAjBgkqhkiG9w0BCQEWFmhvc3RtYXN0ZXJAc3BpLWluYy5vcmcwHhcNMDgwNTEz +MDgwNzU2WhcNMTgwNTExMDgwNzU2WjCBvDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT +B0luZGlhbmExFTATBgNVBAcTDEluZGlhbmFwb2xpczEoMCYGA1UEChMfU29mdHdh +cmUgaW4gdGhlIFB1YmxpYyBJbnRlcmVzdDETMBEGA1UECxMKaG9zdG1hc3RlcjEe +MBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSUwIwYJKoZIhvcNAQkBFhZo +b3N0bWFzdGVyQHNwaS1pbmMub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEA3DbmR0LCxFF1KYdAw9iOIQbSGE7r7yC9kDyFEBOMKVuUY/b0LfEGQpG5 +GcRCaQi/izZF6igFM0lIoCdDkzWKQdh4s/Dvs24t3dHLfer0dSbTPpA67tfnLAS1 +fOH1fMVO73e9XKKTM5LOfYFIz2u1IiwIg/3T1c87Lf21SZBb9q1NE8re06adU1Fx +Y0b4ShZcmO4tbZoWoXaQ4mBDmdaJ1mwuepiyCwMs43pPx93jzONKao15Uvr0wa8u +jyoIyxspgpJyQ7zOiKmqp4pRQ1WFmjcDeJPI8L20QcgHQprLNZd6ioFl3h1UCAHx +ZFy3FxpRvB7DWYd2GBaY7r/2Z4GLBjXFS21ZGcfSxki+bhQog0oQnBv1b7ypjvVp +/rLBVcznFMn5WxRTUQfqzj3kTygfPGEJ1zPSbqdu1McTCW9rXRTunYkbpWry9vjQ +co7qch8vNGopCsUK7BxAhRL3pqXTT63AhYxMfHMgzFMY8bJYTAH1v+pk1Vw5xc5s +zFNaVrpBDyXfa1C2x4qgvQLCxTtVpbJkIoRRKFauMe5e+wsWTUYFkYBE7axt8Feo ++uthSKDLG7Mfjs3FIXcDhB78rKNDCGOM7fkn77SwXWfWT+3Qiz5dW8mRvZYChD3F +TbxCP3T9PF2sXEg2XocxLxhsxGjuoYvJWdAY4wCAs1QnLpnwFVMCAwEAAaOCAg8w +ggILMB0GA1UdDgQWBBQ0cdE41xU2g0dr1zdkQjuOjVKdqzCB8QYDVR0jBIHpMIHm +gBQ0cdE41xU2g0dr1zdkQjuOjVKdq6GBwqSBvzCBvDELMAkGA1UEBhMCVVMxEDAO +BgNVBAgTB0luZGlhbmExFTATBgNVBAcTDEluZGlhbmFwb2xpczEoMCYGA1UEChMf +U29mdHdhcmUgaW4gdGhlIFB1YmxpYyBJbnRlcmVzdDETMBEGA1UECxMKaG9zdG1h +c3RlcjEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSUwIwYJKoZIhvcN +AQkBFhZob3N0bWFzdGVyQHNwaS1pbmMub3JnggkA6I62yfgqFCgwDwYDVR0TAQH/ +BAUwAwEB/zARBglghkgBhvhCAQEEBAMCAAcwCQYDVR0SBAIwADAuBglghkgBhvhC +AQ0EIRYfU29mdHdhcmUgaW4gdGhlIFB1YmxpYyBJbnRlcmVzdDAwBglghkgBhvhC +AQQEIxYhaHR0cHM6Ly9jYS5zcGktaW5jLm9yZy9jYS1jcmwucGVtMDIGCWCGSAGG ++EIBAwQlFiNodHRwczovL2NhLnNwaS1pbmMub3JnL2NlcnQtY3JsLnBlbTAhBgNV +HREEGjAYgRZob3N0bWFzdGVyQHNwaS1pbmMub3JnMA4GA1UdDwEB/wQEAwIBBjAN +BgkqhkiG9w0BAQUFAAOCAgEAtM294LnqsgMrfjLp3nI/yUuCXp3ir1UJogxU6M8Y +PCggHam7AwIvUjki+RfPrWeQswN/2BXja367m1YBrzXU2rnHZxeb1NUON7MgQS4M +AcRb+WU+wmHo0vBqlXDDxm/VNaSsWXLhid+hoJ0kvSl56WEq2dMeyUakCHhBknIP +qxR17QnwovBc78MKYiC3wihmrkwvLo9FYyaW8O4x5otVm6o6+YI5HYg84gd1GuEP +sTC8cTLSOv76oYnzQyzWcsR5pxVIBcDYLXIC48s9Fmq6ybgREOJJhcyWR2AFJS7v +dVkz9UcZFu/abF8HyKZQth3LZjQl/GaD68W2MEH4RkRiqMEMVObqTFoo5q7Gt/5/ +O5aoLu7HaD7dAD0prypjq1/uSSotxdz70cbT0ZdWUoa2lOvUYFG3/B6bzAKb1B+P ++UqPti4oOxfMxaYF49LTtcYDyeFIQpvLP+QX4P4NAZUJurgNceQJcHdC2E3hQqlg +g9cXiUPS1N2nGLar1CQlh7XU4vwuImm9rWgs/3K1mKoGnOcqarihk3bOsPN/nOHg +T7jYhkalMwIsJWE3KpLIrIF0aGOHM3a9BX9e1dUCbb2v/ypaqknsmHlHU5H2DjRa +yaXG67Ljxay2oHA1u8hRadDytaIybrw/oDc5fHE2pgXfDBLkFqfF1stjo5VwP+YE +o2A= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEc +MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2Vj +IFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENB +IDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJE +RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxl +U2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290 +IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEU +ha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhC +QN/Po7qCWWqSG6wcmtoIKyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1Mjwr +rFDa1sPeg5TKqAyZMg4ISFZbavva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1S +NNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0moc +QqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoH +txa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAP +BgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC +AQEAlGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756Abrsp +tJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpa +IzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juwzTkZmDLl +6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+ +xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU +Cm26OWMohpLzGITY+9HPBVZkVw== +-----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx +ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g +RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMTYw +MTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH +QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5j +b20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j +b20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161+4WQFapmGBWTtwY6vj3D3H +KrjJM9N55DrtPDAjhI6zMBS2sofDPZVUBJ7fmd0LJR4h3mUpfjWoqVTr9vcyOdQm +VZWt7/v+WIbXnvQAjYwqDL1CBM6nPwT27oDyqu9SoWlm2r4arV3aLGbqGmu75RpR +SgAvSMeYddi5Kcju+GZtCpyz8/x4fKL4o/K1w/O5epHBp+YlLpyo7RJlbmr2EkRT +cDCVw5wrWCs9CHRK8r5RsL+H0EwnWGu1NcWdrxcx+AuP7q2BNgWJCJjPOq8lh8BJ +6qf9Z/dFjpfMFDniNoW1fho3/Rb2cRGadDAW/hOUoz+EDU8CAwEAAaOCATIwggEu +MB0GA1UdDgQWBBT9rGEyk2xF1uLuhV+auud2mWjM5zAfBgNVHSMEGDAWgBTSxLDS +kdRMEXGzYcs9of7dqGrU4zASBgNVHRMBAf8ECDAGAQH/AgEAMDMGCCsGAQUFBwEB +BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wRgYDVR0f +BD8wPTA7oDmgN4Y1aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv +c2l0b3J5L2dkcm9vdC5jcmwwSwYDVR0gBEQwQjBABgRVHSAAMDgwNgYIKwYBBQUH +AgEWKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTAO +BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBANKGwOy9+aG2Z+5mC6IG +OgRQjhVyrEp0lVPLN8tESe8HkGsz2ZbwlFalEzAFPIUyIXvJxwqoJKSQ3kbTJSMU +A2fCENZvD117esyfxVgqwcSeIaha86ykRvOe5GPLL5CkKSkB2XIsKd83ASe8T+5o +0yGPwLPk9Qnt0hCqU7S+8MxZC9Y7lhyVJEnfzuz9p0iRFEUOOjZv2kWzRaJBydTX +RE4+uXR21aITVSzGh6O1mawGhId/dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuH +qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV +U+4= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIE+zCCBGSgAwIBAgICAQ0wDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1Zh +bGlDZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIElu +Yy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24g +QXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAe +BgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTA0MDYyOTE3MDYyMFoX +DTI0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBE +YWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgC +ggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv +2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+q +N1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiO +r18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lN +f4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEH +U1jPEX44dMX4/7VpkI+EdOqXG68CAQOjggHhMIIB3TAdBgNVHQ4EFgQU0sSw0pHU +TBFxs2HLPaH+3ahq1OMwgdIGA1UdIwSByjCBx6GBwaSBvjCBuzEkMCIGA1UEBxMb +VmFsaUNlcnQgVmFsaWRhdGlvbiBOZXR3b3JrMRcwFQYDVQQKEw5WYWxpQ2VydCwg +SW5jLjE1MDMGA1UECxMsVmFsaUNlcnQgQ2xhc3MgMiBQb2xpY3kgVmFsaWRhdGlv +biBBdXRob3JpdHkxITAfBgNVBAMTGGh0dHA6Ly93d3cudmFsaWNlcnQuY29tLzEg +MB4GCSqGSIb3DQEJARYRaW5mb0B2YWxpY2VydC5jb22CAQEwDwYDVR0TAQH/BAUw +AwEB/zAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmdv +ZGFkZHkuY29tMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jZXJ0aWZpY2F0ZXMu +Z29kYWRkeS5jb20vcmVwb3NpdG9yeS9yb290LmNybDBLBgNVHSAERDBCMEAGBFUd +IAAwODA2BggrBgEFBQcCARYqaHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNv +bS9yZXBvc2l0b3J5MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOBgQC1 +QPmnHfbq/qQaQlpE9xXUhUaJwL6e4+PrxeNYiY+Sn1eocSxI0YGyeR+sBjUZsE4O +WBsUs5iB0QQeyAfJg594RAoYC5jcdnplDQ1tgMQLARzLrUc+cb53S8wGd9D0Vmsf +SxOaFIqII6hR8INMqzW/Rn453HWkrugp++85j09VZw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy
+NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY
+dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9
+WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS
+v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v
+UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu
+IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC
+W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd
+-----END CERTIFICATE-----
diff --git a/tests/vcore/test-cases/keys/README b/tests/vcore/test-cases/keys/README new file mode 100644 index 0000000..c7151d6 --- /dev/null +++ b/tests/vcore/test-cases/keys/README @@ -0,0 +1,2 @@ +This directory contains certificate/public keys/private keys used to create unittests. +Passwort to private keys is "1234" or "secret".
\ No newline at end of file diff --git a/tests/vcore/test-cases/keys/filip_rsa_cert.pem b/tests/vcore/test-cases/keys/filip_rsa_cert.pem new file mode 100644 index 0000000..0abebc6 --- /dev/null +++ b/tests/vcore/test-cases/keys/filip_rsa_cert.pem @@ -0,0 +1,62 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + c7:4a:82:f6:9d:1b:f6:7e + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=PL, ST=Maz, O=Samsung, OU=SPRC, CN=Samsung/emailAddress=samsung@samsung.com + Validity + Not Before: Oct 5 12:00:51 2011 GMT + Not After : Oct 2 12:00:51 2021 GMT + Subject: C=PL, ST=MAZ, L=Leg, O=Sam, OU=SPRC, CN=Filip/emailAddress=filip@samsung.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:d2:fe:c4:b4:c1:74:82:6f:7e:28:8c:df:1b:58: + 57:78:3e:5f:5e:4c:b1:e1:d7:c5:0d:1a:c3:e9:2e: + 9a:78:8a:d7:5f:b9:cf:ce:83:2a:9a:4a:80:f0:07: + 35:61:11:60:15:2c:24:f1:7b:15:1a:e0:d7:2f:6b: + ee:35:35:b9:16:e1:10:ac:17:37:86:b3:49:2d:a6: + ed:7e:f1:0f:af:d1:01:0e:1a:a5:45:da:b4:24:82: + 29:73:0c:5f:e8:3b:9e:85:c7:0f:6f:1b:53:80:fa: + a7:50:77:7c:8e:01:5d:84:a8:b3:41:3e:b1:18:07: + d2:b9:18:5c:9f:7e:b6:a4:49 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 7B:2C:B7:89:5E:F9:2A:D3:A4:A4:F1:5D:EA:69:D1:F5:D1:46:64:CC + X509v3 Authority Key Identifier: + keyid:82:08:7F:DB:00:02:86:E8:53:2A:A5:FA:58:AE:67:7F:14:38:C8:60 + + Signature Algorithm: sha1WithRSAEncryption + 0e:db:f4:08:1a:d0:d5:00:8c:1f:d8:ca:16:3a:52:a6:ae:f3: + 14:a3:17:41:e5:6d:6f:f6:62:7b:cd:b7:ff:fc:28:89:c8:3c: + 93:19:cf:e6:c4:b8:74:95:8d:5c:d6:f5:88:c2:dd:86:05:7c: + d2:0d:72:b7:78:13:58:fc:53:b4:5c:e9:ad:0c:8d:88:91:d3: + 9a:b6:cd:59:72:d7:d6:ba:11:54:65:04:fc:8f:10:e3:17:b1: + aa:96:cd:94:92:16:d8:98:e6:fe:4a:a8:29:f9:ca:c4:e4:46: + e8:73:4f:5d:95:76:f4:d6:36:7c:34:4f:3c:e2:18:a0:54:33: + ad:72 +-----BEGIN CERTIFICATE----- +MIIC4zCCAkygAwIBAgIJAMdKgvadG/Z+MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV +BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT +BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA +c2Ftc3VuZy5jb20wHhcNMTExMDA1MTIwMDUxWhcNMjExMDAyMTIwMDUxWjB4MQsw +CQYDVQQGEwJQTDEMMAoGA1UECBMDTUFaMQwwCgYDVQQHEwNMZWcxDDAKBgNVBAoT +A1NhbTENMAsGA1UECxMEU1BSQzEOMAwGA1UEAxMFRmlsaXAxIDAeBgkqhkiG9w0B +CQEWEWZpbGlwQHNhbXN1bmcuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQDS/sS0wXSCb34ojN8bWFd4Pl9eTLHh18UNGsPpLpp4itdfuc/OgyqaSoDwBzVh +EWAVLCTxexUa4Ncva+41NbkW4RCsFzeGs0ktpu1+8Q+v0QEOGqVF2rQkgilzDF/o +O56Fxw9vG1OA+qdQd3yOAV2EqLNBPrEYB9K5GFyffrakSQIDAQABo3sweTAJBgNV +HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp +Y2F0ZTAdBgNVHQ4EFgQUeyy3iV75KtOkpPFd6mnR9dFGZMwwHwYDVR0jBBgwFoAU +ggh/2wAChuhTKqX6WK5nfxQ4yGAwDQYJKoZIhvcNAQEFBQADgYEADtv0CBrQ1QCM +H9jKFjpSpq7zFKMXQeVtb/Zie823//woicg8kxnP5sS4dJWNXNb1iMLdhgV80g1y +t3gTWPxTtFzprQyNiJHTmrbNWXLX1roRVGUE/I8Q4xexqpbNlJIW2Jjm/kqoKfnK +xORG6HNPXZV29NY2fDRPPOIYoFQzrXI= +-----END CERTIFICATE----- diff --git a/tests/vcore/test-cases/keys/filip_rsa_key.pem b/tests/vcore/test-cases/keys/filip_rsa_key.pem new file mode 100644 index 0000000..6d0f4d8 --- /dev/null +++ b/tests/vcore/test-cases/keys/filip_rsa_key.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,FDE9F633EA955697 + +ASWLPmOFfKlo46nJXTJLCkhvD/q1MsHXPaaSByVzaavXxwMxOc2g7VkIR2D0yViQ +mxQFhJLVeq/1UI9pXL2+zk0awptHogwjTw81r2I+R6qkHsSjGjl4Ds6hOX3J211K +UqO4+3kf6JJOizXbH/y6WWbj9jEJeE7zzmhuyq8k6Kp47leZsle5y13usii323tz +OgAzZGsQBSkrlBNKKM58O7TkCO6UbZLjVEoBqcJU+p+UiKoGKdUV/MxkbGEKTEPN +wrFiqIxSk9KuV5iDAjnYCPz6iQIE+Q3NOW+MTw0yjWoMb7uXJexGM6VYkYFZUffe +16nAzJpYbG+CsJ5XTiGoiodazloVYdnDFnbDLDGS2kLgiuuHzF/DL1lFlbXwgpGj +sXFp6CemJ+KnMz4aIfC63Wuav+jvAVw26pl/cYxbhboSkl+H9ZKbk+KcIeMN1Rb7 +LD35tsjO5rnQ1QlG0WP6qT6O1SPG/4GgJTyzTwuw6i8jQw62ahKB5hTri/Z8Fmrn +kFh8F7gTJ+YnxrQuTK8r9QrZrXsE/YqUbHtVEI/m/6uydWdFHNWzJxe6oavuwks2 +3mumh1101mBEuEClzOzHP925oeXW+N8R+jFnA/7NkIjeOo+J9Z+QzBiq6DVJcuEY +5aqXcCIS9AciUoh3/ovtT637r25nhYwCruZLZ+4+Vkpv9n/gPSipHXgHt2cynaID +6O7xyoADa+zY1zTRd+A4aA+SWd/bxvKe+6sc/6iBlKA8bKwfPJcwg7il4bX4g5dk +dI8gTyM9puDoHrdTaLwY8+JL0MCguEvkk7LDttNfN0gxYvxXTpZ+Tg== +-----END RSA PRIVATE KEY----- diff --git a/tests/vcore/test-cases/keys/magda_dsa_cert.pem b/tests/vcore/test-cases/keys/magda_dsa_cert.pem new file mode 100644 index 0000000..0348db8 --- /dev/null +++ b/tests/vcore/test-cases/keys/magda_dsa_cert.pem @@ -0,0 +1,90 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + c7:4a:82:f6:9d:1b:f6:7f + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=PL, ST=Maz, O=Samsung, OU=SPRC, CN=Samsung/emailAddress=samsung@samsung.com + Validity + Not Before: Oct 5 12:11:33 2011 GMT + Not After : Oct 2 12:11:33 2021 GMT + Subject: C=PL, ST=Mazowieckie, L=legionowo, O=samsung, OU=sprc, CN=magda/emailAddress=magda@samsung.com + Subject Public Key Info: + Public Key Algorithm: dsaEncryption + DSA Public Key: + pub: + 00:ac:40:42:0e:cc:a8:28:24:0b:43:09:7e:d6:23: + 35:a2:8c:e6:7d:62:66:fe:23:d6:58:b8:f7:32:9f: + 63:99:d3:2c:ff:af:60:0b:e0:d2:8c:0b:35:8b:c9: + e6:77:0a:7d:8d:43:00:23:d4:e3:ff:ad:0b:b4:d3: + b9:af:79:c2:08:f9:af:0b:c0:5e:7c:e0:4b:23:86: + b9:2a:f4:7c:af:43:ca:b1:fa:13:42:df:5d:3f:96: + b8:84:07:6a:19:b6:89:26:f1:a8:fa:c2:86:59:e9: + e7:f1:17:0d:30:5a:3b:a4:1f:76:9a:b4:04:fe:3c: + 0a:56:5e:6f:17:00:f9:36:05 + P: + 00:b5:3c:23:9a:b0:58:65:7c:c7:35:ca:37:5c:a7: + bc:e4:cd:71:a2:5b:e3:29:56:e1:65:b1:d6:30:90: + 06:bd:b0:8b:cd:ad:02:e2:da:e9:71:72:73:41:78: + 21:ca:0d:b9:3b:53:e2:77:fd:0c:0e:d9:76:a7:6a: + 94:0c:52:ab:df:8d:f8:cb:d5:04:39:55:fe:c4:35: + 45:8f:34:fe:dc:12:fc:7c:d8:d6:f9:8d:67:47:c9: + 17:d5:ff:f4:dc:88:16:4d:f0:62:cd:11:b7:e1:b5: + 69:61:23:a0:9b:0d:6d:40:69:8d:27:3d:9f:3b:f6: + b4:88:93:bf:da:34:a6:77:15 + Q: + 00:b7:2b:f2:e4:00:9a:75:7e:dc:32:c8:03:99:d3: + a3:40:60:d1:b8:cb + G: + 24:6e:e6:79:4b:50:6c:cb:a5:44:c7:63:cd:e0:a8: + c9:ad:85:5d:d9:be:e1:a7:2f:22:71:3d:ff:e3:32: + 6d:74:c1:dd:b1:40:34:cc:b0:e9:64:ef:93:82:bd: + 44:af:2d:9b:9d:8d:f7:97:32:91:38:e9:01:bc:6a: + 4c:c6:97:c2:47:56:6c:e1:5d:54:a0:0a:9f:2c:62: + fd:42:ad:63:d4:3a:36:6c:09:07:68:5b:03:51:94: + ce:13:e4:a3:ca:c4:75:ae:ba:08:69:74:55:bc:8c: + d6:52:8c:26:30:3e:c2:9f:69:1b:5d:74:2f:4a:2f: + d7:d4:3d:7e:fa:8a:a7:95 + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 99:2A:52:86:CC:2F:5A:D1:00:05:DF:A5:DD:6C:5C:71:17:02:C9:D5 + X509v3 Authority Key Identifier: + keyid:82:08:7F:DB:00:02:86:E8:53:2A:A5:FA:58:AE:67:7F:14:38:C8:60 + + Signature Algorithm: sha1WithRSAEncryption + 81:f9:c0:bb:f8:0c:25:10:bf:04:5c:24:82:fa:c7:2f:44:d5: + e1:f7:cf:54:07:fb:45:29:d9:4b:a8:9b:e0:81:c6:82:bb:d7: + 26:f2:fe:42:1e:ef:1f:29:2f:64:8a:83:d8:bf:7a:9d:8d:84: + 69:23:6b:d3:25:eb:4f:cd:58:44:e9:dd:39:05:09:37:1e:18: + fd:6f:26:e9:ab:2e:e2:1c:c0:34:d6:6a:58:26:c0:a4:f0:c8: + 30:ae:95:70:f0:35:c2:b2:a0:66:a6:d6:a7:6d:7c:58:1a:88: + da:ff:69:5d:5d:0e:fa:3a:73:c6:ad:7e:19:e4:15:d9:4b:1b: + 47:07 +-----BEGIN CERTIFICATE----- +MIIEDzCCA3igAwIBAgIJAMdKgvadG/Z/MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV +BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT +BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA +c2Ftc3VuZy5jb20wHhcNMTExMDA1MTIxMTMzWhcNMjExMDAyMTIxMTMzWjCBijEL +MAkGA1UEBhMCUEwxFDASBgNVBAgTC01hem93aWVja2llMRIwEAYDVQQHEwlsZWdp +b25vd28xEDAOBgNVBAoTB3NhbXN1bmcxDTALBgNVBAsTBHNwcmMxDjAMBgNVBAMT +BW1hZ2RhMSAwHgYJKoZIhvcNAQkBFhFtYWdkYUBzYW1zdW5nLmNvbTCCAbcwggEr +BgcqhkjOOAQBMIIBHgKBgQC1PCOasFhlfMc1yjdcp7zkzXGiW+MpVuFlsdYwkAa9 +sIvNrQLi2ulxcnNBeCHKDbk7U+J3/QwO2XanapQMUqvfjfjL1QQ5Vf7ENUWPNP7c +Evx82Nb5jWdHyRfV//TciBZN8GLNEbfhtWlhI6CbDW1AaY0nPZ879rSIk7/aNKZ3 +FQIVALcr8uQAmnV+3DLIA5nTo0Bg0bjLAoGAJG7meUtQbMulRMdjzeCoya2FXdm+ +4acvInE9/+MybXTB3bFANMyw6WTvk4K9RK8tm52N95cykTjpAbxqTMaXwkdWbOFd +VKAKnyxi/UKtY9Q6NmwJB2hbA1GUzhPko8rEda66CGl0VbyM1lKMJjA+wp9pG110 +L0ov19Q9fvqKp5UDgYUAAoGBAKxAQg7MqCgkC0MJftYjNaKM5n1iZv4j1li49zKf +Y5nTLP+vYAvg0owLNYvJ5ncKfY1DACPU4/+tC7TTua95wgj5rwvAXnzgSyOGuSr0 +fK9DyrH6E0LfXT+WuIQHahm2iSbxqPrChlnp5/EXDTBaO6Qfdpq0BP48ClZebxcA ++TYFo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy +YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUmSpShswvWtEABd+l3WxccRcCydUw +HwYDVR0jBBgwFoAUggh/2wAChuhTKqX6WK5nfxQ4yGAwDQYJKoZIhvcNAQEFBQAD +gYEAgfnAu/gMJRC/BFwkgvrHL0TV4ffPVAf7RSnZS6ib4IHGgrvXJvL+Qh7vHykv +ZIqD2L96nY2EaSNr0yXrT81YROndOQUJNx4Y/W8m6asu4hzANNZqWCbApPDIMK6V +cPA1wrKgZqbWp218WBqI2v9pXV0O+jpzxq1+GeQV2UsbRwc= +-----END CERTIFICATE----- diff --git a/tests/vcore/test-cases/keys/magda_dsa_key.pem b/tests/vcore/test-cases/keys/magda_dsa_key.pem new file mode 100644 index 0000000..7842af6 --- /dev/null +++ b/tests/vcore/test-cases/keys/magda_dsa_key.pem @@ -0,0 +1,12 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBuwIBAAKBgQC1PCOasFhlfMc1yjdcp7zkzXGiW+MpVuFlsdYwkAa9sIvNrQLi +2ulxcnNBeCHKDbk7U+J3/QwO2XanapQMUqvfjfjL1QQ5Vf7ENUWPNP7cEvx82Nb5 +jWdHyRfV//TciBZN8GLNEbfhtWlhI6CbDW1AaY0nPZ879rSIk7/aNKZ3FQIVALcr +8uQAmnV+3DLIA5nTo0Bg0bjLAoGAJG7meUtQbMulRMdjzeCoya2FXdm+4acvInE9 +/+MybXTB3bFANMyw6WTvk4K9RK8tm52N95cykTjpAbxqTMaXwkdWbOFdVKAKnyxi +/UKtY9Q6NmwJB2hbA1GUzhPko8rEda66CGl0VbyM1lKMJjA+wp9pG110L0ov19Q9 +fvqKp5UCgYEArEBCDsyoKCQLQwl+1iM1oozmfWJm/iPWWLj3Mp9jmdMs/69gC+DS +jAs1i8nmdwp9jUMAI9Tj/60LtNO5r3nCCPmvC8BefOBLI4a5KvR8r0PKsfoTQt9d +P5a4hAdqGbaJJvGo+sKGWenn8RcNMFo7pB92mrQE/jwKVl5vFwD5NgUCFC0583uX +PgTY5e9pOTVpCwebt50S +-----END DSA PRIVATE KEY----- diff --git a/tests/vcore/test-cases/keys/ocsp_level0deprecated.crt b/tests/vcore/test-cases/keys/ocsp_level0deprecated.crt new file mode 100644 index 0000000..67bfa31 --- /dev/null +++ b/tests/vcore/test-cases/keys/ocsp_level0deprecated.crt @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFVTCCBD2gAwIBAgIHBBrt1FojCzANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE +BhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAY +BgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydGlm +aWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkxMDAuBgNVBAMTJ0dvIERhZGR5 +IFNlY3VyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTERMA8GA1UEBRMIMDc5Njky +ODcwHhcNMTAwNjA5MDIwNzU3WhcNMTEwNjE5MTEwNDM2WjBRMRUwEwYDVQQKEwwq +LnVidW50dS5jb20xITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEV +MBMGA1UEAxMMKi51YnVudHUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAu8VcCeGdREV3PYYQukyrfUAay8Ic3fMhA+YUKzqbH8UuPhcjjS3izxaT +vHLh7v80HS4DXYu6CqoQugZndV4R9KqJN1HVK5acar91VOeQgTSoowTSFtyg6aXJ +JVdEETyftGHSpS4WjyQZ9FazTfC47c5lJr+3wCZ90UaxaWpNERpMc2L4ZxG1wGCw +XYWVONtV817NecZVAiytvNPSmcnFm/OC/5GtzxNhfYmsNt1+MiC3IUFe2XnQwFhG +rvn9IcG2RhEKOOu55pHM08FcnDbfyegBkEDAmQbFIUM+tFUI7nkDNQWy/Mgzuqtg +DjydGu8h7BObEFrqXtUpm9CbTFZgzwIDAQABo4IBtjCCAbIwDwYDVR0TAQH/BAUw +AwEBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQD +AgWgMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2Rz +MS0xOS5jcmwwUwYDVR0gBEwwSjBIBgtghkgBhv1tAQcXATA5MDcGCCsGAQUFBwIB +FitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMIGA +BggrBgEFBQcBAQR0MHIwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHku +Y29tLzBKBggrBgEFBQcwAoY+aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNv +bS9yZXBvc2l0b3J5L2dkX2ludGVybWVkaWF0ZS5jcnQwHwYDVR0jBBgwFoAU/axh +MpNsRdbi7oVfmrrndplozOcwIwYDVR0RBBwwGoIMKi51YnVudHUuY29tggp1YnVu +dHUuY29tMB0GA1UdDgQWBBTUVPFNlBiCNfPjhD8O8mDUv7MLUjANBgkqhkiG9w0B +AQUFAAOCAQEAUjuOqqu+vS0StsxVXj44hvPye1MC/MkanIrdce5BgYMc5a+8UJba +ay8h34vtsvfDsTifNY8ijDx79Hprh9V2LwfWWAiWK2SdrceIdGrxDvzmDHllO5YT +ig2XhAA7ll4toSnrUfsZmi/bgb1V6VNoq36xvK+riDGnPhc7tNDZZb1fBKE+nA1p +CZq80Liv1xri4Nj1YQ0kMQQnSHkUgEGg7bvtf+cNkIp3OXTNW8f7VFoaWVZNKW8c +cxNljypjJM+h7xXCG/YRKws8eCi+xpO1Oc41tnSvbCbc0B6+xwFjRx5tfja309QI +R2+uBFsmWtBCtn31o4CFNytEnwBOPVbZBA== +-----END CERTIFICATE----- diff --git a/tests/vcore/test-cases/keys/ocsp_level1.crt b/tests/vcore/test-cases/keys/ocsp_level1.crt new file mode 100644 index 0000000..b6276d4 --- /dev/null +++ b/tests/vcore/test-cases/keys/ocsp_level1.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx +ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g +RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMTYw +MTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH +QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5j +b20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j +b20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161+4WQFapmGBWTtwY6vj3D3H +KrjJM9N55DrtPDAjhI6zMBS2sofDPZVUBJ7fmd0LJR4h3mUpfjWoqVTr9vcyOdQm +VZWt7/v+WIbXnvQAjYwqDL1CBM6nPwT27oDyqu9SoWlm2r4arV3aLGbqGmu75RpR +SgAvSMeYddi5Kcju+GZtCpyz8/x4fKL4o/K1w/O5epHBp+YlLpyo7RJlbmr2EkRT +cDCVw5wrWCs9CHRK8r5RsL+H0EwnWGu1NcWdrxcx+AuP7q2BNgWJCJjPOq8lh8BJ +6qf9Z/dFjpfMFDniNoW1fho3/Rb2cRGadDAW/hOUoz+EDU8CAwEAAaOCATIwggEu +MB0GA1UdDgQWBBT9rGEyk2xF1uLuhV+auud2mWjM5zAfBgNVHSMEGDAWgBTSxLDS +kdRMEXGzYcs9of7dqGrU4zASBgNVHRMBAf8ECDAGAQH/AgEAMDMGCCsGAQUFBwEB +BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wRgYDVR0f +BD8wPTA7oDmgN4Y1aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv +c2l0b3J5L2dkcm9vdC5jcmwwSwYDVR0gBEQwQjBABgRVHSAAMDgwNgYIKwYBBQUH +AgEWKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTAO +BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBANKGwOy9+aG2Z+5mC6IG +OgRQjhVyrEp0lVPLN8tESe8HkGsz2ZbwlFalEzAFPIUyIXvJxwqoJKSQ3kbTJSMU +A2fCENZvD117esyfxVgqwcSeIaha86ykRvOe5GPLL5CkKSkB2XIsKd83ASe8T+5o +0yGPwLPk9Qnt0hCqU7S+8MxZC9Y7lhyVJEnfzuz9p0iRFEUOOjZv2kWzRaJBydTX +RE4+uXR21aITVSzGh6O1mawGhId/dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuH +qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV +U+4= +-----END CERTIFICATE----- diff --git a/tests/vcore/test-cases/keys/ocsp_level2.crt b/tests/vcore/test-cases/keys/ocsp_level2.crt new file mode 100644 index 0000000..ec9fc33 --- /dev/null +++ b/tests/vcore/test-cases/keys/ocsp_level2.crt @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIE+zCCBGSgAwIBAgICAQ0wDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1Zh +bGlDZXJ0IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIElu +Yy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24g +QXV0aG9yaXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAe +BgkqhkiG9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTA0MDYyOTE3MDYyMFoX +DTI0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBE +YWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgC +ggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv +2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+q +N1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiO +r18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lN +f4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEH +U1jPEX44dMX4/7VpkI+EdOqXG68CAQOjggHhMIIB3TAdBgNVHQ4EFgQU0sSw0pHU +TBFxs2HLPaH+3ahq1OMwgdIGA1UdIwSByjCBx6GBwaSBvjCBuzEkMCIGA1UEBxMb +VmFsaUNlcnQgVmFsaWRhdGlvbiBOZXR3b3JrMRcwFQYDVQQKEw5WYWxpQ2VydCwg +SW5jLjE1MDMGA1UECxMsVmFsaUNlcnQgQ2xhc3MgMiBQb2xpY3kgVmFsaWRhdGlv +biBBdXRob3JpdHkxITAfBgNVBAMTGGh0dHA6Ly93d3cudmFsaWNlcnQuY29tLzEg +MB4GCSqGSIb3DQEJARYRaW5mb0B2YWxpY2VydC5jb22CAQEwDwYDVR0TAQH/BAUw +AwEB/zAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmdv +ZGFkZHkuY29tMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jZXJ0aWZpY2F0ZXMu +Z29kYWRkeS5jb20vcmVwb3NpdG9yeS9yb290LmNybDBLBgNVHSAERDBCMEAGBFUd +IAAwODA2BggrBgEFBQcCARYqaHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNv +bS9yZXBvc2l0b3J5MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOBgQC1 +QPmnHfbq/qQaQlpE9xXUhUaJwL6e4+PrxeNYiY+Sn1eocSxI0YGyeR+sBjUZsE4O +WBsUs5iB0QQeyAfJg594RAoYC5jcdnplDQ1tgMQLARzLrUc+cb53S8wGd9D0Vmsf +SxOaFIqII6hR8INMqzW/Rn453HWkrugp++85j09VZw== +-----END CERTIFICATE----- diff --git a/tests/vcore/test-cases/keys/ocsp_rootca.crt b/tests/vcore/test-cases/keys/ocsp_rootca.crt new file mode 100644 index 0000000..8417dc7 --- /dev/null +++ b/tests/vcore/test-cases/keys/ocsp_rootca.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE-----
+MIIC5zCCAlACAQEwDQYJKoZIhvcNAQEFBQAwgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0
+IFZhbGlkYXRpb24gTmV0d29yazEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAz
+BgNVBAsTLFZhbGlDZXJ0IENsYXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9y
+aXR5MSEwHwYDVQQDExhodHRwOi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG
+9w0BCQEWEWluZm9AdmFsaWNlcnQuY29tMB4XDTk5MDYyNjAwMTk1NFoXDTE5MDYy
+NjAwMTk1NFowgbsxJDAiBgNVBAcTG1ZhbGlDZXJ0IFZhbGlkYXRpb24gTmV0d29y
+azEXMBUGA1UEChMOVmFsaUNlcnQsIEluYy4xNTAzBgNVBAsTLFZhbGlDZXJ0IENs
+YXNzIDIgUG9saWN5IFZhbGlkYXRpb24gQXV0aG9yaXR5MSEwHwYDVQQDExhodHRw
+Oi8vd3d3LnZhbGljZXJ0LmNvbS8xIDAeBgkqhkiG9w0BCQEWEWluZm9AdmFsaWNl
+cnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOOnHK5avIWZJV16vY
+dA757tn2VUdZZUcOBVXc65g2PFxTXdMwzzjsvUGJ7SVCCSRrCl6zfN1SLUzm1NZ9
+WlmpZdRJEy0kTRxQb7XBhVQ7/nHk01xC+YDgkRoKWzk2Z/M/VXwbP7RfZHM047QS
+v4dk+NoS/zcnwbNDu+97bi5p9wIDAQABMA0GCSqGSIb3DQEBBQUAA4GBADt/UG9v
+UJSZSWI4OB9L+KXIPqeCgfYrx+jFzug6EILLGACOTb2oWH+heQC1u+mNr0HZDzTu
+IYEZoDJJKPTEjlbVUjP9UNV+mWwD5MlM/Mtsq2azSiGM5bUMMj4QssxsodyamEwC
+W/POuZ6lcg5Ktz885hZo+L7tdEy8W9ViH0Pd
+-----END CERTIFICATE-----
diff --git a/tests/vcore/test-cases/keys/operator.root.cert.pem b/tests/vcore/test-cases/keys/operator.root.cert.pem new file mode 100644 index 0000000..343241f --- /dev/null +++ b/tests/vcore/test-cases/keys/operator.root.cert.pem @@ -0,0 +1,66 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 85:7d:e1:c5:d9:de:7a:1f + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=PL, ST=Mazowieckie, O=Samsung, OU=SPRC, CN=Operator Test Root Certificate/emailAddress=operator@samsung.com + Validity + Not Before: Jan 4 17:27:08 2011 GMT + Not After : Jan 3 17:27:08 2014 GMT + Subject: C=PL, ST=Mazowieckie, O=Samsung, OU=SPRC, CN=Operator Test Root Certificate/emailAddress=operator@samsung.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:c3:39:17:a8:f9:d0:69:37:9a:56:44:39:67:10: + 14:a9:4b:a2:0b:c7:fc:a1:e8:e8:f7:1c:06:f4:9c: + 83:f7:37:07:9d:9c:2c:1b:46:43:5f:f1:7b:91:a8: + cd:c0:76:00:d5:9c:c9:28:f7:91:28:b6:97:ec:85: + b1:10:0f:58:2e:f6:6f:98:b6:ab:7b:ca:08:10:7f: + 55:32:bf:32:db:a7:c2:86:83:03:ee:41:0a:24:de: + 17:e3:9d:8f:5b:fa:46:70:78:98:b4:c1:14:77:44: + ab:59:7c:4c:d3:4a:f7:54:f2:30:0d:38:73:95:9f: + 21:0e:a9:86:3e:fc:82:4e:0b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 25:A5:90:9F:4D:3A:A4:19:0A:80:46:5E:F3:FB:20:CE:56:30:33:DA + X509v3 Authority Key Identifier: + keyid:25:A5:90:9F:4D:3A:A4:19:0A:80:46:5E:F3:FB:20:CE:56:30:33:DA + DirName:/C=PL/ST=Mazowieckie/O=Samsung/OU=SPRC/CN=Operator Test Root Certificate/emailAddress=operator@samsung.com + serial:85:7D:E1:C5:D9:DE:7A:1F + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + b9:d7:72:49:09:d8:6f:61:94:51:40:9d:c3:d3:23:53:97:b8: + 12:ee:cb:dd:57:e6:1f:a2:76:38:5d:42:51:bd:a9:30:19:f7: + 67:5b:a8:67:4a:9e:a1:f0:a9:22:14:94:77:32:27:79:37:9c: + 0a:0f:52:80:14:62:00:94:45:85:3b:fd:ad:b4:c3:20:45:ba: + b7:91:1a:9e:38:51:0f:9b:d5:ce:74:c7:bd:4a:21:9a:2d:b5: + 71:0b:42:d2:95:72:66:fe:eb:11:ad:62:44:6c:32:4e:b4:00: + 37:d7:b8:d5:4b:f6:74:36:78:d6:ae:66:b3:ca:6e:42:ff:cb: + c2:e6 +-----BEGIN CERTIFICATE----- +MIIDnzCCAwigAwIBAgIJAIV94cXZ3nofMA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD +VQQGEwJQTDEUMBIGA1UECBMLTWF6b3dpZWNraWUxEDAOBgNVBAoTB1NhbXN1bmcx +DTALBgNVBAsTBFNQUkMxJzAlBgNVBAMTHk9wZXJhdG9yIFRlc3QgUm9vdCBDZXJ0 +aWZpY2F0ZTEjMCEGCSqGSIb3DQEJARYUb3BlcmF0b3JAc2Ftc3VuZy5jb20wHhcN +MTEwMTA0MTcyNzA4WhcNMTQwMTAzMTcyNzA4WjCBkjELMAkGA1UEBhMCUEwxFDAS +BgNVBAgTC01hem93aWVja2llMRAwDgYDVQQKEwdTYW1zdW5nMQ0wCwYDVQQLEwRT +UFJDMScwJQYDVQQDEx5PcGVyYXRvciBUZXN0IFJvb3QgQ2VydGlmaWNhdGUxIzAh +BgkqhkiG9w0BCQEWFG9wZXJhdG9yQHNhbXN1bmcuY29tMIGfMA0GCSqGSIb3DQEB +AQUAA4GNADCBiQKBgQDDOReo+dBpN5pWRDlnEBSpS6ILx/yh6Oj3HAb0nIP3Nwed +nCwbRkNf8XuRqM3AdgDVnMko95EotpfshbEQD1gu9m+Ytqt7yggQf1UyvzLbp8KG +gwPuQQok3hfjnY9b+kZweJi0wRR3RKtZfEzTSvdU8jANOHOVnyEOqYY+/IJOCwID +AQABo4H6MIH3MB0GA1UdDgQWBBQlpZCfTTqkGQqARl7z+yDOVjAz2jCBxwYDVR0j +BIG/MIG8gBQlpZCfTTqkGQqARl7z+yDOVjAz2qGBmKSBlTCBkjELMAkGA1UEBhMC +UEwxFDASBgNVBAgTC01hem93aWVja2llMRAwDgYDVQQKEwdTYW1zdW5nMQ0wCwYD +VQQLEwRTUFJDMScwJQYDVQQDEx5PcGVyYXRvciBUZXN0IFJvb3QgQ2VydGlmaWNh +dGUxIzAhBgkqhkiG9w0BCQEWFG9wZXJhdG9yQHNhbXN1bmcuY29tggkAhX3hxdne +eh8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQC513JJCdhvYZRRQJ3D +0yNTl7gS7svdV+YfonY4XUJRvakwGfdnW6hnSp6h8KkiFJR3Mid5N5wKD1KAFGIA +lEWFO/2ttMMgRbq3kRqeOFEPm9XOdMe9SiGaLbVxC0LSlXJm/usRrWJEbDJOtAA3 +17jVS/Z0NnjWrmazym5C/8vC5g== +-----END CERTIFICATE----- diff --git a/tests/vcore/test-cases/keys/operator.second.cert.pem b/tests/vcore/test-cases/keys/operator.second.cert.pem new file mode 100644 index 0000000..f062d94 --- /dev/null +++ b/tests/vcore/test-cases/keys/operator.second.cert.pem @@ -0,0 +1,64 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 85:7d:e1:c5:d9:de:7a:20 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=PL, ST=Mazowieckie, O=Samsung, OU=SPRC, CN=Operator Test Root Certificate/emailAddress=operator@samsung.com + Validity + Not Before: Jan 4 17:34:31 2011 GMT + Not After : Jan 4 17:34:31 2012 GMT + Subject: C=PL, ST=Malopolskie, L=Krakow, O=Samsung, OU=N/A, CN=Operator Test Second Level Certificate/emailAddress=second.operator@samsung.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:ba:3c:58:ca:87:1e:59:68:54:8a:54:34:43:61: + f1:81:e6:35:c1:46:74:16:c7:ff:f9:15:9e:0c:5a: + 6a:89:c1:13:0c:61:2e:ba:00:e0:71:ea:7e:31:ae: + 4e:ef:93:58:51:98:97:f3:bf:8a:9b:b2:c1:b7:0c: + 5f:3f:56:b3:13:3b:d0:80:be:04:66:89:84:50:ca: + fe:f6:f7:6b:05:3b:30:4e:96:9c:5b:c5:80:bc:d6: + be:6e:69:f4:b9:9b:4c:06:7a:ed:37:67:b2:fe:45: + 69:57:62:54:cb:69:69:48:b9:7d:a0:42:f1:b6:dc: + f2:7f:eb:75:2a:d4:83:69:b9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + D9:F3:11:BF:98:5A:60:12:7A:85:B5:E7:A7:38:4F:CF:51:1D:C6:B2 + X509v3 Authority Key Identifier: + keyid:25:A5:90:9F:4D:3A:A4:19:0A:80:46:5E:F3:FB:20:CE:56:30:33:DA + + Signature Algorithm: sha1WithRSAEncryption + 69:6c:26:81:51:91:a6:e6:11:dc:81:35:03:73:85:4f:2f:29: + 1f:20:f2:23:54:82:ca:8f:b8:a6:e3:3f:cd:72:5e:d7:e7:f5: + 84:8a:33:e2:51:9f:36:4b:30:85:f4:4f:87:c7:9a:69:0b:15: + 6e:92:c7:1f:2f:58:a4:57:f8:c2:cd:59:6c:d2:11:63:ae:bb: + b0:32:3f:09:e7:2e:ad:db:1b:fe:e7:a4:21:43:47:76:e1:de: + 36:bb:26:3f:16:76:20:ed:a4:68:c1:48:ae:2b:95:fb:f6:d2: + f2:7f:74:f6:83:e2:89:06:b5:89:54:6e:7f:cf:88:94:66:e8: + da:32 +-----BEGIN CERTIFICATE----- +MIIDPjCCAqegAwIBAgIJAIV94cXZ3nogMA0GCSqGSIb3DQEBBQUAMIGSMQswCQYD +VQQGEwJQTDEUMBIGA1UECBMLTWF6b3dpZWNraWUxEDAOBgNVBAoTB1NhbXN1bmcx +DTALBgNVBAsTBFNQUkMxJzAlBgNVBAMTHk9wZXJhdG9yIFRlc3QgUm9vdCBDZXJ0 +aWZpY2F0ZTEjMCEGCSqGSIb3DQEJARYUb3BlcmF0b3JAc2Ftc3VuZy5jb20wHhcN +MTEwMTA0MTczNDMxWhcNMTIwMTA0MTczNDMxWjCBsTELMAkGA1UEBhMCUEwxFDAS +BgNVBAgTC01hbG9wb2xza2llMQ8wDQYDVQQHEwZLcmFrb3cxEDAOBgNVBAoTB1Nh +bXN1bmcxDDAKBgNVBAsTA04vQTEvMC0GA1UEAxMmT3BlcmF0b3IgVGVzdCBTZWNv +bmQgTGV2ZWwgQ2VydGlmaWNhdGUxKjAoBgkqhkiG9w0BCQEWG3NlY29uZC5vcGVy +YXRvckBzYW1zdW5nLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAujxY +yoceWWhUilQ0Q2HxgeY1wUZ0Fsf/+RWeDFpqicETDGEuugDgcep+Ma5O75NYUZiX +87+Km7LBtwxfP1azEzvQgL4EZomEUMr+9vdrBTswTpacW8WAvNa+bmn0uZtMBnrt +N2ey/kVpV2JUy2lpSLl9oELxttzyf+t1KtSDabkCAwEAAaN7MHkwCQYDVR0TBAIw +ADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw +HQYDVR0OBBYEFNnzEb+YWmASeoW156c4T89RHcayMB8GA1UdIwQYMBaAFCWlkJ9N +OqQZCoBGXvP7IM5WMDPaMA0GCSqGSIb3DQEBBQUAA4GBAGlsJoFRkabmEdyBNQNz +hU8vKR8g8iNUgsqPuKbjP81yXtfn9YSKM+JRnzZLMIX0T4fHmmkLFW6Sxx8vWKRX ++MLNWWzSEWOuu7AyPwnnLq3bG/7npCFDR3bh3ja7Jj8WdiDtpGjBSK4rlfv20vJ/ +dPaD4okGtYlUbn/PiJRm6Noy +-----END CERTIFICATE----- diff --git a/tests/vcore/test-cases/keys/operator.second.key.pem b/tests/vcore/test-cases/keys/operator.second.key.pem new file mode 100644 index 0000000..ab1214a --- /dev/null +++ b/tests/vcore/test-cases/keys/operator.second.key.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,44C051D8935528BB + +iISuf9ELdyP5M0vlWOK4msH09HRAhN+43qRu/RDznpsTs2lX2sJITXXEmJC4EJzS +Zk4jf3ScTj1JsMGlg5k0mZWLmDb4kUxTRVUqJX2W4uUYEmWav7LQHRAsPwNUSMs3 +DzZabSf1vplnKKoL9mMtX4E0mj79AkJp7tARQu4Zn2FDMg/UnCErzhGeoFysztmM +v0Biyrf8yTbatMMr7Ea6rIsKS8KbkEeYDk4LpxBXkMeOutnnUUdhUEXZ/mwgJq2e ++8LLPiWdFsrGxPdub7iuLXidXSpOd9VaC9LN/ORKF+EiJtF+twWSBotxYOtwmtgj +xUHfXBcbaFoPnLKNS0nxwsOHF07LUfsCHzfVm1uGyWFkkLrPfcSjb6PahFlfO6w5 +fv8HnUOgeAjlhK6X+xhmw1tpwMUlmcYmq31eC8rwxP59jNQbhH6GVr5+rEMRHNgp +loC1WqthoRtBEC0bi99VpIHVIepe9G+p40sIropoUWftfDSLl3RtONg5GyyZWQ4a +ROxsiLHDZ7+q8eKkJuYPkiZ61/5MHuOsH5k57PG7ppG6/0p+ED4bTwxxDb6PU4pA +08xUTZQ0CUn1x80o/lKw+1E9TJOTbCvrEJAnMksfOkNkNyedgDJaxfV63wYvnL4+ +BLzCqa6djpe0Mg2olQieV/piRUt7JaGA7bnaMAn+bJ56PzUnMl0/WlxzGTMtHjkf +zUqgLLdxZpJP7zl4XleSfRWlPgL1iN1s84x48ej+MGgOGi7xTgX/sfCLkN4No/8k +c5Po+lQU261XAYNuAjtjUFQP/FgIMM9CnJrDWp8xHZXUJBo0c5lOKg== +-----END RSA PRIVATE KEY----- diff --git a/tests/vcore/test-cases/keys/operator.second.p12 b/tests/vcore/test-cases/keys/operator.second.p12 Binary files differnew file mode 100644 index 0000000..2add1df --- /dev/null +++ b/tests/vcore/test-cases/keys/operator.second.p12 diff --git a/tests/vcore/test-cases/keys/root_cacert0.pem b/tests/vcore/test-cases/keys/root_cacert0.pem new file mode 100644 index 0000000..7aa429f --- /dev/null +++ b/tests/vcore/test-cases/keys/root_cacert0.pem @@ -0,0 +1,64 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + c7:4a:82:f6:9d:1b:f6:7d + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=PL, ST=Maz, O=Samsung, OU=SPRC, CN=Samsung/emailAddress=samsung@samsung.com + Validity + Not Before: Oct 5 11:52:36 2011 GMT + Not After : Oct 4 11:52:36 2014 GMT + Subject: C=PL, ST=Maz, O=Samsung, OU=SPRC, CN=Samsung/emailAddress=samsung@samsung.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:93:c2:12:8b:3e:b1:69:fe:c8:7e:f1:fa:b0:03: + d7:bd:25:03:bb:14:70:ab:65:ff:8f:e9:38:14:2b: + 92:02:d9:e7:b4:78:60:a0:ce:b1:b8:b6:78:c5:af: + b3:83:3c:47:58:3d:1e:a0:78:69:4d:56:dd:8c:d8: + 20:27:b2:0d:9f:bf:f1:d4:e1:39:0f:1b:6f:b8:cd: + ca:f4:0b:fd:d7:cb:64:09:c7:6d:1e:e8:dd:89:43: + 7f:72:85:3d:9a:54:6e:7c:55:a0:da:f5:e9:28:01: + ec:3a:da:5a:18:45:fc:28:b1:0e:43:2c:4c:26:5c: + ca:bc:44:d9:ce:7d:5a:f2:f3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 82:08:7F:DB:00:02:86:E8:53:2A:A5:FA:58:AE:67:7F:14:38:C8:60 + X509v3 Authority Key Identifier: + keyid:82:08:7F:DB:00:02:86:E8:53:2A:A5:FA:58:AE:67:7F:14:38:C8:60 + DirName:/C=PL/ST=Maz/O=Samsung/OU=SPRC/CN=Samsung/emailAddress=samsung@samsung.com + serial:C7:4A:82:F6:9D:1B:F6:7D + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 0f:cb:a3:cd:25:02:00:17:a9:c5:21:4a:6e:bb:ce:d9:14:74: + 23:29:c5:47:ff:02:91:5a:ee:a1:53:a7:e4:69:6f:f2:00:bc: + 09:87:80:f8:3b:a5:51:59:e9:20:1f:1d:5d:cb:91:eb:91:1e: + f4:79:bf:35:68:a5:ed:24:e5:28:dd:c9:1f:bf:53:f7:75:77: + 6c:fe:94:0c:de:9c:d9:8e:42:c6:7d:61:6b:5d:5d:ad:a7:6a: + e4:9b:53:2a:f7:85:9c:51:1d:72:5d:5c:2f:eb:f9:ff:80:4c: + 6d:46:e8:a0:2c:8a:6f:94:13:b2:00:47:2c:b0:b0:1c:12:fc: + a0:65 +-----BEGIN CERTIFICATE----- +MIIDOjCCAqOgAwIBAgIJAMdKgvadG/Z9MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV +BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT +BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA +c2Ftc3VuZy5jb20wHhcNMTExMDA1MTE1MjM2WhcNMTQxMDA0MTE1MjM2WjByMQsw +CQYDVQQGEwJQTDEMMAoGA1UECBMDTWF6MRAwDgYDVQQKEwdTYW1zdW5nMQ0wCwYD +VQQLEwRTUFJDMRAwDgYDVQQDEwdTYW1zdW5nMSIwIAYJKoZIhvcNAQkBFhNzYW1z +dW5nQHNhbXN1bmcuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTwhKL +PrFp/sh+8fqwA9e9JQO7FHCrZf+P6TgUK5IC2ee0eGCgzrG4tnjFr7ODPEdYPR6g +eGlNVt2M2CAnsg2fv/HU4TkPG2+4zcr0C/3Xy2QJx20e6N2JQ39yhT2aVG58VaDa +9ekoAew62loYRfwosQ5DLEwmXMq8RNnOfVry8wIDAQABo4HXMIHUMB0GA1UdDgQW +BBSCCH/bAAKG6FMqpfpYrmd/FDjIYDCBpAYDVR0jBIGcMIGZgBSCCH/bAAKG6FMq +pfpYrmd/FDjIYKF2pHQwcjELMAkGA1UEBhMCUEwxDDAKBgNVBAgTA01hejEQMA4G +A1UEChMHU2Ftc3VuZzENMAsGA1UECxMEU1BSQzEQMA4GA1UEAxMHU2Ftc3VuZzEi +MCAGCSqGSIb3DQEJARYTc2Ftc3VuZ0BzYW1zdW5nLmNvbYIJAMdKgvadG/Z9MAwG +A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAD8ujzSUCABepxSFKbrvO2RR0 +IynFR/8CkVruoVOn5Glv8gC8CYeA+DulUVnpIB8dXcuR65Ee9Hm/NWil7STlKN3J +H79T93V3bP6UDN6c2Y5Cxn1ha11dradq5JtTKveFnFEdcl1cL+v5/4BMbUbooCyK +b5QTsgBHLLCwHBL8oGU= +-----END CERTIFICATE----- diff --git a/tests/vcore/test-cases/keys/root_cakey0.pem b/tests/vcore/test-cases/keys/root_cakey0.pem new file mode 100644 index 0000000..ff33c13 --- /dev/null +++ b/tests/vcore/test-cases/keys/root_cakey0.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,D2942E015452A445 + +0M/tC+qVDqyhNsxZZB/dGLuNxsStSUA7TRDRiSBee9JsvcFZjq03D/VjBakNIeET +6efmKfAngomfvrWtxhped3RI4vasX05swfnr4qiUKjLPyftmNEepbNGeI8MaiD7a +fEOZuAacstyS5RMHRBXrktq+jtXW2meQTuvEMBJf1AeAIuaFNvr3OvvpCtDwRffi +1ijUVuG0ZQ6MpP7cGeqLYUZ9StTMxeiEesAPM4YrG7HIY13KaHwMr1ZRtENe7qZ8 +R8vwgW188FYkSSrcQjCVEuj/ztTg9eVuSKdTNgjfKzTWnlrjAzi8CKBsrkYoarwS +6Rv3TqVVnx4HHdo9RIUKZPeLOdcMD1OPK7aOUedPTAcht3Y7SQQphBQypLf6PLKB +DCo79B4TUA1W9MijT2d2GN7oJHqHax8zO2j+yCLkEcHF32JZsEFE63Bwss72FXMg +mTmpCwyzR+oN93687JDUBAP9zNVd76ZnpzwlMZirB6QTY/lrH+iXLH3R3PO6cl2R +0Jei4IQ1oB+SX6GOPt4tKGTqktUFhsJYbXyifj4O1ZyDVYTp0JafOLxJfU33oYTm +278yshFdyHRgfKIHvqctZ1xJN2ioVcWf+9DprHc5kGb6wUKRVfQpipTS2hgbMBz+ +UWRZWq+CUD5QkTz4cSQfhPWQF6TNWpTQc0dvAlo3Cmxrro1PriDItsCOeydeNWvn +Dyynx7ODp/F1rX5ekaXkVxsdGgD/HuNF+c7tEytD7U4/CmevytuXRIrFM0alj2OE +aBFTqKicBoKgDV9VUOTKwuFeNV7MSuVDUnngEBeYrinwGa7wuV7tzA== +-----END RSA PRIVATE KEY----- diff --git a/tests/vcore/test-cases/reference/encoding test.empty b/tests/vcore/test-cases/reference/encoding test.empty new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/tests/vcore/test-cases/reference/encoding test.empty diff --git a/tests/vcore/test-cases/widget/author-signature.xml b/tests/vcore/test-cases/widget/author-signature.xml new file mode 100644 index 0000000..ff82da8 --- /dev/null +++ b/tests/vcore/test-cases/widget/author-signature.xml @@ -0,0 +1,66 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:wac="http://wacapps.net/ns/digsig" Id="AuthorSignature"> + <SignedInfo> + <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> + <Reference URI="config.xml"> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue> + </Reference> + <Reference URI="index.html"> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue> + </Reference> + <Reference URI="#prop"> + <Transforms> + <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/> + </Transforms> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>MH34nIMXxv0fMQQ8bTV1wZUNLOrXTmpnxpADlNzmQ/4=</DigestValue> + </Reference> + </SignedInfo> + <SignatureValue>fhh+VQq76Uodq4upHhvcC2tgbVY8bL9DiiSe9wn1O4YrIFKMnEEYqYmpQbL1puWU +Zbht0hXpvEFXg1010q5kOZQxknqcyFg3hyVUpFDPARkJs1XhRNbFWJJF7qNXVgt5 +NyFrdXFv4lVFjkv+chSykaWu6V22z43E8kJcg+zGVU8=</SignatureValue> + <KeyInfo> + <X509Data> + <X509Certificate>MIIETTCCA7agAwIBAgIJANaOuOCRgiz3MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG +A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh +bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw +MDIyOTAxWhcNMTUwNzA4MDIyOTAxWjCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgT +CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw +Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBD +ZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJ +ARYSeG1sc2VjQGFsZWtzZXkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQDayaFajJxOdVU+8EjwO31S2XqNmYxxbHfiUJO3w2h57OPUkKAcKe5Gvt9hJbPT +b3C4blPScOke2RexKnXS7pAXXbxFlgUlZ0QK0K2pdl559OSmrtH3mPP9BJvvDMlx +kcNj9/EeD+yGd8GN/yT6PTDh8G/4lszOXL+tyKIkC4Ys/wIDAQABo4IBUzCCAU8w +DAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg +Q2VydGlmaWNhdGUwHQYDVR0OBBYEFNpG6Wvmr9M9quUhS1LtymYo4P6FMIHxBgNV +HSMEgekwgeaAFNpG6Wvmr9M9quUhS1LtymYo4P6FoYHCpIG/MIG8MQswCQYDVQQG +EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5 +IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwGA1UE +CxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmlu +MSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs9zAN +BgkqhkiG9w0BAQUFAAOBgQBUXbdOTQwArcNrbxavzARp2JGOnzo6WzTm+OFSXC0F +08YwT8jWbht97e8lNNVOBU4Y/38ReZqYC9OqFofG1/O9AdQ58WL/FWg8DgP5MJPT +T9kRU3FU01jUiX2+kbdnghZAOJm0ziRNxfNPwIIWPKYXyXEKQQzrnxyFey1hP7cg +6A==</X509Certificate> +</X509Data> + </KeyInfo> + <Object Id="prop"> + <SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"> + <SignatureProperty Id="profile" Target="#AuthorSignature"> + <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/> + </SignatureProperty> + <SignatureProperty Id="role" Target="#AuthorSignature"> + <dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-author"/> + </SignatureProperty> + <SignatureProperty Id="identifier" Target="#AuthorSignature"> + <dsp:Identifier/> + </SignatureProperty> + </SignatureProperties> + </Object> +</Signature> diff --git a/tests/vcore/test-cases/widget/config.xml b/tests/vcore/test-cases/widget/config.xml new file mode 100644 index 0000000..82b077b --- /dev/null +++ b/tests/vcore/test-cases/widget/config.xml @@ -0,0 +1,6 @@ +<widget xmlns="http://www.w3.org/ns/widgets" id="Test Widget"> + <name shortname="ShortName">Widget Name OK</name> + <version>1.2.3.4</version> + <description>A short description of widget</description> + <author>Author Name</author> +</widget> diff --git a/tests/vcore/test-cases/widget/index.html b/tests/vcore/test-cases/widget/index.html new file mode 100644 index 0000000..c47b20a --- /dev/null +++ b/tests/vcore/test-cases/widget/index.html @@ -0,0 +1,4 @@ +<!doctype html> +<title>Not tested</title> +<body style="background-color:#666"> +<h1>None</h1> diff --git a/tests/vcore/test-cases/widget/signature1.xml b/tests/vcore/test-cases/widget/signature1.xml new file mode 100644 index 0000000..71a100b --- /dev/null +++ b/tests/vcore/test-cases/widget/signature1.xml @@ -0,0 +1,62 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:wac="http://wacapps.net/ns/digsig" Id="DistributorSignature"> + <SignedInfo> + <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> + <Reference URI="author-signature.xml"> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>ZLhd8X2rzCIDGHkIvpDbCXq+dwq+DK7ZZaDD/fII8RU=</DigestValue> + </Reference> + <Reference URI="config.xml"> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue> + </Reference> + <Reference URI="index.html"> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue> + </Reference> + <Reference URI="#prop"> + <Transforms> + <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/> + </Transforms> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>ZxnfFPi1rAoxfpN98xSP3lv5tZg9ymJElAFdg3ejrXE=</DigestValue> + </Reference> + </SignedInfo> + <SignatureValue>Dwm15jQbvUxe7fa7p4RVRAUzYY6eGQmDJSWXnv2LBbouch163OMaXgjKXWOLU+ZA +MwwuUUXG44QvOIv5M3Kd/Pc6kwvyb9+xm8zqmFF/mhttmAHc7VjY5sfB+bYFt9/3 +8+upSqxiUGLXYzMD/9u4W9ociwAcLiOQytBF1/TCv/4=</SignatureValue> + <KeyInfo> + <X509Data> + <X509Certificate>MIIC4zCCAkygAwIBAgIJAMdKgvadG/Z+MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV +BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT +BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA +c2Ftc3VuZy5jb20wHhcNMTExMDA1MTIwMDUxWhcNMjExMDAyMTIwMDUxWjB4MQsw +CQYDVQQGEwJQTDEMMAoGA1UECBMDTUFaMQwwCgYDVQQHEwNMZWcxDDAKBgNVBAoT +A1NhbTENMAsGA1UECxMEU1BSQzEOMAwGA1UEAxMFRmlsaXAxIDAeBgkqhkiG9w0B +CQEWEWZpbGlwQHNhbXN1bmcuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQDS/sS0wXSCb34ojN8bWFd4Pl9eTLHh18UNGsPpLpp4itdfuc/OgyqaSoDwBzVh +EWAVLCTxexUa4Ncva+41NbkW4RCsFzeGs0ktpu1+8Q+v0QEOGqVF2rQkgilzDF/o +O56Fxw9vG1OA+qdQd3yOAV2EqLNBPrEYB9K5GFyffrakSQIDAQABo3sweTAJBgNV +HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp +Y2F0ZTAdBgNVHQ4EFgQUeyy3iV75KtOkpPFd6mnR9dFGZMwwHwYDVR0jBBgwFoAU +ggh/2wAChuhTKqX6WK5nfxQ4yGAwDQYJKoZIhvcNAQEFBQADgYEADtv0CBrQ1QCM +H9jKFjpSpq7zFKMXQeVtb/Zie823//woicg8kxnP5sS4dJWNXNb1iMLdhgV80g1y +t3gTWPxTtFzprQyNiJHTmrbNWXLX1roRVGUE/I8Q4xexqpbNlJIW2Jjm/kqoKfnK +xORG6HNPXZV29NY2fDRPPOIYoFQzrXI=</X509Certificate> +</X509Data> + </KeyInfo> + <Object Id="prop"> + <SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"> + <SignatureProperty Id="profile" Target="#DistributorSignature"> + <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/> + </SignatureProperty> + <SignatureProperty Id="role" Target="#DistributorSignature"> + <dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"/> + </SignatureProperty> + <SignatureProperty Id="identifier" Target="#DistributorSignature"> + <dsp:Identifier/> + </SignatureProperty> + </SignatureProperties> + </Object> +</Signature> diff --git a/tests/vcore/test-cases/widget/signature22.xml b/tests/vcore/test-cases/widget/signature22.xml new file mode 100644 index 0000000..715a7cc --- /dev/null +++ b/tests/vcore/test-cases/widget/signature22.xml @@ -0,0 +1,66 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:wac="http://wacapps.net/ns/digsig" Id="DistributorSignature"> + <SignedInfo> + <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> + <Reference URI="author-signature.xml"> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>ZLhd8X2rzCIDGHkIvpDbCXq+dwq+DK7ZZaDD/fII8RU=</DigestValue> + </Reference> + <Reference URI="config.xml"> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue> + </Reference> + <Reference URI="index.html"> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue> + </Reference> + <Reference URI="#prop"> + <Transforms> + <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/> + </Transforms> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>ZxnfFPi1rAoxfpN98xSP3lv5tZg9ymJElAFdg3ejrXE=</DigestValue> + </Reference> + </SignedInfo> + <SignatureValue>fV1J/120GG5L7qsxEkyH6fBvQh2atlpiGMbVM1+pb8Q6pHib5beV6A==</SignatureValue> + <KeyInfo> + <X509Data> + <X509Certificate>MIIEDzCCA3igAwIBAgIJAMdKgvadG/Z/MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV +BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT +BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA +c2Ftc3VuZy5jb20wHhcNMTExMDA1MTIxMTMzWhcNMjExMDAyMTIxMTMzWjCBijEL +MAkGA1UEBhMCUEwxFDASBgNVBAgTC01hem93aWVja2llMRIwEAYDVQQHEwlsZWdp +b25vd28xEDAOBgNVBAoTB3NhbXN1bmcxDTALBgNVBAsTBHNwcmMxDjAMBgNVBAMT +BW1hZ2RhMSAwHgYJKoZIhvcNAQkBFhFtYWdkYUBzYW1zdW5nLmNvbTCCAbcwggEr +BgcqhkjOOAQBMIIBHgKBgQC1PCOasFhlfMc1yjdcp7zkzXGiW+MpVuFlsdYwkAa9 +sIvNrQLi2ulxcnNBeCHKDbk7U+J3/QwO2XanapQMUqvfjfjL1QQ5Vf7ENUWPNP7c +Evx82Nb5jWdHyRfV//TciBZN8GLNEbfhtWlhI6CbDW1AaY0nPZ879rSIk7/aNKZ3 +FQIVALcr8uQAmnV+3DLIA5nTo0Bg0bjLAoGAJG7meUtQbMulRMdjzeCoya2FXdm+ +4acvInE9/+MybXTB3bFANMyw6WTvk4K9RK8tm52N95cykTjpAbxqTMaXwkdWbOFd +VKAKnyxi/UKtY9Q6NmwJB2hbA1GUzhPko8rEda66CGl0VbyM1lKMJjA+wp9pG110 +L0ov19Q9fvqKp5UDgYUAAoGBAKxAQg7MqCgkC0MJftYjNaKM5n1iZv4j1li49zKf +Y5nTLP+vYAvg0owLNYvJ5ncKfY1DACPU4/+tC7TTua95wgj5rwvAXnzgSyOGuSr0 +fK9DyrH6E0LfXT+WuIQHahm2iSbxqPrChlnp5/EXDTBaO6Qfdpq0BP48ClZebxcA ++TYFo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy +YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUmSpShswvWtEABd+l3WxccRcCydUw +HwYDVR0jBBgwFoAUggh/2wAChuhTKqX6WK5nfxQ4yGAwDQYJKoZIhvcNAQEFBQAD +gYEAgfnAu/gMJRC/BFwkgvrHL0TV4ffPVAf7RSnZS6ib4IHGgrvXJvL+Qh7vHykv +ZIqD2L96nY2EaSNr0yXrT81YROndOQUJNx4Y/W8m6asu4hzANNZqWCbApPDIMK6V +cPA1wrKgZqbWp218WBqI2v9pXV0O+jpzxq1+GeQV2UsbRwc=</X509Certificate> +</X509Data> + </KeyInfo> + <Object Id="prop"> + <SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"> + <SignatureProperty Id="profile" Target="#DistributorSignature"> + <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/> + </SignatureProperty> + <SignatureProperty Id="role" Target="#DistributorSignature"> + <dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"/> + </SignatureProperty> + <SignatureProperty Id="identifier" Target="#DistributorSignature"> + <dsp:Identifier/> + </SignatureProperty> + </SignatureProperties> + </Object> +</Signature> diff --git a/tests/vcore/test-cases/widget_negative_certificate/author-signature.xml b/tests/vcore/test-cases/widget_negative_certificate/author-signature.xml new file mode 100644 index 0000000..0a61a7d --- /dev/null +++ b/tests/vcore/test-cases/widget_negative_certificate/author-signature.xml @@ -0,0 +1,58 @@ +<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="AuthorSignature"> +<SignedInfo> +<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod> +<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod> +<Reference URI="config.xml"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue> +</Reference> +<Reference URI="index.html"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue> +</Reference> +<Reference URI="#prop"> +<Transforms> +<Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"></Transform> +</Transforms> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>lpo8tUDs054eLlBQXiDPVDVKfw30ZZdtkRs1jd7H5K8=</DigestValue> +</Reference> +</SignedInfo> +<SignatureValue> +MU+UfS+N71d+7Q0Bn9TWijjOheSKGQ+uM+//1BAafMwdY/Tq3gCr3nIU7qnojzx3fPWCCmWbz2pV +PGsgZW+cJGCiVkqfBs8TGkY7CeyGadxrE7vNA3geTx/3Ea8pTngqJ8NKvnzcZ4Lerrnp6gJkrvuF +EhSOqLgZMCtRdPA9sqA= +</SignatureValue> +<KeyInfo> +<X509Data> +<X509Certificate> +MIICUjCCAbugAwIBAgIGATyD2GRvMA0GCSqGSIb3DQEBBQUAMIGEMQswCQYDVQQGEwJLUjEOMAwG +A1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSAwHgYD +VQQLDBdUaXplbiBEZXZlbG9wZXIgVGVzdCBDQTEbMBkGA1UEAwwSVGl6ZW4gRGV2ZWxvcGVyIENB +MB4XDTEzMDEyOTAxMDc0MloXDTQwMDYxNjAxMDc0MVowVDELMAkGA1UEBhMCS1IxCzAJBgNVBAcM +AmtyMQswCQYDVQQKDAJrcjELMAkGA1UECwwCa3IxETAPBgkqhkiG9w0BCQEWAmtyMQswCQYDVQQD +DAJrcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAioxXX5wJwnu5Ucv4eMZvlKg0EdOWUtxT +zFpaRDvNfFfpyuacQzL5V2u4hg5FL6ldNDHJC0U+am60bVcmHxZ9YjGQrp6We7SW1jolC9lM9Dq5 +HIhpjCAbC8GHYHVlxX9vfJMgrqH/WF5P/7LHYpMZ/WoR4CBs2qfSdzOJOejaZSMCAwEAATANBgkq +hkiG9w0BAQUFAAOBgQDE8Wk+sSeXMfXtoWCetaRBCCkyTTMJJhTnw2wY4CMIDQfWlz0mDnjmDyc9 +SZzMuut3xwuaG5IVNjKb5kqGRoHm5Mweiv9/Unh3thtPNn3gdLr85u4SHOD7yX9fMM5C+4UCbN/i +okHIvOzFxNo+w6RqoiYuZTN1MLj95HPXx6zijg== +</X509Certificate> +<X509Certificate> +MIICpzCCAhCgAwIBAgIJAKzDjmEF+1OXMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJLUjEO +MAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSUw +IwYDVQQLDBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMSUwIwYDVQQDDBxUaXplbiBUZXN0 +IERldmVsb3BlciBSb290IENBMB4XDTEyMTAyOTEzMDEyMloXDTIyMTAyNzEzMDEyMlowgYQxCzAJ +BgNVBAYTAktSMQ4wDAYDVQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVu +IFRlc3QgQ0ExIDAeBgNVBAsMF1RpemVuIERldmVsb3BlciBUZXN0IENBMRswGQYDVQQDDBJUaXpl +biBEZXZlbG9wZXIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMyG0DSTHBgalQo1seDK +xpCU61gji+QQlxQkPQOvBrmuF6Z90zFCprTtg2sRjTLCNoRd75+VCCHuKGcrD27t7hwAekusPrpz +dsq5QoBMvNjGDM22lC45PJ4d86DEDY4erxeJ5aSQxqbfXK4pKe9NwxdkKuA8dTYZM1UcmhXs7YAL +AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACbr/OPNMJ+Ejrxfm/YjC +iRPpjJLnwXS2IDtitbxot6bEdZkZvOFXOC0Ca4GT+jtvOcSlU7tM3Mdd1MrKe1kkoVd1vhCV8V4C +K3/DPj8aN3rxfMfQitA6XMDcxzhsyMWz56OdifX50dvS/G/ad+kGhNhOOEKSE8zUyEDCGwqkfXk= +</X509Certificate> +</X509Data> +</KeyInfo> +<Object Id="prop"><SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"><SignatureProperty Id="profile" Target="#AuthorSignature"><dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"></dsp:Profile></SignatureProperty><SignatureProperty Id="role" Target="#AuthorSignature"><dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-author"></dsp:Role></SignatureProperty><SignatureProperty Id="identifier" Target="#AuthorSignature"><dsp:Identifier></dsp:Identifier></SignatureProperty></SignatureProperties></Object> +</Signature>
\ No newline at end of file diff --git a/tests/vcore/test-cases/widget_negative_certificate/config.xml b/tests/vcore/test-cases/widget_negative_certificate/config.xml new file mode 100644 index 0000000..82b077b --- /dev/null +++ b/tests/vcore/test-cases/widget_negative_certificate/config.xml @@ -0,0 +1,6 @@ +<widget xmlns="http://www.w3.org/ns/widgets" id="Test Widget"> + <name shortname="ShortName">Widget Name OK</name> + <version>1.2.3.4</version> + <description>A short description of widget</description> + <author>Author Name</author> +</widget> diff --git a/tests/vcore/test-cases/widget_negative_certificate/index.html b/tests/vcore/test-cases/widget_negative_certificate/index.html new file mode 100644 index 0000000..c47b20a --- /dev/null +++ b/tests/vcore/test-cases/widget_negative_certificate/index.html @@ -0,0 +1,4 @@ +<!doctype html> +<title>Not tested</title> +<body style="background-color:#666"> +<h1>None</h1> diff --git a/tests/vcore/test-cases/widget_negative_certificate/signature1.xml b/tests/vcore/test-cases/widget_negative_certificate/signature1.xml new file mode 100644 index 0000000..477fdfa --- /dev/null +++ b/tests/vcore/test-cases/widget_negative_certificate/signature1.xml @@ -0,0 +1,78 @@ +<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="DistributorSignature"> +<SignedInfo> +<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod> +<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod> +<Reference URI="author-signature.xml"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>Sg4UB6RV0ABPmFxAQm5oTXV1FPim17Z8akk9BUOMlSQ=</DigestValue> +</Reference> +<Reference URI="config.xml"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue> +</Reference> +<Reference URI="index.html"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue> +</Reference> +<Reference URI="#prop"> +<Transforms> +<Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"></Transform> +</Transforms> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>u/jU3U4Zm5ihTMSjKGlGYbWzDfRkGphPPHx3gJIYEJ4=</DigestValue> +</Reference> +</SignedInfo> +<SignatureValue> +QHutakNPUAZyfr5ucoY6YxAwmdSwqJpnBp3r93hFtACG7syvbZ1KZa28u2gwEKZyDALu8Agg4iCX +9on4rp/kdNIo1mDvzBfKpAaGBjj3bn2Au4uNtsWk8Bn/sOrqZ6DyDtpdm6e85uKhms08EKSf4vPw +T4o3+IlLoTy2iF2NNVQ= +</SignatureValue> +<KeyInfo> +<X509Data> +<X509Certificate> +MIICnTCCAgYCCQDE9MbMmJ/yCzANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCS1IxDjAMBgNV +BAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UE +CwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTElMCMGA1UEAwwcVGl6ZW4gUGFydG5lciBEaXN0 +cmlidXRvciBDQTAeFw0xMjEwMjcwNzQ4MzNaFw0yMjEwMjUwNzQ4MzNaMIGUMQswCQYDVQQGEwJL +UjEOMAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENB +MSIwIAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMSkwJwYDVQQDDCBUaXplbiBQYXJ0 +bmVyIERpc3RyaWJ1dG9yIFNpZ25lcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy9mg2x4B +zxlK3LJL81GsLq/pJfK1evdCKG/IOBpdoRO0rLhYnsL5+KvToPFa5g9GTZo32LikpW1NZ7++3EHE +fnO2IGLUau4kquvhmz1LNg5xBTx7IbucmwLMRGo1BPGdsAQQLyXeQKJ5PCERmVg4MIoiL2zT/JsL +sZ9UPT6GEB8CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAw5xPBFR1XKuZ8QpsCtSE0zXVHvwIa+Ha4 +YBdRtGwEoZmiKGZV/wAhPRdmR0kISkTz20kIGz/ZwRZCVGhsr5hkkpFknYlKeKkEJ/tJfZl4D7ec +GFAnynOzlWZqSIPz+yxX8ah9E6lTv4Vs9DhNb08nxVvxLqlpyVdk9RUsCx/yIA== +</X509Certificate> +<X509Certificate> +MIICnTCCAgYCCQDE9MbMmJ/yCzANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCS1IxDjAMBgNV +BAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UE +CwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTElMCMGA1UEAwwcVGl6ZW4gUGFydG5lciBEaXN0 +cmlidXRvciBDQTAeFw0xMjEwMjcwNzQ4MzNaFw0yMjEwMjUwNzQ4MzNaMIGUMQswCQYDVQQGEwJL +UjEOMAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENB +MSIwIAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMSkwJwYDVQQDDCBUaXplbiBQYXJ0 +bmVyIERpc3RyaWJ1dG9yIFNpZ25lcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy9mg2x4B +zxlK3LJL81GsLq/pJfK1evdCKG/IOBpdoRO0rLhYnsL5+KvToPFa5g9GTZo32LikpW1NZ7++3EHE +fnO2IGLUau4kquvhmz1LNg5xBTx7IbucmwLMRGo1BPGdsAQQLyXeQKJ5PCERmVg4MIoiL2zT/JsL +sZ9UPT6GEB8CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAw5xPBFR1XKuZ8QpsCtSE0zXVHvwIa+Ha4 +YBdRtGwEoZmiKGZV/wAhPRdmR0kISkTz20kIGz/ZwRZCVGhsr5hkkpFknYlKeKkEJ/tJfZl4D7ec +GFAnynOzlWZqSIPz+yxX8ah9E6lTv4Vs9DhNb08nxVvxLqlpyVdk9RUsCx/yIA== +</X509Certificate> +<X509Certificate> +MIICtTCCAh6gAwIBAgIJAKORBcIiXygIMA0GCSqGSIb3DQEBBQUAMIGVMQswCQYDVQQGEwJLUjEO +MAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSIw +IAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMSowKAYDVQQDDCFUaXplbiBQYXJ0bmVy +IERpc3RyaWJ1dG9yIFJvb3QgQ0EwHhcNMTIxMDI3MDc0NTIwWhcNMjIxMDI1MDc0NTIwWjCBkDEL +MAkGA1UEBhMCS1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6 +ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTElMCMGA1UEAwwc +VGl6ZW4gUGFydG5lciBEaXN0cmlidXRvciBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +2ZQrdEowjqxUmB8FX8ej19VKY6jGHKNIRE5wrhBkuZ1b0FLRPiN3/Cl9wMkCnyJui4QhC28g1aBg +w/JnaObcDqW1NgFVH3006+gZvCTDlw1nIEjvZa6P+uWOOi05xPPAE0feKPkO1POnOjnapfkkEVNU +8TXsLbLYBylWT8rxZC8CAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBJ +yJ7p6qs0JI+1iKOk/sYWVP6dMueY72qOc/wVj5c3ejOlgJNNXDMAQ14QcRRexffc68ipTwybU/3m +tcNwydzKJe+GFa4b2zyKOvOgrfs4MKSR0T9XEPmTKeR+NDT2CbA6/kQoRYm0fSORzD2UXJzNZWe/ +WjwSA66hv4q+0QZQFQ== +</X509Certificate> +</X509Data> +</KeyInfo> +<Object Id="prop"><SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"><SignatureProperty Id="profile" Target="#DistributorSignature"><dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"></dsp:Profile></SignatureProperty><SignatureProperty Id="role" Target="#DistributorSignature"><dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"></dsp:Role></SignatureProperty><SignatureProperty Id="identifier" Target="#DistributorSignature"><dsp:Identifier></dsp:Identifier></SignatureProperty></SignatureProperties></Object> +</Signature>
\ No newline at end of file diff --git a/tests/vcore/test-cases/widget_negative_hash/author-signature.xml b/tests/vcore/test-cases/widget_negative_hash/author-signature.xml new file mode 100644 index 0000000..67e9c43 --- /dev/null +++ b/tests/vcore/test-cases/widget_negative_hash/author-signature.xml @@ -0,0 +1,66 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:wac="http://wacapps.net/ns/digsig" Id="AuthorSignature"> + <SignedInfo> + <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> + <Reference URI="config.xml"> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>zUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue> + </Reference> + <Reference URI="index.html"> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>kIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue> + </Reference> + <Reference URI="#prop"> + <Transforms> + <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/> + </Transforms> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>MH34nIMXxv0fMQQ8bTV1wZUNLOrXTmpnxpADlNzmQ/4=</DigestValue> + </Reference> + </SignedInfo> + <SignatureValue>fhh+VQq76Uodq4upHhvcC2tgbVY8bL9DiiSe9wn1O4YrIFKMnEEYqYmpQbL1puWU +Zbht0hXpvEFXg1010q5kOZQxknqcyFg3hyVUpFDPARkJs1XhRNbFWJJF7qNXVgt5 +NyFrdXFv4lVFjkv+chSykaWu6V22z43E8kJcg+zGVU8=</SignatureValue> + <KeyInfo> + <X509Data> + <X509Certificate>MIIETTCCA7agAwIBAgIJANaOuOCRgiz3MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG +A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh +bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw +MDIyOTAxWhcNMTUwNzA4MDIyOTAxWjCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgT +CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw +Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBD +ZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJ +ARYSeG1sc2VjQGFsZWtzZXkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQDayaFajJxOdVU+8EjwO31S2XqNmYxxbHfiUJO3w2h57OPUkKAcKe5Gvt9hJbPT +b3C4blPScOke2RexKnXS7pAXXbxFlgUlZ0QK0K2pdl559OSmrtH3mPP9BJvvDMlx +kcNj9/EeD+yGd8GN/yT6PTDh8G/4lszOXL+tyKIkC4Ys/wIDAQABo4IBUzCCAU8w +DAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg +Q2VydGlmaWNhdGUwHQYDVR0OBBYEFNpG6Wvmr9M9quUhS1LtymYo4P6FMIHxBgNV +HSMEgekwgeaAFNpG6Wvmr9M9quUhS1LtymYo4P6FoYHCpIG/MIG8MQswCQYDVQQG +EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5 +IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwGA1UE +CxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmlu +MSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs9zAN +BgkqhkiG9w0BAQUFAAOBgQBUXbdOTQwArcNrbxavzARp2JGOnzo6WzTm+OFSXC0F +08YwT8jWbht97e8lNNVOBU4Y/38ReZqYC9OqFofG1/O9AdQ58WL/FWg8DgP5MJPT +T9kRU3FU01jUiX2+kbdnghZAOJm0ziRNxfNPwIIWPKYXyXEKQQzrnxyFey1hP7cg +6A==</X509Certificate> +</X509Data> + </KeyInfo> + <Object Id="prop"> + <SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"> + <SignatureProperty Id="profile" Target="#AuthorSignature"> + <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/> + </SignatureProperty> + <SignatureProperty Id="role" Target="#AuthorSignature"> + <dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-author"/> + </SignatureProperty> + <SignatureProperty Id="identifier" Target="#AuthorSignature"> + <dsp:Identifier/> + </SignatureProperty> + </SignatureProperties> + </Object> +</Signature> diff --git a/tests/vcore/test-cases/widget_negative_hash/config.xml b/tests/vcore/test-cases/widget_negative_hash/config.xml new file mode 100644 index 0000000..82b077b --- /dev/null +++ b/tests/vcore/test-cases/widget_negative_hash/config.xml @@ -0,0 +1,6 @@ +<widget xmlns="http://www.w3.org/ns/widgets" id="Test Widget"> + <name shortname="ShortName">Widget Name OK</name> + <version>1.2.3.4</version> + <description>A short description of widget</description> + <author>Author Name</author> +</widget> diff --git a/tests/vcore/test-cases/widget_negative_hash/index.html b/tests/vcore/test-cases/widget_negative_hash/index.html new file mode 100644 index 0000000..c47b20a --- /dev/null +++ b/tests/vcore/test-cases/widget_negative_hash/index.html @@ -0,0 +1,4 @@ +<!doctype html> +<title>Not tested</title> +<body style="background-color:#666"> +<h1>None</h1> diff --git a/tests/vcore/test-cases/widget_negative_hash/signature1.xml b/tests/vcore/test-cases/widget_negative_hash/signature1.xml new file mode 100644 index 0000000..71a100b --- /dev/null +++ b/tests/vcore/test-cases/widget_negative_hash/signature1.xml @@ -0,0 +1,62 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:wac="http://wacapps.net/ns/digsig" Id="DistributorSignature"> + <SignedInfo> + <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> + <Reference URI="author-signature.xml"> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>ZLhd8X2rzCIDGHkIvpDbCXq+dwq+DK7ZZaDD/fII8RU=</DigestValue> + </Reference> + <Reference URI="config.xml"> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue> + </Reference> + <Reference URI="index.html"> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue> + </Reference> + <Reference URI="#prop"> + <Transforms> + <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/> + </Transforms> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>ZxnfFPi1rAoxfpN98xSP3lv5tZg9ymJElAFdg3ejrXE=</DigestValue> + </Reference> + </SignedInfo> + <SignatureValue>Dwm15jQbvUxe7fa7p4RVRAUzYY6eGQmDJSWXnv2LBbouch163OMaXgjKXWOLU+ZA +MwwuUUXG44QvOIv5M3Kd/Pc6kwvyb9+xm8zqmFF/mhttmAHc7VjY5sfB+bYFt9/3 +8+upSqxiUGLXYzMD/9u4W9ociwAcLiOQytBF1/TCv/4=</SignatureValue> + <KeyInfo> + <X509Data> + <X509Certificate>MIIC4zCCAkygAwIBAgIJAMdKgvadG/Z+MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV +BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT +BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA +c2Ftc3VuZy5jb20wHhcNMTExMDA1MTIwMDUxWhcNMjExMDAyMTIwMDUxWjB4MQsw +CQYDVQQGEwJQTDEMMAoGA1UECBMDTUFaMQwwCgYDVQQHEwNMZWcxDDAKBgNVBAoT +A1NhbTENMAsGA1UECxMEU1BSQzEOMAwGA1UEAxMFRmlsaXAxIDAeBgkqhkiG9w0B +CQEWEWZpbGlwQHNhbXN1bmcuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQDS/sS0wXSCb34ojN8bWFd4Pl9eTLHh18UNGsPpLpp4itdfuc/OgyqaSoDwBzVh +EWAVLCTxexUa4Ncva+41NbkW4RCsFzeGs0ktpu1+8Q+v0QEOGqVF2rQkgilzDF/o +O56Fxw9vG1OA+qdQd3yOAV2EqLNBPrEYB9K5GFyffrakSQIDAQABo3sweTAJBgNV +HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp +Y2F0ZTAdBgNVHQ4EFgQUeyy3iV75KtOkpPFd6mnR9dFGZMwwHwYDVR0jBBgwFoAU +ggh/2wAChuhTKqX6WK5nfxQ4yGAwDQYJKoZIhvcNAQEFBQADgYEADtv0CBrQ1QCM +H9jKFjpSpq7zFKMXQeVtb/Zie823//woicg8kxnP5sS4dJWNXNb1iMLdhgV80g1y +t3gTWPxTtFzprQyNiJHTmrbNWXLX1roRVGUE/I8Q4xexqpbNlJIW2Jjm/kqoKfnK +xORG6HNPXZV29NY2fDRPPOIYoFQzrXI=</X509Certificate> +</X509Data> + </KeyInfo> + <Object Id="prop"> + <SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"> + <SignatureProperty Id="profile" Target="#DistributorSignature"> + <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/> + </SignatureProperty> + <SignatureProperty Id="role" Target="#DistributorSignature"> + <dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"/> + </SignatureProperty> + <SignatureProperty Id="identifier" Target="#DistributorSignature"> + <dsp:Identifier/> + </SignatureProperty> + </SignatureProperties> + </Object> +</Signature> diff --git a/tests/vcore/test-cases/widget_negative_hash/signature22.xml b/tests/vcore/test-cases/widget_negative_hash/signature22.xml new file mode 100644 index 0000000..715a7cc --- /dev/null +++ b/tests/vcore/test-cases/widget_negative_hash/signature22.xml @@ -0,0 +1,66 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:wac="http://wacapps.net/ns/digsig" Id="DistributorSignature"> + <SignedInfo> + <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> + <Reference URI="author-signature.xml"> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>ZLhd8X2rzCIDGHkIvpDbCXq+dwq+DK7ZZaDD/fII8RU=</DigestValue> + </Reference> + <Reference URI="config.xml"> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue> + </Reference> + <Reference URI="index.html"> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue> + </Reference> + <Reference URI="#prop"> + <Transforms> + <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/> + </Transforms> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>ZxnfFPi1rAoxfpN98xSP3lv5tZg9ymJElAFdg3ejrXE=</DigestValue> + </Reference> + </SignedInfo> + <SignatureValue>fV1J/120GG5L7qsxEkyH6fBvQh2atlpiGMbVM1+pb8Q6pHib5beV6A==</SignatureValue> + <KeyInfo> + <X509Data> + <X509Certificate>MIIEDzCCA3igAwIBAgIJAMdKgvadG/Z/MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV +BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT +BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA +c2Ftc3VuZy5jb20wHhcNMTExMDA1MTIxMTMzWhcNMjExMDAyMTIxMTMzWjCBijEL +MAkGA1UEBhMCUEwxFDASBgNVBAgTC01hem93aWVja2llMRIwEAYDVQQHEwlsZWdp +b25vd28xEDAOBgNVBAoTB3NhbXN1bmcxDTALBgNVBAsTBHNwcmMxDjAMBgNVBAMT +BW1hZ2RhMSAwHgYJKoZIhvcNAQkBFhFtYWdkYUBzYW1zdW5nLmNvbTCCAbcwggEr +BgcqhkjOOAQBMIIBHgKBgQC1PCOasFhlfMc1yjdcp7zkzXGiW+MpVuFlsdYwkAa9 +sIvNrQLi2ulxcnNBeCHKDbk7U+J3/QwO2XanapQMUqvfjfjL1QQ5Vf7ENUWPNP7c +Evx82Nb5jWdHyRfV//TciBZN8GLNEbfhtWlhI6CbDW1AaY0nPZ879rSIk7/aNKZ3 +FQIVALcr8uQAmnV+3DLIA5nTo0Bg0bjLAoGAJG7meUtQbMulRMdjzeCoya2FXdm+ +4acvInE9/+MybXTB3bFANMyw6WTvk4K9RK8tm52N95cykTjpAbxqTMaXwkdWbOFd +VKAKnyxi/UKtY9Q6NmwJB2hbA1GUzhPko8rEda66CGl0VbyM1lKMJjA+wp9pG110 +L0ov19Q9fvqKp5UDgYUAAoGBAKxAQg7MqCgkC0MJftYjNaKM5n1iZv4j1li49zKf +Y5nTLP+vYAvg0owLNYvJ5ncKfY1DACPU4/+tC7TTua95wgj5rwvAXnzgSyOGuSr0 +fK9DyrH6E0LfXT+WuIQHahm2iSbxqPrChlnp5/EXDTBaO6Qfdpq0BP48ClZebxcA ++TYFo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy +YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUmSpShswvWtEABd+l3WxccRcCydUw +HwYDVR0jBBgwFoAUggh/2wAChuhTKqX6WK5nfxQ4yGAwDQYJKoZIhvcNAQEFBQAD +gYEAgfnAu/gMJRC/BFwkgvrHL0TV4ffPVAf7RSnZS6ib4IHGgrvXJvL+Qh7vHykv +ZIqD2L96nY2EaSNr0yXrT81YROndOQUJNx4Y/W8m6asu4hzANNZqWCbApPDIMK6V +cPA1wrKgZqbWp218WBqI2v9pXV0O+jpzxq1+GeQV2UsbRwc=</X509Certificate> +</X509Data> + </KeyInfo> + <Object Id="prop"> + <SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"> + <SignatureProperty Id="profile" Target="#DistributorSignature"> + <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/> + </SignatureProperty> + <SignatureProperty Id="role" Target="#DistributorSignature"> + <dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"/> + </SignatureProperty> + <SignatureProperty Id="identifier" Target="#DistributorSignature"> + <dsp:Identifier/> + </SignatureProperty> + </SignatureProperties> + </Object> +</Signature> diff --git a/tests/vcore/test-cases/widget_negative_signature/author-signature.xml b/tests/vcore/test-cases/widget_negative_signature/author-signature.xml new file mode 100644 index 0000000..e0c2989 --- /dev/null +++ b/tests/vcore/test-cases/widget_negative_signature/author-signature.xml @@ -0,0 +1,66 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:wac="http://wacapps.net/ns/digsig" Id="AuthorSignature"> + <SignedInfo> + <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> + <Reference URI="config.xml"> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue> + </Reference> + <Reference URI="index.html"> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue> + </Reference> + <Reference URI="#prop"> + <Transforms> + <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/> + </Transforms> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>MH34nIMXxv0fMQQ8bTV1wZUNLOrXTmpnxpADlNzmQ/4=</DigestValue> + </Reference> + </SignedInfo> + <SignatureValue>khh+VQq76Uodq4upHhvcC2tgbVY8bL9DiiSe9wn1O4YrIFKMnEEYqYmpQbL1puWU +Zbht0hXpvEFXg1010q5kOZQxknqcyFg3hyVUpFDPARkJs1XhRNbFWJJF7qNXVgt5 +NyFrdXFv4lVFjkv+chSykaWu6V22z43E8kJcg+zGVU8=</SignatureValue> + <KeyInfo> + <X509Data> + <X509Certificate>MIIETTCCA7agAwIBAgIJANaOuOCRgiz3MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG +A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh +bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw +MDIyOTAxWhcNMTUwNzA4MDIyOTAxWjCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgT +CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw +Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBD +ZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJ +ARYSeG1sc2VjQGFsZWtzZXkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQDayaFajJxOdVU+8EjwO31S2XqNmYxxbHfiUJO3w2h57OPUkKAcKe5Gvt9hJbPT +b3C4blPScOke2RexKnXS7pAXXbxFlgUlZ0QK0K2pdl559OSmrtH3mPP9BJvvDMlx +kcNj9/EeD+yGd8GN/yT6PTDh8G/4lszOXL+tyKIkC4Ys/wIDAQABo4IBUzCCAU8w +DAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg +Q2VydGlmaWNhdGUwHQYDVR0OBBYEFNpG6Wvmr9M9quUhS1LtymYo4P6FMIHxBgNV +HSMEgekwgeaAFNpG6Wvmr9M9quUhS1LtymYo4P6FoYHCpIG/MIG8MQswCQYDVQQG +EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5 +IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwGA1UE +CxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmlu +MSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs9zAN +BgkqhkiG9w0BAQUFAAOBgQBUXbdOTQwArcNrbxavzARp2JGOnzo6WzTm+OFSXC0F +08YwT8jWbht97e8lNNVOBU4Y/38ReZqYC9OqFofG1/O9AdQ58WL/FWg8DgP5MJPT +T9kRU3FU01jUiX2+kbdnghZAOJm0ziRNxfNPwIIWPKYXyXEKQQzrnxyFey1hP7cg +6A==</X509Certificate> +</X509Data> + </KeyInfo> + <Object Id="prop"> + <SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"> + <SignatureProperty Id="profile" Target="#AuthorSignature"> + <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/> + </SignatureProperty> + <SignatureProperty Id="role" Target="#AuthorSignature"> + <dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-author"/> + </SignatureProperty> + <SignatureProperty Id="identifier" Target="#AuthorSignature"> + <dsp:Identifier/> + </SignatureProperty> + </SignatureProperties> + </Object> +</Signature> diff --git a/tests/vcore/test-cases/widget_negative_signature/config.xml b/tests/vcore/test-cases/widget_negative_signature/config.xml new file mode 100644 index 0000000..82b077b --- /dev/null +++ b/tests/vcore/test-cases/widget_negative_signature/config.xml @@ -0,0 +1,6 @@ +<widget xmlns="http://www.w3.org/ns/widgets" id="Test Widget"> + <name shortname="ShortName">Widget Name OK</name> + <version>1.2.3.4</version> + <description>A short description of widget</description> + <author>Author Name</author> +</widget> diff --git a/tests/vcore/test-cases/widget_negative_signature/index.html b/tests/vcore/test-cases/widget_negative_signature/index.html new file mode 100644 index 0000000..c47b20a --- /dev/null +++ b/tests/vcore/test-cases/widget_negative_signature/index.html @@ -0,0 +1,4 @@ +<!doctype html> +<title>Not tested</title> +<body style="background-color:#666"> +<h1>None</h1> diff --git a/tests/vcore/test-cases/widget_negative_signature/signature1.xml b/tests/vcore/test-cases/widget_negative_signature/signature1.xml new file mode 100644 index 0000000..71a100b --- /dev/null +++ b/tests/vcore/test-cases/widget_negative_signature/signature1.xml @@ -0,0 +1,62 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:wac="http://wacapps.net/ns/digsig" Id="DistributorSignature"> + <SignedInfo> + <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> + <Reference URI="author-signature.xml"> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>ZLhd8X2rzCIDGHkIvpDbCXq+dwq+DK7ZZaDD/fII8RU=</DigestValue> + </Reference> + <Reference URI="config.xml"> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue> + </Reference> + <Reference URI="index.html"> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue> + </Reference> + <Reference URI="#prop"> + <Transforms> + <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/> + </Transforms> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>ZxnfFPi1rAoxfpN98xSP3lv5tZg9ymJElAFdg3ejrXE=</DigestValue> + </Reference> + </SignedInfo> + <SignatureValue>Dwm15jQbvUxe7fa7p4RVRAUzYY6eGQmDJSWXnv2LBbouch163OMaXgjKXWOLU+ZA +MwwuUUXG44QvOIv5M3Kd/Pc6kwvyb9+xm8zqmFF/mhttmAHc7VjY5sfB+bYFt9/3 +8+upSqxiUGLXYzMD/9u4W9ociwAcLiOQytBF1/TCv/4=</SignatureValue> + <KeyInfo> + <X509Data> + <X509Certificate>MIIC4zCCAkygAwIBAgIJAMdKgvadG/Z+MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV +BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT +BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA +c2Ftc3VuZy5jb20wHhcNMTExMDA1MTIwMDUxWhcNMjExMDAyMTIwMDUxWjB4MQsw +CQYDVQQGEwJQTDEMMAoGA1UECBMDTUFaMQwwCgYDVQQHEwNMZWcxDDAKBgNVBAoT +A1NhbTENMAsGA1UECxMEU1BSQzEOMAwGA1UEAxMFRmlsaXAxIDAeBgkqhkiG9w0B +CQEWEWZpbGlwQHNhbXN1bmcuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQDS/sS0wXSCb34ojN8bWFd4Pl9eTLHh18UNGsPpLpp4itdfuc/OgyqaSoDwBzVh +EWAVLCTxexUa4Ncva+41NbkW4RCsFzeGs0ktpu1+8Q+v0QEOGqVF2rQkgilzDF/o +O56Fxw9vG1OA+qdQd3yOAV2EqLNBPrEYB9K5GFyffrakSQIDAQABo3sweTAJBgNV +HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp +Y2F0ZTAdBgNVHQ4EFgQUeyy3iV75KtOkpPFd6mnR9dFGZMwwHwYDVR0jBBgwFoAU +ggh/2wAChuhTKqX6WK5nfxQ4yGAwDQYJKoZIhvcNAQEFBQADgYEADtv0CBrQ1QCM +H9jKFjpSpq7zFKMXQeVtb/Zie823//woicg8kxnP5sS4dJWNXNb1iMLdhgV80g1y +t3gTWPxTtFzprQyNiJHTmrbNWXLX1roRVGUE/I8Q4xexqpbNlJIW2Jjm/kqoKfnK +xORG6HNPXZV29NY2fDRPPOIYoFQzrXI=</X509Certificate> +</X509Data> + </KeyInfo> + <Object Id="prop"> + <SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"> + <SignatureProperty Id="profile" Target="#DistributorSignature"> + <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/> + </SignatureProperty> + <SignatureProperty Id="role" Target="#DistributorSignature"> + <dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"/> + </SignatureProperty> + <SignatureProperty Id="identifier" Target="#DistributorSignature"> + <dsp:Identifier/> + </SignatureProperty> + </SignatureProperties> + </Object> +</Signature> diff --git a/tests/vcore/test-cases/widget_negative_signature/signature22.xml b/tests/vcore/test-cases/widget_negative_signature/signature22.xml new file mode 100644 index 0000000..715a7cc --- /dev/null +++ b/tests/vcore/test-cases/widget_negative_signature/signature22.xml @@ -0,0 +1,66 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:wac="http://wacapps.net/ns/digsig" Id="DistributorSignature"> + <SignedInfo> + <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> + <Reference URI="author-signature.xml"> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>ZLhd8X2rzCIDGHkIvpDbCXq+dwq+DK7ZZaDD/fII8RU=</DigestValue> + </Reference> + <Reference URI="config.xml"> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue> + </Reference> + <Reference URI="index.html"> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue> + </Reference> + <Reference URI="#prop"> + <Transforms> + <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/> + </Transforms> + <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <DigestValue>ZxnfFPi1rAoxfpN98xSP3lv5tZg9ymJElAFdg3ejrXE=</DigestValue> + </Reference> + </SignedInfo> + <SignatureValue>fV1J/120GG5L7qsxEkyH6fBvQh2atlpiGMbVM1+pb8Q6pHib5beV6A==</SignatureValue> + <KeyInfo> + <X509Data> + <X509Certificate>MIIEDzCCA3igAwIBAgIJAMdKgvadG/Z/MA0GCSqGSIb3DQEBBQUAMHIxCzAJBgNV +BAYTAlBMMQwwCgYDVQQIEwNNYXoxEDAOBgNVBAoTB1NhbXN1bmcxDTALBgNVBAsT +BFNQUkMxEDAOBgNVBAMTB1NhbXN1bmcxIjAgBgkqhkiG9w0BCQEWE3NhbXN1bmdA +c2Ftc3VuZy5jb20wHhcNMTExMDA1MTIxMTMzWhcNMjExMDAyMTIxMTMzWjCBijEL +MAkGA1UEBhMCUEwxFDASBgNVBAgTC01hem93aWVja2llMRIwEAYDVQQHEwlsZWdp +b25vd28xEDAOBgNVBAoTB3NhbXN1bmcxDTALBgNVBAsTBHNwcmMxDjAMBgNVBAMT +BW1hZ2RhMSAwHgYJKoZIhvcNAQkBFhFtYWdkYUBzYW1zdW5nLmNvbTCCAbcwggEr +BgcqhkjOOAQBMIIBHgKBgQC1PCOasFhlfMc1yjdcp7zkzXGiW+MpVuFlsdYwkAa9 +sIvNrQLi2ulxcnNBeCHKDbk7U+J3/QwO2XanapQMUqvfjfjL1QQ5Vf7ENUWPNP7c +Evx82Nb5jWdHyRfV//TciBZN8GLNEbfhtWlhI6CbDW1AaY0nPZ879rSIk7/aNKZ3 +FQIVALcr8uQAmnV+3DLIA5nTo0Bg0bjLAoGAJG7meUtQbMulRMdjzeCoya2FXdm+ +4acvInE9/+MybXTB3bFANMyw6WTvk4K9RK8tm52N95cykTjpAbxqTMaXwkdWbOFd +VKAKnyxi/UKtY9Q6NmwJB2hbA1GUzhPko8rEda66CGl0VbyM1lKMJjA+wp9pG110 +L0ov19Q9fvqKp5UDgYUAAoGBAKxAQg7MqCgkC0MJftYjNaKM5n1iZv4j1li49zKf +Y5nTLP+vYAvg0owLNYvJ5ncKfY1DACPU4/+tC7TTua95wgj5rwvAXnzgSyOGuSr0 +fK9DyrH6E0LfXT+WuIQHahm2iSbxqPrChlnp5/EXDTBaO6Qfdpq0BP48ClZebxcA ++TYFo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy +YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUmSpShswvWtEABd+l3WxccRcCydUw +HwYDVR0jBBgwFoAUggh/2wAChuhTKqX6WK5nfxQ4yGAwDQYJKoZIhvcNAQEFBQAD +gYEAgfnAu/gMJRC/BFwkgvrHL0TV4ffPVAf7RSnZS6ib4IHGgrvXJvL+Qh7vHykv +ZIqD2L96nY2EaSNr0yXrT81YROndOQUJNx4Y/W8m6asu4hzANNZqWCbApPDIMK6V +cPA1wrKgZqbWp218WBqI2v9pXV0O+jpzxq1+GeQV2UsbRwc=</X509Certificate> +</X509Data> + </KeyInfo> + <Object Id="prop"> + <SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"> + <SignatureProperty Id="profile" Target="#DistributorSignature"> + <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/> + </SignatureProperty> + <SignatureProperty Id="role" Target="#DistributorSignature"> + <dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"/> + </SignatureProperty> + <SignatureProperty Id="identifier" Target="#DistributorSignature"> + <dsp:Identifier/> + </SignatureProperty> + </SignatureProperties> + </Object> +</Signature> diff --git a/tests/vcore/test-cases/widget_partner/author-signature.xml b/tests/vcore/test-cases/widget_partner/author-signature.xml new file mode 100644 index 0000000..0a61a7d --- /dev/null +++ b/tests/vcore/test-cases/widget_partner/author-signature.xml @@ -0,0 +1,58 @@ +<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="AuthorSignature"> +<SignedInfo> +<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod> +<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod> +<Reference URI="config.xml"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue> +</Reference> +<Reference URI="index.html"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue> +</Reference> +<Reference URI="#prop"> +<Transforms> +<Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"></Transform> +</Transforms> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>lpo8tUDs054eLlBQXiDPVDVKfw30ZZdtkRs1jd7H5K8=</DigestValue> +</Reference> +</SignedInfo> +<SignatureValue> +MU+UfS+N71d+7Q0Bn9TWijjOheSKGQ+uM+//1BAafMwdY/Tq3gCr3nIU7qnojzx3fPWCCmWbz2pV +PGsgZW+cJGCiVkqfBs8TGkY7CeyGadxrE7vNA3geTx/3Ea8pTngqJ8NKvnzcZ4Lerrnp6gJkrvuF +EhSOqLgZMCtRdPA9sqA= +</SignatureValue> +<KeyInfo> +<X509Data> +<X509Certificate> +MIICUjCCAbugAwIBAgIGATyD2GRvMA0GCSqGSIb3DQEBBQUAMIGEMQswCQYDVQQGEwJLUjEOMAwG +A1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSAwHgYD +VQQLDBdUaXplbiBEZXZlbG9wZXIgVGVzdCBDQTEbMBkGA1UEAwwSVGl6ZW4gRGV2ZWxvcGVyIENB +MB4XDTEzMDEyOTAxMDc0MloXDTQwMDYxNjAxMDc0MVowVDELMAkGA1UEBhMCS1IxCzAJBgNVBAcM +AmtyMQswCQYDVQQKDAJrcjELMAkGA1UECwwCa3IxETAPBgkqhkiG9w0BCQEWAmtyMQswCQYDVQQD +DAJrcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAioxXX5wJwnu5Ucv4eMZvlKg0EdOWUtxT +zFpaRDvNfFfpyuacQzL5V2u4hg5FL6ldNDHJC0U+am60bVcmHxZ9YjGQrp6We7SW1jolC9lM9Dq5 +HIhpjCAbC8GHYHVlxX9vfJMgrqH/WF5P/7LHYpMZ/WoR4CBs2qfSdzOJOejaZSMCAwEAATANBgkq +hkiG9w0BAQUFAAOBgQDE8Wk+sSeXMfXtoWCetaRBCCkyTTMJJhTnw2wY4CMIDQfWlz0mDnjmDyc9 +SZzMuut3xwuaG5IVNjKb5kqGRoHm5Mweiv9/Unh3thtPNn3gdLr85u4SHOD7yX9fMM5C+4UCbN/i +okHIvOzFxNo+w6RqoiYuZTN1MLj95HPXx6zijg== +</X509Certificate> +<X509Certificate> +MIICpzCCAhCgAwIBAgIJAKzDjmEF+1OXMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJLUjEO +MAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSUw +IwYDVQQLDBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMSUwIwYDVQQDDBxUaXplbiBUZXN0 +IERldmVsb3BlciBSb290IENBMB4XDTEyMTAyOTEzMDEyMloXDTIyMTAyNzEzMDEyMlowgYQxCzAJ +BgNVBAYTAktSMQ4wDAYDVQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVu +IFRlc3QgQ0ExIDAeBgNVBAsMF1RpemVuIERldmVsb3BlciBUZXN0IENBMRswGQYDVQQDDBJUaXpl +biBEZXZlbG9wZXIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMyG0DSTHBgalQo1seDK +xpCU61gji+QQlxQkPQOvBrmuF6Z90zFCprTtg2sRjTLCNoRd75+VCCHuKGcrD27t7hwAekusPrpz +dsq5QoBMvNjGDM22lC45PJ4d86DEDY4erxeJ5aSQxqbfXK4pKe9NwxdkKuA8dTYZM1UcmhXs7YAL +AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACbr/OPNMJ+Ejrxfm/YjC +iRPpjJLnwXS2IDtitbxot6bEdZkZvOFXOC0Ca4GT+jtvOcSlU7tM3Mdd1MrKe1kkoVd1vhCV8V4C +K3/DPj8aN3rxfMfQitA6XMDcxzhsyMWz56OdifX50dvS/G/ad+kGhNhOOEKSE8zUyEDCGwqkfXk= +</X509Certificate> +</X509Data> +</KeyInfo> +<Object Id="prop"><SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"><SignatureProperty Id="profile" Target="#AuthorSignature"><dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"></dsp:Profile></SignatureProperty><SignatureProperty Id="role" Target="#AuthorSignature"><dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-author"></dsp:Role></SignatureProperty><SignatureProperty Id="identifier" Target="#AuthorSignature"><dsp:Identifier></dsp:Identifier></SignatureProperty></SignatureProperties></Object> +</Signature>
\ No newline at end of file diff --git a/tests/vcore/test-cases/widget_partner/config.xml b/tests/vcore/test-cases/widget_partner/config.xml new file mode 100644 index 0000000..82b077b --- /dev/null +++ b/tests/vcore/test-cases/widget_partner/config.xml @@ -0,0 +1,6 @@ +<widget xmlns="http://www.w3.org/ns/widgets" id="Test Widget"> + <name shortname="ShortName">Widget Name OK</name> + <version>1.2.3.4</version> + <description>A short description of widget</description> + <author>Author Name</author> +</widget> diff --git a/tests/vcore/test-cases/widget_partner/index.html b/tests/vcore/test-cases/widget_partner/index.html new file mode 100644 index 0000000..c47b20a --- /dev/null +++ b/tests/vcore/test-cases/widget_partner/index.html @@ -0,0 +1,4 @@ +<!doctype html> +<title>Not tested</title> +<body style="background-color:#666"> +<h1>None</h1> diff --git a/tests/vcore/test-cases/widget_partner/signature1.xml b/tests/vcore/test-cases/widget_partner/signature1.xml new file mode 100644 index 0000000..ac69ee6 --- /dev/null +++ b/tests/vcore/test-cases/widget_partner/signature1.xml @@ -0,0 +1,78 @@ +<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="DistributorSignature"> +<SignedInfo> +<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod> +<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod> +<Reference URI="author-signature.xml"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>Sg4UB6RV0ABPmFxAQm5oTXV1FPim17Z8akk9BUOMlSQ=</DigestValue> +</Reference> +<Reference URI="config.xml"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue> +</Reference> +<Reference URI="index.html"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue> +</Reference> +<Reference URI="#prop"> +<Transforms> +<Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"></Transform> +</Transforms> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>u/jU3U4Zm5ihTMSjKGlGYbWzDfRkGphPPHx3gJIYEJ4=</DigestValue> +</Reference> +</SignedInfo> +<SignatureValue> +QHutakNPUAZyfr5ucoY6YxAwmdSwqJpnBp3r93hFtACG7syvbZ1KZa28u2gwEKZyDALu8Agg4iCX +9on4rp/kdNIo1mDvzBfKpAaGBjj3bn2Au4uNtsWk8Bn/sOrqZ6DyDtpdm6e85uKhms08EKSf4vPw +T4o3+IlLoTy2iF2NNVQ= +</SignatureValue> +<KeyInfo> +<X509Data> +<X509Certificate> +MIICnTCCAgYCCQDE9MbMmJ/yDDANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCS1IxDjAMBgNV +BAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UE +CwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTElMCMGA1UEAwwcVGl6ZW4gUGFydG5lciBEaXN0 +cmlidXRvciBDQTAeFw0xMjEwMjkxMzAwMDVaFw0yMjEwMjcxMzAwMDVaMIGUMQswCQYDVQQGEwJL +UjEOMAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENB +MSIwIAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMSkwJwYDVQQDDCBUaXplbiBQYXJ0 +bmVyIERpc3RyaWJ1dG9yIFNpZ25lcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy9mg2x4B +zxlK3LJL81GsLq/pJfK1evdCKG/IOBpdoRO0rLhYnsL5+KvToPFa5g9GTZo32LikpW1NZ7++3EHE +fnO2IGLUau4kquvhmz1LNg5xBTx7IbucmwLMRGo1BPGdsAQQLyXeQKJ5PCERmVg4MIoiL2zT/JsL +sZ9UPT6GEB8CAwEAATANBgkqhkiG9w0BAQUFAAOBgQBaWn8pMZ5LvtTKSTKMic68czQmk4O28s1U +ScoziPnVPHyFrcp4ZK9yKeqprLhi7diTkAN5awkxN+ImOQpqPFSDMeSPy83EHW6k0C6MBIqcINGI +0tOCpd1AngXUCYDAg32ymKjk62B/5SvuO3uKLuW1E1r5W9mN/0JpSrt9YVmkww== +</X509Certificate> +<X509Certificate> +MIICnTCCAgYCCQDE9MbMmJ/yDDANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCS1IxDjAMBgNV +BAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UE +CwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTElMCMGA1UEAwwcVGl6ZW4gUGFydG5lciBEaXN0 +cmlidXRvciBDQTAeFw0xMjEwMjkxMzAwMDVaFw0yMjEwMjcxMzAwMDVaMIGUMQswCQYDVQQGEwJL +UjEOMAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENB +MSIwIAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMSkwJwYDVQQDDCBUaXplbiBQYXJ0 +bmVyIERpc3RyaWJ1dG9yIFNpZ25lcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy9mg2x4B +zxlK3LJL81GsLq/pJfK1evdCKG/IOBpdoRO0rLhYnsL5+KvToPFa5g9GTZo32LikpW1NZ7++3EHE +fnO2IGLUau4kquvhmz1LNg5xBTx7IbucmwLMRGo1BPGdsAQQLyXeQKJ5PCERmVg4MIoiL2zT/JsL +sZ9UPT6GEB8CAwEAATANBgkqhkiG9w0BAQUFAAOBgQBaWn8pMZ5LvtTKSTKMic68czQmk4O28s1U +ScoziPnVPHyFrcp4ZK9yKeqprLhi7diTkAN5awkxN+ImOQpqPFSDMeSPy83EHW6k0C6MBIqcINGI +0tOCpd1AngXUCYDAg32ymKjk62B/5SvuO3uKLuW1E1r5W9mN/0JpSrt9YVmkww== +</X509Certificate> +<X509Certificate> +MIICtTCCAh6gAwIBAgIJAKORBcIiXygKMA0GCSqGSIb3DQEBBQUAMIGVMQswCQYDVQQGEwJLUjEO +MAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSIw +IAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMSowKAYDVQQDDCFUaXplbiBQYXJ0bmVy +IERpc3RyaWJ1dG9yIFJvb3QgQ0EwHhcNMTIxMDI5MTI1OTMwWhcNMjIxMDI3MTI1OTMwWjCBkDEL +MAkGA1UEBhMCS1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6 +ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTElMCMGA1UEAwwc +VGl6ZW4gUGFydG5lciBEaXN0cmlidXRvciBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA +2ZQrdEowjqxUmB8FX8ej19VKY6jGHKNIRE5wrhBkuZ1b0FLRPiN3/Cl9wMkCnyJui4QhC28g1aBg +w/JnaObcDqW1NgFVH3006+gZvCTDlw1nIEjvZa6P+uWOOi05xPPAE0feKPkO1POnOjnapfkkEVNU +8TXsLbLYBylWT8rxZC8CAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBU +7jw4Ui241uV4ZGfTOcBsAf7+xf8sysRwiHjQxIGBrJdhIHyCbYJz+GiM/s5wzANl9r1ZoCLkYo0m +B+sQBO6OZ8R8RrWGrPtLH1PGD1GgAZhbB5oN9BpwuWR9RiJJeJgf98xE6oeOADOYgD7aMr11PVUy +Xj7q6c4JE3EsWQAe8A== +</X509Certificate> +</X509Data> +</KeyInfo> +<Object Id="prop"><SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"><SignatureProperty Id="profile" Target="#DistributorSignature"><dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"></dsp:Profile></SignatureProperty><SignatureProperty Id="role" Target="#DistributorSignature"><dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"></dsp:Role></SignatureProperty><SignatureProperty Id="identifier" Target="#DistributorSignature"><dsp:Identifier></dsp:Identifier></SignatureProperty></SignatureProperties></Object> +</Signature>
\ No newline at end of file diff --git a/tests/vcore/test-cases/widget_partner_operator/author-signature.xml b/tests/vcore/test-cases/widget_partner_operator/author-signature.xml new file mode 100644 index 0000000..0a61a7d --- /dev/null +++ b/tests/vcore/test-cases/widget_partner_operator/author-signature.xml @@ -0,0 +1,58 @@ +<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="AuthorSignature"> +<SignedInfo> +<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod> +<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod> +<Reference URI="config.xml"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue> +</Reference> +<Reference URI="index.html"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue> +</Reference> +<Reference URI="#prop"> +<Transforms> +<Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"></Transform> +</Transforms> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>lpo8tUDs054eLlBQXiDPVDVKfw30ZZdtkRs1jd7H5K8=</DigestValue> +</Reference> +</SignedInfo> +<SignatureValue> +MU+UfS+N71d+7Q0Bn9TWijjOheSKGQ+uM+//1BAafMwdY/Tq3gCr3nIU7qnojzx3fPWCCmWbz2pV +PGsgZW+cJGCiVkqfBs8TGkY7CeyGadxrE7vNA3geTx/3Ea8pTngqJ8NKvnzcZ4Lerrnp6gJkrvuF +EhSOqLgZMCtRdPA9sqA= +</SignatureValue> +<KeyInfo> +<X509Data> +<X509Certificate> +MIICUjCCAbugAwIBAgIGATyD2GRvMA0GCSqGSIb3DQEBBQUAMIGEMQswCQYDVQQGEwJLUjEOMAwG +A1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSAwHgYD +VQQLDBdUaXplbiBEZXZlbG9wZXIgVGVzdCBDQTEbMBkGA1UEAwwSVGl6ZW4gRGV2ZWxvcGVyIENB +MB4XDTEzMDEyOTAxMDc0MloXDTQwMDYxNjAxMDc0MVowVDELMAkGA1UEBhMCS1IxCzAJBgNVBAcM +AmtyMQswCQYDVQQKDAJrcjELMAkGA1UECwwCa3IxETAPBgkqhkiG9w0BCQEWAmtyMQswCQYDVQQD +DAJrcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAioxXX5wJwnu5Ucv4eMZvlKg0EdOWUtxT +zFpaRDvNfFfpyuacQzL5V2u4hg5FL6ldNDHJC0U+am60bVcmHxZ9YjGQrp6We7SW1jolC9lM9Dq5 +HIhpjCAbC8GHYHVlxX9vfJMgrqH/WF5P/7LHYpMZ/WoR4CBs2qfSdzOJOejaZSMCAwEAATANBgkq +hkiG9w0BAQUFAAOBgQDE8Wk+sSeXMfXtoWCetaRBCCkyTTMJJhTnw2wY4CMIDQfWlz0mDnjmDyc9 +SZzMuut3xwuaG5IVNjKb5kqGRoHm5Mweiv9/Unh3thtPNn3gdLr85u4SHOD7yX9fMM5C+4UCbN/i +okHIvOzFxNo+w6RqoiYuZTN1MLj95HPXx6zijg== +</X509Certificate> +<X509Certificate> +MIICpzCCAhCgAwIBAgIJAKzDjmEF+1OXMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJLUjEO +MAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSUw +IwYDVQQLDBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMSUwIwYDVQQDDBxUaXplbiBUZXN0 +IERldmVsb3BlciBSb290IENBMB4XDTEyMTAyOTEzMDEyMloXDTIyMTAyNzEzMDEyMlowgYQxCzAJ +BgNVBAYTAktSMQ4wDAYDVQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVu +IFRlc3QgQ0ExIDAeBgNVBAsMF1RpemVuIERldmVsb3BlciBUZXN0IENBMRswGQYDVQQDDBJUaXpl +biBEZXZlbG9wZXIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMyG0DSTHBgalQo1seDK +xpCU61gji+QQlxQkPQOvBrmuF6Z90zFCprTtg2sRjTLCNoRd75+VCCHuKGcrD27t7hwAekusPrpz +dsq5QoBMvNjGDM22lC45PJ4d86DEDY4erxeJ5aSQxqbfXK4pKe9NwxdkKuA8dTYZM1UcmhXs7YAL +AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACbr/OPNMJ+Ejrxfm/YjC +iRPpjJLnwXS2IDtitbxot6bEdZkZvOFXOC0Ca4GT+jtvOcSlU7tM3Mdd1MrKe1kkoVd1vhCV8V4C +K3/DPj8aN3rxfMfQitA6XMDcxzhsyMWz56OdifX50dvS/G/ad+kGhNhOOEKSE8zUyEDCGwqkfXk= +</X509Certificate> +</X509Data> +</KeyInfo> +<Object Id="prop"><SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"><SignatureProperty Id="profile" Target="#AuthorSignature"><dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"></dsp:Profile></SignatureProperty><SignatureProperty Id="role" Target="#AuthorSignature"><dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-author"></dsp:Role></SignatureProperty><SignatureProperty Id="identifier" Target="#AuthorSignature"><dsp:Identifier></dsp:Identifier></SignatureProperty></SignatureProperties></Object> +</Signature>
\ No newline at end of file diff --git a/tests/vcore/test-cases/widget_partner_operator/config.xml b/tests/vcore/test-cases/widget_partner_operator/config.xml new file mode 100644 index 0000000..82b077b --- /dev/null +++ b/tests/vcore/test-cases/widget_partner_operator/config.xml @@ -0,0 +1,6 @@ +<widget xmlns="http://www.w3.org/ns/widgets" id="Test Widget"> + <name shortname="ShortName">Widget Name OK</name> + <version>1.2.3.4</version> + <description>A short description of widget</description> + <author>Author Name</author> +</widget> diff --git a/tests/vcore/test-cases/widget_partner_operator/index.html b/tests/vcore/test-cases/widget_partner_operator/index.html new file mode 100644 index 0000000..c47b20a --- /dev/null +++ b/tests/vcore/test-cases/widget_partner_operator/index.html @@ -0,0 +1,4 @@ +<!doctype html> +<title>Not tested</title> +<body style="background-color:#666"> +<h1>None</h1> diff --git a/tests/vcore/test-cases/widget_partner_operator/signature1.xml b/tests/vcore/test-cases/widget_partner_operator/signature1.xml new file mode 100644 index 0000000..5ef9e7c --- /dev/null +++ b/tests/vcore/test-cases/widget_partner_operator/signature1.xml @@ -0,0 +1,80 @@ +<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="DistributorSignature"> +<SignedInfo> +<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod> +<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod> +<Reference URI="author-signature.xml"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>Sg4UB6RV0ABPmFxAQm5oTXV1FPim17Z8akk9BUOMlSQ=</DigestValue> +</Reference> +<Reference URI="config.xml"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>xUKQbov3HL7JD2/zVUKpPEVGc5C6VWDXwxoDHzDs9y0=</DigestValue> +</Reference> +<Reference URI="index.html"> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>cIE41PzyhMnF++EmhJ3Ptnd4ZqXyBlRJgiIqxlutbV8=</DigestValue> +</Reference> +<Reference URI="#prop"> +<Transforms> +<Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"></Transform> +</Transforms> +<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> +<DigestValue>u/jU3U4Zm5ihTMSjKGlGYbWzDfRkGphPPHx3gJIYEJ4=</DigestValue> +</Reference> +</SignedInfo> +<SignatureValue> +nXPBByFXKh6LFF6E6DlA+iUFD96YRPN/F9KTBVEYWoTu3y3GARohZFCziM1miCEaHtRf8nXpLx/L +imFvcvCvA06FGQKk9fegRjv1nz/8nfwsdqBItg0YVrezDPCoCaH7NCEqppQf3OU5Sb1hwzJ57d1V +LYfuzdxIfEJ+oWArHHY= +</SignatureValue> +<KeyInfo> +<X509Data> +<X509Certificate> +MIICrzCCAhgCCQCCu8SOQgWE6TANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCS1IxDjAMBgNV +BAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UE +CwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEuMCwGA1UEAwwlVGl6ZW4gUGFydG5lci1PcGVy +YXRvciBEaXN0cmlidXRvciBDQTAeFw0xMjEyMTMwNTQwMTNaFw0yMjEyMTEwNTQwMTNaMIGdMQsw +CQYDVQQGEwJLUjEOMAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXpl +biBUZXN0IENBMSIwIAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMTIwMAYDVQQDDClU +aXplbiBQYXJ0bmVyLU9wZXJhdG9yIERpc3RyaWJ1dG9yIFNpZ25lcjCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAt9tUhiRCLP5dXe18Z60Qvql1DMa7wVuTDWmhOEifg2dIhV88jwG41Gdv4K6T +Jqx2/AQpiI+QHOFfQ/5vyuivn9VnZyXL9gw+wpdTGbDOLhPqQFYjaLBzNVT/9XnBMare6eDlgMHr +GJ133oxXrF/4CIkb/1LPMIPJ4lOgXg1mnskCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBhXNDMjNiI +HXOg0SjNUPECLAMUf2fV5H9u1AMzU5vqNnTG+fPQ9ag8YKbb1uhHR1/kpcbT6+koT16Szagn+Brn +4AIgO8dLfDV80wRHmcbwhcGqsxDJfIEc7/QdBBfKquyAGJxObcGohn+0lw1+bMLtqGDG54f7sEDB +CNOHxu5Kdg== +</X509Certificate> +<X509Certificate> +MIICrzCCAhgCCQCCu8SOQgWE6TANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCS1IxDjAMBgNV +BAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UE +CwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEuMCwGA1UEAwwlVGl6ZW4gUGFydG5lci1PcGVy +YXRvciBEaXN0cmlidXRvciBDQTAeFw0xMjEyMTMwNTQwMTNaFw0yMjEyMTEwNTQwMTNaMIGdMQsw +CQYDVQQGEwJLUjEOMAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXpl +biBUZXN0IENBMSIwIAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMTIwMAYDVQQDDClU +aXplbiBQYXJ0bmVyLU9wZXJhdG9yIERpc3RyaWJ1dG9yIFNpZ25lcjCBnzANBgkqhkiG9w0BAQEF +AAOBjQAwgYkCgYEAt9tUhiRCLP5dXe18Z60Qvql1DMa7wVuTDWmhOEifg2dIhV88jwG41Gdv4K6T +Jqx2/AQpiI+QHOFfQ/5vyuivn9VnZyXL9gw+wpdTGbDOLhPqQFYjaLBzNVT/9XnBMare6eDlgMHr +GJ133oxXrF/4CIkb/1LPMIPJ4lOgXg1mnskCAwEAATANBgkqhkiG9w0BAQUFAAOBgQBhXNDMjNiI +HXOg0SjNUPECLAMUf2fV5H9u1AMzU5vqNnTG+fPQ9ag8YKbb1uhHR1/kpcbT6+koT16Szagn+Brn +4AIgO8dLfDV80wRHmcbwhcGqsxDJfIEc7/QdBBfKquyAGJxObcGohn+0lw1+bMLtqGDG54f7sEDB +CNOHxu5Kdg== +</X509Certificate> +<X509Certificate> +MIICxzCCAjCgAwIBAgIJAJM6tpnKoa7wMA0GCSqGSIb3DQEBBQUAMIGeMQswCQYDVQQGEwJLUjEO +MAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSIw +IAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMTMwMQYDVQQDDCpUaXplbiBQYXJ0bmVy +LU9wZXJhdG9yIERpc3RyaWJ1dG9yIFJvb3QgQ0EwHhcNMTIxMjEzMDU0MDA1WhcNMjIxMjExMDU0 +MDA1WjCBmTELMAkGA1UEBhMCS1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQG +A1UECgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEu +MCwGA1UEAwwlVGl6ZW4gUGFydG5lci1PcGVyYXRvciBEaXN0cmlidXRvciBDQTCBnzANBgkqhkiG +9w0BAQEFAAOBjQAwgYkCgYEA1QpPynBI3UuTQCUV/J4qemq42WTG6NnjXFyxQtWsUdPqZ77ds/Ob +HIPSwl0Tqg3owmzzBpStfdaF1liokxIRekWu6nO1tC20GOTYtw6YUzgxROXqzyDO8Q1Pzz/ey9Lq +dsaF3rjeesYsWaxLr14jCMsZU021gtFRzf+oLny3oSsCAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOBgQB3qhuwFayfppLL/uhQdYFZTK7kitfmSyPJC/cP3va4gIZn8R4tgaTR +hr2IbczucwKMsu0jorxO6X5iedBOWaWtNBfw1XFZf9bln3kULfwVx9jWvghJzV17yFQu7tuSG0+p +8hfUv8fG4lcP/AYzIKqdGASz/XT6I2LYiavdP4/pFQ== +</X509Certificate> +</X509Data> +</KeyInfo> +<Object Id="prop"><SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"><SignatureProperty Id="profile" Target="#DistributorSignature"><dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"></dsp:Profile></SignatureProperty><SignatureProperty Id="role" Target="#DistributorSignature"><dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"></dsp:Role></SignatureProperty><SignatureProperty Id="identifier" Target="#DistributorSignature"><dsp:Identifier></dsp:Identifier></SignatureProperty></SignatureProperties></Object> +</Signature>
\ No newline at end of file diff --git a/tests/vcore/vcore_tests.cpp b/tests/vcore/vcore_tests.cpp new file mode 100644 index 0000000..1e66c84 --- /dev/null +++ b/tests/vcore/vcore_tests.cpp @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file main.cpp + * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of main + */ +#include <dpl/test/test_runner.h> + +#include <vcore/VCore.h> + +#include <glib-object.h> + +int main (int argc, char *argv[]) +{ + ValidationCore::VCoreInit(); + + ValidationCore::AttachToThreadRW(); + DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv); + ValidationCore::DetachFromThread(); + + ValidationCore::VCoreDeinit(); + + return 0; +} + diff --git a/vcore/CMakeLists.txt b/vcore/CMakeLists.txt index 16356c3..aec6718 100644 --- a/vcore/CMakeLists.txt +++ b/vcore/CMakeLists.txt @@ -1,8 +1,5 @@ #DB vcore -IF(TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL) -PKG_CHECK_MODULES(VCORE_DB_DEP - dpl-efl - REQUIRED) +IF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) ADD_CUSTOM_COMMAND( OUTPUT ${CMAKE_BINARY_DIR}/vcore/src/database_checksum_vcore.h @@ -14,12 +11,10 @@ ADD_CUSTOM_COMMAND( COMMENT "Generating VCORE database checksum" ) -STRING(REPLACE ";" ":" DEPENDENCIES "${VCORE_DB_DEP_INCLUDE_DIRS}") - ADD_CUSTOM_COMMAND( OUTPUT .cert_svc_vcore.db COMMAND rm -f ${CMAKE_CURRENT_BINARY_DIR}/.cert_svc_vcore.db - COMMAND CPATH=${DEPENDENCIES} gcc -Wall -include ${CMAKE_BINARY_DIR}/vcore/src/database_checksum_vcore.h -I${PROJECT_SOURCE_DIR}/vcore/src/orm -E ${PROJECT_SOURCE_DIR}/vcore/src/orm/vcore_db_sql_generator.h | grep --invert-match "^#" > ${CMAKE_CURRENT_BINARY_DIR}/cert_svc_vcore_db.sql - COMMAND sqlite3 ${CMAKE_CURRENT_BINARY_DIR}/.cert_svc_vcore.db ".read ${CMAKE_CURRENT_BINARY_DIR}/cert_svc_vcore_db.sql" || rm -f ${CMAKE_CURRENT_BINARY_DIR}/.cert_svc_vcore.db + COMMAND CPATH=${DEPENDENCIES} gcc -Wall -include ${CMAKE_BINARY_DIR}/vcore/src/database_checksum_vcore.h -I${PROJECT_SOURCE_DIR}/vcore/src/orm -I${PROJECT_SOURCE_DIR}/vcore/src/dpl/db/include -E ${PROJECT_SOURCE_DIR}/vcore/src/orm/vcore_db_sql_generator.h | grep --invert-match "^#" > ${PROJECT_SOURCE_DIR}/etc/cert_svc_vcore_db.sql + COMMAND sqlite3 ${CMAKE_CURRENT_BINARY_DIR}/.cert_svc_vcore.db ".read ${PROJECT_SOURCE_DIR}/etc/cert_svc_vcore_db.sql" || rm -f ${CMAKE_CURRENT_BINARY_DIR}/.cert_svc_vcore.db DEPENDS ${CMAKE_BINARY_DIR}/vcore/src/database_checksum_vcore.h ${PROJECT_SOURCE_DIR}/vcore/src/orm/vcore_db_sql_generator.h ${PROJECT_SOURCE_DIR}/vcore/src/orm/vcore_db ) @@ -30,8 +25,6 @@ ADD_CUSTOM_COMMAND( OUTPUT .cert_svc_vcore.db-journal ADD_CUSTOM_TARGET(Sqlite3DbVCORE ALL DEPENDS .cert_svc_vcore.db .cert_svc_vcore.db-journal) -INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/cert_svc_vcore_db.sql - DESTINATION ${TZ_SYS_SHARE}/cert-svc/ - ) -ENDIF(TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL) +ENDIF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) + ADD_SUBDIRECTORY(src) diff --git a/vcore/src/CMakeLists.txt b/vcore/src/CMakeLists.txt index 0772fc6..c982724 100644 --- a/vcore/src/CMakeLists.txt +++ b/vcore/src/CMakeLists.txt @@ -1,34 +1,44 @@ -INCLUDE(FindPkgConfig) +# compiler warning flags +ADD_DEFINITIONS("-Wall") +ADD_DEFINITIONS("-Wextra") +ADD_DEFINITIONS("-Werror") +IF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) PKG_CHECK_MODULES(VCORE_DEPS - dpl-efl - dpl-db-efl - ecore - appcore-efl + REQUIRED + glib-2.0 libxml-2.0 - libsoup-2.4 - libpcre libpcrecpp openssl xmlsec1 + dlog secure-storage - REQUIRED) + icu-uc + libsoup-2.4 + db-util -IF(TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL) + sqlite3 + vconf + ) +ELSE(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) PKG_CHECK_MODULES(VCORE_DEPS - dpl-db-efl - ) -ENDIF(TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL) - -IF(TIZEN_FEAT_OSP_DISABLE EQUAL 1) -ADD_DEFINITIONS("-DTIZEN_FEATURE_OSP_DISABLE") -ENDIF(TIZEN_FEAT_OSP_DISABLE EQUAL 1) - -SET(LIBCRYPTSVC_DIR - ${PROJECT_SOURCE_DIR}/vcore + REQUIRED + glib-2.0 + libxml-2.0 + libpcrecpp + openssl + xmlsec1 + dlog + secure-storage + icu-uc + libsoup-2.4 + db-util ) +ENDIF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/include) +ADD_DEFINITIONS(${VCORE_DEPS_CFLAGS}) +ADD_DEFINITIONS(${VCORE_DEPS_CFLAGS_OTHER}) +ADD_DEFINITIONS("-DSEPARATED_SINGLETON_IMPLEMENTATION") SET(VCORE_DIR ${PROJECT_SOURCE_DIR}/vcore @@ -38,6 +48,54 @@ SET(VCORE_SRC_DIR ${VCORE_DIR}/src/vcore ) +########### DPL SOURCES ########## +SET(VCORE_DPL_DIR + ${VCORE_DIR}/src/dpl + ) +SET(VCORE_DPL_CORE_SRC_DIR + ${VCORE_DPL_DIR}/core/src + ) +SET(VCORE_DPL_CORE_SOURCES + ${VCORE_DPL_CORE_SRC_DIR}/assert.cpp + ${VCORE_DPL_CORE_SRC_DIR}/binary_queue.cpp + ${VCORE_DPL_CORE_SRC_DIR}/char_traits.cpp + ${VCORE_DPL_CORE_SRC_DIR}/colors.cpp + ${VCORE_DPL_CORE_SRC_DIR}/errno_string.cpp + ${VCORE_DPL_CORE_SRC_DIR}/exception.cpp + ${VCORE_DPL_CORE_SRC_DIR}/file_input.cpp + ${VCORE_DPL_CORE_SRC_DIR}/noncopyable.cpp + ${VCORE_DPL_CORE_SRC_DIR}/singleton.cpp + ${VCORE_DPL_CORE_SRC_DIR}/string.cpp + ${VCORE_DPL_CORE_SRC_DIR}/type_list.cpp + ${VCORE_DPL_CORE_SRC_DIR}/thread.cpp + ${VCORE_DPL_CORE_SRC_DIR}/waitable_event.cpp + ${VCORE_DPL_CORE_SRC_DIR}/waitable_handle.cpp + ${VCORE_DPL_CORE_SRC_DIR}/waitable_handle_watch_support.cpp + ) + +SET(VCORE_DPL_DB_SRC_DIR + ${VCORE_DPL_DIR}/db/src + ) +SET(VCORE_DPL_DB_SOURCES + ${VCORE_DPL_DB_SRC_DIR}/naive_synchronization_object.cpp + ${VCORE_DPL_DB_SRC_DIR}/orm.cpp + ${VCORE_DPL_DB_SRC_DIR}/sql_connection.cpp + ${VCORE_DPL_DB_SRC_DIR}/thread_database_support.cpp + ) + +SET(VCORE_DPL_LOG_SRC_DIR + ${VCORE_DPL_DIR}/log/src + ) +SET(VCORE_DPL_LOG_SOURCES + ${VCORE_DPL_LOG_SRC_DIR}/abstract_log_provider.cpp + ${VCORE_DPL_LOG_SRC_DIR}/old_style_log_provider.cpp + ${VCORE_DPL_LOG_SRC_DIR}/dlog_log_provider.cpp + ${VCORE_DPL_LOG_SRC_DIR}/log.cpp + ) +########### DPL SOURCES ########## + + +########### VCORE SOURCES ######## SET(VCORE_SOURCES ${VCORE_SRC_DIR}/api.cpp ${VCORE_SRC_DIR}/Base64.cpp @@ -52,6 +110,7 @@ SET(VCORE_SOURCES ${VCORE_SRC_DIR}/ReferenceValidator.cpp ${VCORE_SRC_DIR}/RevocationCheckerBase.cpp ${VCORE_SRC_DIR}/SaxReader.cpp + ${VCORE_SRC_DIR}/SignatureData.cpp ${VCORE_SRC_DIR}/SignatureFinder.cpp ${VCORE_SRC_DIR}/SignatureReader.cpp ${VCORE_SRC_DIR}/TimeConversion.cpp @@ -61,141 +120,158 @@ SET(VCORE_SOURCES ${VCORE_SRC_DIR}/WrtSignatureValidator.cpp ${VCORE_SRC_DIR}/SignatureValidator.cpp ${VCORE_SRC_DIR}/XmlsecAdapter.cpp - ${VCORE_SRC_DIR}/pkcs12.c - ) + ${VCORE_SRC_DIR}/pkcs12.cpp + ${VCORE_SRC_DIR}/exception.cpp -IF(TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL) -SET(VCORE_SOURCES - ${VCORE_SRC_DIR}/api.cpp - ${VCORE_SRC_DIR}/Base64.cpp - ${VCORE_SRC_DIR}/Certificate.cpp - ${VCORE_SRC_DIR}/CertificateCollection.cpp - ${VCORE_SRC_DIR}/CertificateConfigReader.cpp - ${VCORE_SRC_DIR}/CertificateLoader.cpp - ${VCORE_SRC_DIR}/CertStoreType.cpp - ${VCORE_SRC_DIR}/Config.cpp - ${VCORE_SRC_DIR}/CryptoHash.cpp - ${VCORE_SRC_DIR}/OCSPCertMgrUtil.cpp - ${VCORE_SRC_DIR}/ReferenceValidator.cpp - ${VCORE_SRC_DIR}/RevocationCheckerBase.cpp - ${VCORE_SRC_DIR}/SaxReader.cpp - ${VCORE_SRC_DIR}/SignatureFinder.cpp - ${VCORE_SRC_DIR}/SignatureReader.cpp - ${VCORE_SRC_DIR}/TimeConversion.cpp - ${VCORE_SRC_DIR}/VerificationStatus.cpp - ${VCORE_SRC_DIR}/ValidatorFactories.cpp - ${VCORE_SRC_DIR}/VCore.cpp - ${VCORE_SRC_DIR}/DUID.cpp - ${VCORE_SRC_DIR}/WrtSignatureValidator.cpp - ${VCORE_SRC_DIR}/SignatureValidator.cpp - ${VCORE_SRC_DIR}/XmlsecAdapter.cpp - ${VCORE_SRC_DIR}/pkcs12.c - ${VCORE_SRC_DIR}/CachedCRL.cpp + ${VCORE_SRC_DIR}/utils.c + ${VCORE_SRC_DIR}/cert-svc-client.c + ) + +SET(VCORE_OCSP_CRL_SOURCES + ${VCORE_SRC_DIR}/CachedCRL.cpp ${VCORE_SRC_DIR}/CachedOCSP.cpp - ${VCORE_SRC_DIR}/CertificateCacheDAO.cpp - ${VCORE_SRC_DIR}/CertificateVerifier.cpp - ${VCORE_SRC_DIR}/CRL.cpp + ${VCORE_SRC_DIR}/CertificateCacheDAO.cpp + ${VCORE_SRC_DIR}/CertificateVerifier.cpp + ${VCORE_SRC_DIR}/CRL.cpp ${VCORE_SRC_DIR}/CRLImpl.cpp ${VCORE_SRC_DIR}/CRLCacheDAO.cpp - ${VCORE_SRC_DIR}/Database.cpp + ${VCORE_SRC_DIR}/Database.cpp ${VCORE_SRC_DIR}/OCSP.cpp ${VCORE_SRC_DIR}/OCSPImpl.cpp - ${VCORE_SRC_DIR}/SoupMessageSendBase.cpp + ${VCORE_SRC_DIR}/SoupMessageSendBase.cpp ${VCORE_SRC_DIR}/SoupMessageSendSync.cpp - ${VCORE_SRC_DIR}/SoupMessageSendAsync.cpp - ${VCORE_SRC_DIR}/OCSPUtil.c + ${VCORE_SRC_DIR}/OCSPUtil.c ) -ENDIF(TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL) -IF(TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL) SET(VCORE_INCLUDES ${VCORE_DEPS_INCLUDE_DIRS} ${VCORE_SRC_DIR} ${VCORE_DIR}/src - ${VCORE_DIR}/src/orm ${VCORE_DIR}/src/legacy - ${CMAKE_BINARY_DIR}/vcore/src ) -ELSE(TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL) -SET(VCORE_INCLUDES - ${VCORE_DEPS_INCLUDE_DIRS} - ${VCORE_SRC_DIR} - ${VCORE_DIR}/src - ${VCORE_DIR}/src/legacy - ${CMAKE_BINARY_DIR}/vcore/src + +SET(VCORE_INCLUDES_OCSP_CRL + ${VCORE_DIR}/src/orm ) -ENDIF(TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL) +########### VCORE SOURCES ######## -ADD_DEFINITIONS(${VCORE_DEPS_CFLAGS}) -ADD_DEFINITIONS(${VCORE_DEPS_CFLAGS_OTHER}) -ADD_DEFINITIONS("-DSEPARATED_SINGLETON_IMPLEMENTATION") -ADD_DEFINITIONS("-DDPL_LOGS_ENABLED") -ADD_DEFINITIONS("-DCERT_SVC_LOG") -IF(TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL) -ADD_DEFINITIONS("-DTIZENUCT_FEATURE_CERT_SVC_OCSP_CRL") -ENDIF(TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL) - -INCLUDE_DIRECTORIES(${VCORE_INCLUDES}) - -# cert-svc headers -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/include) - -ADD_LIBRARY(${TARGET_VCORE_LIB} SHARED ${VCORE_SOURCES}) -SET_TARGET_PROPERTIES(${TARGET_VCORE_LIB} PROPERTIES - SOVERSION ${SO_VERSION} - VERSION ${VERSION}) -IF(TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL) +IF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) +SET(VCORE_ALL_SOURCES + ${VCORE_SOURCES} + ${VCORE_DPL_CORE_SOURCES} + ${VCORE_DPL_DB_SOURCES} + ${VCORE_DPL_LOG_SOURCES} + ${VCORE_OCSP_CRL_SOURCES} + ) +SET(VCORE_ALL_INCLUDES + ${PROJECT_SOURCE_DIR}/include + ${VCORE_INCLUDES} + ${VCORE_DPL_DIR}/core/include + ${VCORE_DPL_DIR}/db/include + ${VCORE_DPL_DIR}/log/include + ${VCORE_INCLUDES_OCSP_CRL} + ) +ELSE(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) +SET(VCORE_ALL_SOURCES + ${VCORE_SOURCES} + ${VCORE_DPL_CORE_SOURCES} + ${VCORE_DPL_LOG_SOURCES} + ) +SET(VCORE_ALL_INCLUDES + ${PROJECT_SOURCE_DIR}/include + ${VCORE_INCLUDES} + ${VCORE_DPL_DIR}/core/include + ${VCORE_DPL_DIR}/log/include + ) +ENDIF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) + +INCLUDE_DIRECTORIES(SYSTEM ${VCORE_ALL_INCLUDES}) + +ADD_LIBRARY(${TARGET_VCORE_LIB} SHARED ${VCORE_ALL_SOURCES}) + +# TODO: visibility needed to be hidden +SET_TARGET_PROPERTIES(${TARGET_VCORE_LIB} + PROPERTIES + COMPILE_FLAGS "-D_GNU_SOURCE -fPIC -fvisibility=default" + SOVERSION ${SO_VERSION} + VERSION ${VERSION}) + +IF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) ADD_DEPENDENCIES(${TARGET_VCORE_LIB} Sqlite3DbWTF) -ENDIF(TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL) +ENDIF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) -IF(TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL) -TARGET_LINK_LIBRARIES(${TARGET_VCORE_LIB} - ${VCORE_DEPS_LIBRARIES} - ${TARGET_CERT_SVC_LIB} - dpl-db-efl - ) -ELSE(TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL) TARGET_LINK_LIBRARIES(${TARGET_VCORE_LIB} ${VCORE_DEPS_LIBRARIES} ${TARGET_CERT_SVC_LIB} - ) -ENDIF(TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL) + ) + +########## cert-server ############# +PKG_CHECK_MODULES(CERT_SERVER_DEP + REQUIRED + dlog + sqlite3 + db-util + libsystemd-daemon + key-manager + ) + +SET(CERT_SERVER_DIR + ${PROJECT_SOURCE_DIR}/vcore/src/server + ) + +SET(CERT_SERVER_SRCS + ${CERT_SERVER_DIR}/src/cert-server-main.c + ${CERT_SERVER_DIR}/src/cert-server-logic.c + ) + +INCLUDE_DIRECTORIES( + SYSTEM + ${CERT_SERVER_DEP_INCLUDE_DIRS} + ${PROJECT_SOURCE_DIR}/include + ${VCORE_DIR}/src + ${CERT_SERVER_DIR}/include + ) + +SET_SOURCE_FILES_PROPERTIES( + ${CERT_SERVER_SRCS} + PROPERTIES + COMPILE_FLAGS "-D_GNU_SOURCE -fvisibility=hidden -fPIE" + ) + +ADD_EXECUTABLE(${TARGET_CERT_SERVER} ${CERT_SERVER_SRCS}) + +TARGET_LINK_LIBRARIES(${TARGET_CERT_SERVER} + ${CERT_SERVER_DEP_LIBRARIES} + -pie + ) + +INSTALL(TARGETS ${TARGET_CERT_SERVER} DESTINATION ${BINDIR}) + +######################################################## INSTALL(TARGETS ${TARGET_VCORE_LIB} - DESTINATION ${LIB_INSTALL_DIR} + DESTINATION ${LIBDIR} ) INSTALL(FILES - ${VCORE_SRC_DIR}/Base64.h - ${VCORE_SRC_DIR}/Certificate.h + ${VCORE_SRC_DIR}/VCore.h + ${VCORE_SRC_DIR}/WrtSignatureValidator.h + ${VCORE_SRC_DIR}/SignatureValidator.h + ${VCORE_SRC_DIR}/SignatureFinder.h + ${VCORE_SRC_DIR}/SignatureReader.h ${VCORE_SRC_DIR}/CertificateCollection.h - ${VCORE_SRC_DIR}/CertStoreType.h ${VCORE_SRC_DIR}/CryptoHash.h - ${VCORE_SRC_DIR}/IAbstractResponseCache.h + ${VCORE_SRC_DIR}/Base64.h + ${VCORE_SRC_DIR}/ParserSchema.h - ${VCORE_SRC_DIR}/ReferenceValidator.h ${VCORE_SRC_DIR}/SaxReader.h + + ${VCORE_SRC_DIR}/Certificate.h ${VCORE_SRC_DIR}/SignatureData.h - ${VCORE_SRC_DIR}/SignatureFinder.h - ${VCORE_SRC_DIR}/SignatureReader.h - ${VCORE_SRC_DIR}/WrtSignatureValidator.h - ${VCORE_SRC_DIR}/SignatureValidator.h - ${VCORE_SRC_DIR}/VerificationStatus.h - ${VCORE_SRC_DIR}/VCore.h + ${VCORE_SRC_DIR}/CertStoreType.h + ${VCORE_SRC_DIR}/exception.h DESTINATION ${INCLUDEDIR}/cert-svc/vcore ) -IF(TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL) -INSTALL(FILES - ${VCORE_SRC_DIR}/CachedCRL.h - ${VCORE_SRC_DIR}/CachedOCSP.h - ${VCORE_SRC_DIR}/CRL.h - ${VCORE_SRC_DIR}/CRLCacheInterface.h - ${VCORE_SRC_DIR}/OCSP.h - ${VCORE_SRC_DIR}/OCSPCertMgrUtil.h - DESTINATION ${INCLUDEDIR}/cert-svc/vcore - ) -ENDIF(TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL) - INSTALL(FILES ${VCORE_DIR}/src/cert-svc/ccert.h ${VCORE_DIR}/src/cert-svc/cinstance.h @@ -206,12 +282,22 @@ INSTALL(FILES DESTINATION ${INCLUDEDIR}/cert-svc/cert-svc ) -IF(TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL) +IF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) INSTALL(FILES - ${VCORE_DIR}/src/cert-svc/ccrl.h - ${VCORE_DIR}/src/cert-svc/cocsp.h - DESTINATION ${INCLUDEDIR}/cert-svc/cert-svc - ) -ENDIF(TIZEN_FEAT_PROFILE_CERT_SVC_OCSP_CRL) + ${VCORE_SRC_DIR}/IAbstractResponseCache.h + ${VCORE_SRC_DIR}/VerificationStatus.h + ${VCORE_SRC_DIR}/CachedCRL.h + ${VCORE_SRC_DIR}/CachedOCSP.h + ${VCORE_SRC_DIR}/CRL.h + ${VCORE_SRC_DIR}/CRLCacheInterface.h + ${VCORE_SRC_DIR}/OCSP.h + ${VCORE_SRC_DIR}/OCSPCertMgrUtil.h + DESTINATION ${INCLUDEDIR}/cert-svc/vcore + ) -#FILE(MAKE_DIRECTORY %{TZ_SYS_SHARE}/cert-svc/pkcs12) +INSTALL(FILES + ${VCORE_DIR}/src/cert-svc/ccrl.h + ${VCORE_DIR}/src/cert-svc/cocsp.h + DESTINATION ${INCLUDEDIR}/cert-svc/cert-svc + ) +ENDIF(DEFINED TIZEN_FEAT_CERTSVC_OCSP_CRL) diff --git a/vcore/src/cert-svc/ccert.h b/vcore/src/cert-svc/ccert.h index d26837e..798d520 100644 --- a/vcore/src/cert-svc/ccert.h +++ b/vcore/src/cert-svc/ccert.h @@ -1,5 +1,5 @@ /** - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -41,6 +41,38 @@ typedef struct CertSvcCertificateList_t { CertSvcInstance privateInstance; } CertSvcCertificateList; +#define MAX_STORE_ENUMS 5 +typedef enum certImportType_t { + NONE_STORE = 0, + VPN_STORE = 1 << 0, + WIFI_STORE = 1 << 1, + EMAIL_STORE = 1 << 2, + SYSTEM_STORE = 1 << 3, + ALL_STORE = VPN_STORE | WIFI_STORE | EMAIL_STORE | SYSTEM_STORE +} CertStoreType; + +typedef struct CertSvcStoreCertList_t{ + char* gname; // keyfile group name + char* title; // common Name / Alias provided by the user + int status; // enabled / disabled + CertStoreType storeType; // Holds the storetype information + struct CertSvcStoreCertList_t *next; +}CertSvcStoreCertList; + +typedef enum certType_t { + PEM_CRT = 1 << 0, + P12_END_USER = 1 << 1, + P12_INTERMEDIATE = 1 << 2, + P12_TRUSTED = 1 << 3, + P12_PKEY = 1 << 4, + INVALID_DATA = 1 << 5, +} CertType; + +typedef enum certStatus_t { + DISABLED = 0, + ENABLED = 1, +} CertStatus; + typedef enum CertSvcCertificateForm_t { /* CERTSVC_FORM_PEM, */ CERTSVC_FORM_DER, @@ -79,6 +111,20 @@ typedef enum CertSvcVisibility_t { } CertSvcVisibility; /** + * This function will return certificate for the unique name identifier passed (gname). + * + * @param[in] instance CertSvcInstance object. + * @param[in] storeType Refers to the store (WIFI_STORE, VPN_STORE, EMAIL_STORE, SSL_STORE). + * @oaran[in] gname Refers to the unique name identifier associated for the certificate. + * @param[out] certificate Certificate for the gname passed. + * @return CERTSVC_SUCCESS, CERTSVC_BAD_ALLOC, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT + */ +int certsvc_get_certificate(CertSvcInstance instance, + CertStoreType storeType, + char *gname, + CertSvcCertificate *certificate); + +/** * Read certificate from file. Certificate must be in PEM/CER/DER format. * * @param[in] instance CertSvcInstance object. @@ -365,6 +411,7 @@ int certsvc_certificate_verify_with_caflag( */ int certsvc_certificate_get_visibility(CertSvcCertificate certificate, int* visibility); + #ifdef __cplusplus } #endif diff --git a/vcore/src/cert-svc/cerror.h b/vcore/src/cert-svc/cerror.h index 0566152..b850b3c 100644 --- a/vcore/src/cert-svc/cerror.h +++ b/vcore/src/cert-svc/cerror.h @@ -1,5 +1,5 @@ /** - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -27,19 +27,21 @@ extern "C" { #endif -#define CERTSVC_TRUE (1) -#define CERTSVC_FALSE (0) +#define CERTSVC_TRUE (1) +#define CERTSVC_FALSE (0) -#define CERTSVC_SUCCESS (1) -#define CERTSVC_FAIL (0) /* Openssl internal error. */ -#define CERTSVC_BAD_ALLOC (-2) /* Memmory allcation error. */ -//#define CERTSVC_FILE_NOT_FOUND (-3) /* Certificate file does not exists. */ -#define CERTSVC_WRONG_ARGUMENT (-4) /* Function argumnet is wrong. */ -#define CERTSVC_INVALID_ALGORITHM (-5) /* Algorithm is not supported. */ -#define CERTSVC_INVALID_SIGNATURE (-6) /* Signature and message does not match. */ -#define CERTSVC_IO_ERROR (-7) /* Certificate file IO error. */ -#define CERTSVC_INVALID_PASSWORD (-8) /* Certificate container password mismatch. */ -#define CERTSVC_DUPLICATED_ALIAS (-9) /* User-provided alias is aleady taken. */ +#define CERTSVC_SUCCESS (1) +#define CERTSVC_FAIL (0) /* Openssl internal error. */ +#define CERTSVC_BAD_ALLOC (-2) /* Memmory allcation error. */ +#define CERTSVC_WRONG_ARGUMENT (-4) /* Function argumnet is wrong. */ +#define CERTSVC_INVALID_ALGORITHM (-5) /* Algorithm is not supported. */ +#define CERTSVC_INVALID_SIGNATURE (-6) /* Signature and message does not match. */ +#define CERTSVC_IO_ERROR (-7) /* Certificate file IO error. */ +#define CERTSVC_INVALID_PASSWORD (-8) /* Certificate container password mismatch. */ +#define CERTSVC_DUPLICATED_ALIAS (-9) /* User-provided alias is aleady taken. */ +#define CERTSVC_ALIAS_DOES_NOT_EXIST (-10) /* Alias no exist in store. */ +#define CERTSVC_INVALID_STORE_TYPE (-11) /* User-provided invalid import type for storing in system/email/wifi/vpn store. */ +#define CERTSVC_INVALID_STATUS (-12) /* User-provided invalid status while stetting the status for the store system/email/wifi/vpn store. */ #ifdef __cplusplus } diff --git a/vcore/src/cert-svc/cpkcs12.h b/vcore/src/cert-svc/cpkcs12.h index 328afd9..d779fa2 100644 --- a/vcore/src/cert-svc/cpkcs12.h +++ b/vcore/src/cert-svc/cpkcs12.h @@ -1,5 +1,5 @@ /** - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -48,7 +48,7 @@ int certsvc_pkcs12_alias_exists(CertSvcInstance instance, * @param[in] instance CertSvcInstance object. * @param[in] path Path to container file. * @param[in] password Container password (can be empty or NULL). - * @param[in] alias Logical name for certificate bundle idenification (can't be empty). + * @param[in] alias Logical name for certificate bundle identification (can't be empty). * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_INVALID_PASSWORD, CERTSVC_WRONG_ARGUMENT, CERTSVC_DUPLICATED_ALIAS */ int certsvc_pkcs12_import_from_file(CertSvcInstance instance, @@ -126,6 +126,215 @@ void certsvc_pkcs12_private_key_free(char *buffer); int certsvc_pkcs12_delete(CertSvcInstance instance, CertSvcString alias); +/** + * This function will load to memory private file content. This functin will + * not parse it in any way. + * This memory must be freed by certsvc_private_key_free. + * + * @param[in] instance CertSvcInstance object. + * @param[in] storeType Refers to VPN_STORE / WIFI_STORE / EMAIL_STORE / SYSTEM_STORE / ALL_STORE. + * @param[in] gname Container bundle identifier. + * @param[out] certBuffer Poiner to newly-allocated memory with private key data. + * @param[out] certsize Size of the newly-allocated buffer. Zero means there is no key. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT + */ +int certsvc_pkcs12_private_key_dup_from_store(CertSvcInstance instance, + CertStoreType storeType, + CertSvcString gname, + char **certBuffer, + size_t *certsize); + +/** + * This function will set the status for the specified certificate in a particular + * store to enabled / disabled. + * + * @param[in] instance CertSvcInstance object. + * @param[in] storeType Refers to VPN_STORE / WIFI_STORE / EMAIL_STORE / SYSTEM_STORE / ALL_STORE. + * @param[in] is_root_app Set to ENABLED/DISABLED. Should be ENABLED if master application is changing the status, else DISABLED for other applications. + * @param[in] gname Referred as group name, is the key for accessing the certificate. + * @param[in] status Allows to set the status of the certificate to enabled / disabled. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT, CERTSVC_INVALID_STORE_TYPE + */ +int certsvc_pkcs12_set_certificate_status_to_store(CertSvcInstance instance, + CertStoreType storeType, + int is_root_app, + CertSvcString gname, + CertStatus status); + +/** + * This function will get the status for the specified certificate in a particular + * store. + * + * @param[in] instance CertSvcInstance object. + * @param[in] storeType Refers to VPN_STORE / WIFI_STORE / EMAIL_STORE / SYSTEM_STORE / ALL_STORE. + * @param[in] gname Referred as group name, is the key for accessing the certificate. + * @param[out] status refers to weather the certificate is enabled/disabled. + * @return Disable=0, Enable=1, Fail=-1 + */ +int certsvc_pkcs12_get_certificate_status_from_store(CertSvcInstance instance, + CertStoreType storeType, + CertSvcString gname, + int *status); + +/** + * This function will get the Alias name, Path to certificate, Certificate status of all + * the certificates present in the specified certificate store. + * + * @param[in] instance CertSvcInstance object. + * @param[in] storeType Refers to VPN_STORE / WIFI_STORE / EMAIL_STORE / SYSTEM_STORE / ALL_STORE. + * @param[out] certList Linked-list having all the information about each certificate present in a store. + * @param[out] length Provides the length of the linked list. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT, CERTSVC_INVALID_STORE_TYPE + */ +int certsvc_pkcs12_get_certificate_list_from_store(CertSvcInstance instance, + CertStoreType storeType, + int is_root_app, + CertSvcStoreCertList** certList, + int* length); + +/** + * This function will get the Alias name, Path to certificate, Certificate status of all + * the end user certificates present in the specified certificate store. + * + * @param[in] instance CertSvcInstance object. + * @param[in] storeType Refers to VPN_STORE / WIFI_STORE / EMAIL_STORE / SYSTEM_STORE / ALL_STORE. + * @param[out] certList Linked-list having all the information about each certificate present in a store. + * @param[out] length Provides the length of the linked list. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT, CERTSVC_INVALID_STORE_TYPE + */ +int certsvc_pkcs12_get_end_user_certificate_list_from_store(CertSvcInstance instance, + CertStoreType storeType, + CertSvcStoreCertList** certList, + int* length); + +/** + * This function will get the Alias name, Path to certificate, Certificate status of all + * the root/trusted certificates present in the specified certificate store. + * + * @param[in] instance CertSvcInstance object. + * @param[in] storeType Refers to VPN_STORE / WIFI_STORE / EMAIL_STORE / SYSTEM_STORE / ALL_STORE. + * @param[out] certList Linked-list having all the information about each certificate present in a store. + * @param[out] length Provides the length of the linked list. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT, CERTSVC_INVALID_STORE_TYPE + */ +int certsvc_pkcs12_get_root_certificate_list_from_store(CertSvcInstance instance, + CertStoreType storeType, + CertSvcStoreCertList** certList, + int* length); + +/** + * This function will free all the linked list of data structure holding the information about + * all the certificates present in a store which was previously by calling the + * certsvc_get_certificate_list_from_store() function. + * + * @param[in] instance CertSvcInstance object. + * @param[in] certList The structure which need to be freed. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT, CERTSVC_INVALID_STORE_TYPE + */ +int certsvc_pkcs12_free_certificate_list_loaded_from_store(CertSvcInstance instance, + CertSvcStoreCertList** certList); + +/** + * This function will provide the certificate back for the gname provided. + * + * @param[in] instance CertSvcInstance object. + * @param[in] storeType Refers to VPN_STORE / WIFI_STORE / EMAIL_STORE / SYSTEM_STORE / ALL_STORE. + * @param[in[ gname Referred as group name, is the key for accessing the certificate. + * @param[out] certificate Certificate holding the information. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_BAD_ALLOC + */ +int certsvc_pkcs12_get_certificate_from_store(CertSvcInstance instance, + CertStoreType storeType, + char *gname, + CertSvcCertificate *certificate); + +/** + * This function will give back the the encoded certificate buffer for the matching + * alias present in the specified store. + * + * @param[in] instance CertSvcInstance object. + * @param[in] storeType Refers to VPN_STORE / WIFI_STORE / EMAIL_STORE / SYSTEM_STORE / ALL_STORE. + * @param[in] gname Referred as group name, is the key for accessing the certificate. + * @param[out] certBuffer Buffer containing the encoded certificate. + * @param[out] certSize Size of the buffer. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT, CERTSVC_INVALID_STORE_TYPE + */ +int certsvc_pkcs12_get_certificate_info_from_store(CertSvcInstance instance, + CertStoreType storeType, + CertSvcString gname, + char** certBuffer, + size_t* certSize); + +/** + * This function will import a .pfx/.p12 file to specified store (WIFI, VPN, EMAIL). + * + * @param[in] instance CertSvcInstance object. + * @param[in] storeType Refers to VPN_STORE / WIFI_STORE / EMAIL_STORE / SYSTEM_STORE / ALL_STORE. + * @param[in] path Path of the certificate which needs to be imported. + * @param[in] password Password to open the pfx/p12 file. + * @param[in] alias Logical name for certificate bundle identification (can't be empty). + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT, CERTSVC_INVALID_STORE_TYPE + */ +int certsvc_pkcs12_import_from_file_to_store(CertSvcInstance instance, + CertStoreType storeType, + CertSvcString path, + CertSvcString password, + CertSvcString alias); + +/** + * This function will delete the certificate from the path specified present in the specified store. + * + * @param[in] instance CertSvcInstance object. + * @param[in] storeType Refers to VPN_STORE / WIFI_STORE / EMAIL_STORE / SYSTEM_STORE / ALL_STORE. + * @param[in] gname Referred as group name, is the key for accessing the certificate. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT, CERTSVC_INVALID_STORE_TYPE + */ +int certsvc_pkcs12_delete_certificate_from_store(CertSvcInstance instance, + CertStoreType storeType, + CertSvcString gname); + +/** + * Query PKCS#12 storage to find out whenever new alias proposal is unique. + * + * @param[in] instance CertSvcInstance object. + * @param[in] storeType Refers to VPN_STORE / WIFI_STORE / EMAIL_STORE / SYSTEM_STORE / ALL_STORE. + * @param[in] proposal Desired alias name. + * @param[out] is_unique CERTSVC_TRUE (if there isn't such alias already) or CERTSVC_FALSE. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT + */ +int certsvc_pkcs12_check_alias_exists_in_store(CertSvcInstance instance, + CertStoreType storeType, + CertSvcString alias, + int *is_unique); + +/** + * Get a list of certificates from PKCS#12 bundle. You may free this list by: + * certsvc_certificate_list_free. You may free certificates from list with: + * certsvc_certificate_free. + * + * @param[in] instance CertSvcInstance object. + * @param[in] pfxIdString Identification of pfx/pkcs file. + * @param[out] certificateList List of certificates. + * @return CERTSVC_SUCCESS, CERTSVC_BAD_ALLOC, CERTSVC_FAIL, CERTSVC_IO_ERROR + */ +int certsvc_pkcs12_load_certificate_list_from_store(CertSvcInstance instance, + CertStoreType storeType, + CertSvcString pfxIdString, + CertSvcCertificateList *certificateList); + +/** + * Gets the alias name for the gname passed. + * + * @param[in] instance CertSvcInstance object. + * @param[in] gname Certificate identification of pfx/pkcs file. + * @param[out] alias Alias name for the given gname. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT + */ +int certsvc_pkcs12_get_alias_name_for_certificate_in_store(CertSvcInstance instance, + CertStoreType storeType, + CertSvcString gname, + char **alias); + #ifdef __cplusplus } #endif diff --git a/vcore/src/cert-svc/cprimitives.h b/vcore/src/cert-svc/cprimitives.h index da6fae6..d53b961 100644 --- a/vcore/src/cert-svc/cprimitives.h +++ b/vcore/src/cert-svc/cprimitives.h @@ -65,6 +65,22 @@ int certsvc_pkcs12_dup_evp_pkey(CertSvcInstance instance, CertSvcString alias, EVP_PKEY** pkey); +/** + * This will return pointer to EVP_PKEY base openssl struct. This struct must + * be release with function certsvc_pkcs12_free_evp_pkey + * + * @param[in] instance + * @param[in] storeType Refers to VPN_STORE / WIFI_STORE / EMAIL_STORE / SYSTEM_STORE / ALL_STORE. + * @param[in] gname Pkcs12 identificator. + * @param[out] pkey Duplicate of private key. + * @return CERTSVC_SUCCESS, CERT_FAIL + */ + +int certsvc_pkcs12_dup_evp_pkey_from_store(CertSvcInstance instance, + CertStoreType storeType, + CertSvcString gname, + EVP_PKEY** pkey); + void certsvc_pkcs12_free_evp_pkey(EVP_PKEY* pkey); #ifdef __cplusplus diff --git a/vcore/src/dpl/core/include/dpl/abstract_input.h b/vcore/src/dpl/core/include/dpl/abstract_input.h new file mode 100644 index 0000000..08a2733 --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/abstract_input.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file abstract_input.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the header file of abstract input + */ +#ifndef DPL_ABSTRACT_INPUT_H +#define DPL_ABSTRACT_INPUT_H + +#include <dpl/exception.h> +#include <memory> + +namespace VcoreDPL { +class BinaryQueue; +typedef std::auto_ptr<BinaryQueue> BinaryQueueAutoPtr; + +class AbstractInput +{ + public: + class Exception + { + public: + DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, ReadFailed) + }; + + public: + virtual ~AbstractInput() {} + + /** + * Read binary data from input + * If no data is available method returns NULL buffer. + * In case connection was successfuly close, method returns empty buffer + * + * @param[in] size Maximum number of bytes to read from input + * @return Buffer containing read bytes + * @throw ReadFailed + */ + virtual BinaryQueueAutoPtr Read(size_t size) = 0; +}; +} // namespace VcoreDPL + +#endif // DPL_ABSTRACT_INPUT_H diff --git a/vcore/src/dpl/core/include/dpl/abstract_input_output.h b/vcore/src/dpl/core/include/dpl/abstract_input_output.h new file mode 100644 index 0000000..9d1f17c --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/abstract_input_output.h @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file abstract_output.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the header file of abstract output + */ +#ifndef DPL_ABSTRACT_INPUT_OUTPUT_H +#define DPL_ABSTRACT_INPUT_OUTPUT_H + +#include <dpl/abstract_input.h> +#include <dpl/abstract_output.h> + +namespace VcoreDPL { +class AbstractInputOutput : + public AbstractInput, + public AbstractOutput +{ + public: + virtual ~AbstractInputOutput() {} +}; +} // namespace VcoreDPL + +#endif // DPL_ABSTRACT_INPUT_OUTPUT_H diff --git a/vcore/src/dpl/core/include/dpl/abstract_output.h b/vcore/src/dpl/core/include/dpl/abstract_output.h new file mode 100644 index 0000000..6b414eb --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/abstract_output.h @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file abstract_output.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the header file of abstract output + */ +#ifndef DPL_ABSTRACT_OUTPUT_H +#define DPL_ABSTRACT_OUTPUT_H + +#include <dpl/exception.h> +#include <memory> + +namespace VcoreDPL { +class BinaryQueue; +typedef std::auto_ptr<BinaryQueue> BinaryQueueAutoPtr; + +class AbstractOutput +{ + public: + class Exception + { + public: + DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, WriteFailed) + }; + + public: + virtual ~AbstractOutput() {} + + /** + * Write binary data to output + * If output is blocked, Write returns zero, if instance is a type of + * WaitableAbstractOutput one can wait for writability then + * + * @param[in] buffer Input buffer with data to be written + * @param[in] bufferSize Maximum number of bytes to write from buffer + * @return Number of bytes success successfuly written or zero if output is + * blocked + * @throw WriteFailed + */ + virtual size_t Write(const BinaryQueue &buffer, size_t bufferSize) = 0; +}; +} // namespace VcoreDPL + +#endif // DPL_ABSTRACT_OUTPUT_H diff --git a/vcore/src/dpl/core/include/dpl/abstract_waitable_input.h b/vcore/src/dpl/core/include/dpl/abstract_waitable_input.h new file mode 100644 index 0000000..6447690 --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/abstract_waitable_input.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file abstract_waitable_input.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the header file of abstract waitable input + */ +#ifndef DPL_ABSTRACT_WAITABLE_INPUT_H +#define DPL_ABSTRACT_WAITABLE_INPUT_H + +#include <dpl/waitable_handle.h> +#include <dpl/abstract_input.h> + +namespace VcoreDPL { +class AbstractWaitableInput : + public AbstractInput +{ + public: + virtual ~AbstractWaitableInput() {} + + virtual WaitableHandle WaitableReadHandle() const = 0; +}; +} // namespace VcoreDPL + +#endif // DPL_ABSTRACT_WAITABLE_INPUT_H diff --git a/vcore/src/dpl/core/include/dpl/assert.h b/vcore/src/dpl/core/include/dpl/assert.h new file mode 100644 index 0000000..b2cb426 --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/assert.h @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file assert.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of assert + */ +#ifndef DPL_ASSERT_H +#define DPL_ASSERT_H + +namespace VcoreDPL { +// Assertion handler procedure +// Do not call directly +// Always use Assert macro +void AssertProc(const char *condition, + const char *file, + int line, + const char *function) __attribute__ ((__noreturn__)); +} // namespace VcoreDPL + +#define Assert(Condition) \ +do { \ + if (!(Condition)) { \ + VcoreDPL::AssertProc(#Condition, __FILE__, __LINE__, __FUNCTION__); \ + } \ +} while (0) + +#define AssertMsg(Condition, Msg) \ + do { \ + if (!(Condition)) { \ + VcoreDPL::AssertProc( \ + (std::string(std::string(#Condition)+" ") + Msg).c_str(), \ + __FILE__, __LINE__, __FUNCTION__); \ + } \ + } while (0) + +#endif // DPL_ASSERT_H diff --git a/vcore/src/dpl/core/include/dpl/availability.h b/vcore/src/dpl/core/include/dpl/availability.h new file mode 100644 index 0000000..0813892 --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/availability.h @@ -0,0 +1,30 @@ +/* + * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file availability.h + * @author Jihoon Chung (jihoon.chung@samsung.com) + * @version 1.0 + */ +#ifndef DPL_AVAILABILITY_H +#define DPL_AVAILABILITY_H + +#define DPL_DEPRECATED __attribute__((deprecated)) +#define DPL_DEPRECATED_WITH_MESSAGE(msg) __attribute__((deprecated(msg))) + +#define DPL_UNUSED __attribute__((unused)) +#define DPL_UNUSED_PARAM(variable) (void)variable + +#endif // DPL_AVAILABILITY_H diff --git a/vcore/src/dpl/core/include/dpl/binary_queue.h b/vcore/src/dpl/core/include/dpl/binary_queue.h new file mode 100644 index 0000000..92d4e3f --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/binary_queue.h @@ -0,0 +1,296 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file binary_queue.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the header file of binary queue + */ +#ifndef DPL_BINARY_QUEUE_H +#define DPL_BINARY_QUEUE_H + +#include <dpl/abstract_input_output.h> +#include <dpl/exception.h> +#include <dpl/noncopyable.h> +#include <memory> +#include <list> + +namespace VcoreDPL { +/** + * Binary stream implemented as constant size bucket list + * + * @todo Add optimized implementation for FlattenConsume + */ +class BinaryQueue : + public AbstractInputOutput +{ + public: + class Exception + { + public: + DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, OutOfData) + }; + + typedef void (*BufferDeleter)(const void *buffer, size_t bufferSize, + void *userParam); + static void BufferDeleterFree(const void *buffer, + size_t bufferSize, + void *userParam); + + class BucketVisitor + { + public: + /** + * Destructor + */ + virtual ~BucketVisitor(); + + /** + * Visit bucket + * + * @return none + * @param[in] buffer Constant pointer to bucket data buffer + * @param[in] bufferSize Number of bytes in bucket + */ + virtual void OnVisitBucket(const void *buffer, size_t bufferSize) = 0; + }; + + private: + struct Bucket : + private Noncopyable + { + const void *buffer; + const void *ptr; + size_t size; + size_t left; + + BufferDeleter deleter; + void *param; + + Bucket(const void *buffer, + size_t bufferSize, + BufferDeleter deleter, + void *userParam); + virtual ~Bucket(); + }; + + typedef std::list<Bucket *> BucketList; + BucketList m_buckets; + size_t m_size; + + static void DeleteBucket(Bucket *bucket); + + class BucketVisitorCall + { + private: + BucketVisitor *m_visitor; + + public: + BucketVisitorCall(BucketVisitor *visitor); + virtual ~BucketVisitorCall(); + + void operator()(Bucket *bucket) const; + }; + + public: + /** + * Construct empty binary queue + */ + BinaryQueue(); + + /** + * Construct binary queue via bare copy of other binary queue + * + * @param[in] other Other binary queue to copy from + * @warning One cannot assume that bucket structure is preserved during copy + */ + BinaryQueue(const BinaryQueue &other); + + /** + * Destructor + */ + virtual ~BinaryQueue(); + + /** + * Construct binary queue via bare copy of other binary queue + * + * @param[in] other Other binary queue to copy from + * @warning One cannot assume that bucket structure is preserved during copy + */ + BinaryQueue &operator=(const BinaryQueue &other); + + /** + * Append copy of @a bufferSize bytes from memory pointed by @a buffer + * to the end of binary queue. Uses default deleter based on free. + * + * @return none + * @param[in] buffer Pointer to buffer to copy data from + * @param[in] bufferSize Number of bytes to copy + * @exception std::bad_alloc Cannot allocate memory to hold additional data + * @see BinaryQueue::BufferDeleterFree + */ + void AppendCopy(const void *buffer, size_t bufferSize); + + /** + * Append @a bufferSize bytes from memory pointed by @a buffer + * to the end of binary queue. Uses custom provided deleter. + * Responsibility for deleting provided buffer is transfered to BinaryQueue. + * + * @return none + * @param[in] buffer Pointer to data buffer + * @param[in] bufferSize Number of bytes available in buffer + * @param[in] deleter Pointer to deleter procedure used to free provided + * buffer + * @param[in] userParam User parameter passed to deleter routine + * @exception std::bad_alloc Cannot allocate memory to hold additional data + */ + void AppendUnmanaged( + const void *buffer, + size_t bufferSize, + BufferDeleter deleter = + &BinaryQueue::BufferDeleterFree, + void *userParam = NULL); + + /** + * Append copy of other binary queue to the end of this binary queue + * + * @return none + * @param[in] other Constant reference to other binary queue to copy data + * from + * @exception std::bad_alloc Cannot allocate memory to hold additional data + * @warning One cannot assume that bucket structure is preserved during copy + */ + void AppendCopyFrom(const BinaryQueue &other); + + /** + * Move bytes from other binary queue to the end of this binary queue. + * This also removes all bytes from other binary queue. + * This method is designed to be as fast as possible (only pointer swaps) + * and is suggested over making copies of binary queues. + * Bucket structure is preserved after operation. + * + * @return none + * @param[in] other Reference to other binary queue to move data from + * @exception std::bad_alloc Cannot allocate memory to hold additional data + */ + void AppendMoveFrom(BinaryQueue &other); + + /** + * Append copy of binary queue to the end of other binary queue + * + * @return none + * @param[in] other Constant reference to other binary queue to copy data to + * @exception std::bad_alloc Cannot allocate memory to hold additional data + * @warning One cannot assume that bucket structure is preserved during copy + */ + void AppendCopyTo(BinaryQueue &other) const; + + /** + * Move bytes from binary queue to the end of other binary queue. + * This also removes all bytes from binary queue. + * This method is designed to be as fast as possible (only pointer swaps) + * and is suggested over making copies of binary queues. + * Bucket structure is preserved after operation. + * + * @return none + * @param[in] other Reference to other binary queue to move data to + * @exception std::bad_alloc Cannot allocate memory to hold additional data + */ + void AppendMoveTo(BinaryQueue &other); + + /** + * Retrieve total size of all data contained in binary queue + * + * @return Number of bytes in binary queue + */ + size_t Size() const; + + /** + * Remove all data from binary queue + * + * @return none + */ + void Clear(); + + /** + * Check if binary queue is empty + * + * @return true if binary queue is empty, false otherwise + */ + bool Empty() const; + + /** + * Remove @a size bytes from beginning of binary queue + * + * @return none + * @param[in] size Number of bytes to remove + * @exception BinaryQueue::Exception::OutOfData Number of bytes is larger + * than available bytes in binary queue + */ + void Consume(size_t size); + + /** + * Retrieve @a bufferSize bytes from beginning of binary queue and copy them + * to user supplied buffer + * + * @return none + * @param[in] buffer Pointer to user buffer to receive bytes + * @param[in] bufferSize Size of user buffer pointed by @a buffer + * @exception BinaryQueue::Exception::OutOfData Number of bytes to flatten + * is larger than available bytes in binary queue + */ + void Flatten(void *buffer, size_t bufferSize) const; + + /** + * Retrieve @a bufferSize bytes from beginning of binary queue, copy them + * to user supplied buffer, and remove from binary queue + * + * @return none + * @param[in] buffer Pointer to user buffer to receive bytes + * @param[in] bufferSize Size of user buffer pointed by @a buffer + * @exception BinaryQueue::Exception::OutOfData Number of bytes to flatten + * is larger than available bytes in binary queue + */ + void FlattenConsume(void *buffer, size_t bufferSize); + + /** + * Visit each buffer with data using visitor object + * + * @return none + * @param[in] visitor Pointer to bucket visitor + * @see BinaryQueue::BucketVisitor + */ + void VisitBuckets(BucketVisitor *visitor) const; + + /** + * IAbstractInput interface + */ + virtual BinaryQueueAutoPtr Read(size_t size); + + /** + * IAbstractOutput interface + */ + virtual size_t Write(const BinaryQueue &buffer, size_t bufferSize); +}; + +/** + * Binary queue auto pointer + */ +typedef std::auto_ptr<BinaryQueue> BinaryQueueAutoPtr; +} // namespace VcoreDPL + +#endif // DPL_BINARY_QUEUE_H diff --git a/vcore/src/dpl/core/include/dpl/char_traits.h b/vcore/src/dpl/core/include/dpl/char_traits.h new file mode 100644 index 0000000..a9d0bc0 --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/char_traits.h @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file char_traits.h + * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com) + * @version 1.0 + * @brief Char traits are used to create basic_string extended with + * additional features + * Current char traits could be extended in feature to boost + * performance + */ +#ifndef DPL_CHAR_TRAITS +#define DPL_CHAR_TRAITS + +#include <cstring> +#include <string> +#include <ostream> +#include <algorithm> +#include <dpl/exception.h> + +namespace VcoreDPL { +typedef std::char_traits<wchar_t> CharTraits; +} // namespace VcoreDPL + +#endif // DPL_CHAR_TRAITS diff --git a/vcore/src/dpl/core/include/dpl/colors.h b/vcore/src/dpl/core/include/dpl/colors.h new file mode 100644 index 0000000..4c22139 --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/colors.h @@ -0,0 +1,73 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file colors.h + * @author Lukasz Wrzosek (l.wrzosek@samsung.com) + * @version 1.0 + * @brief Some constants with definition of colors for Console + * and html output + */ + +#ifndef DPL_COLORS_H +#define DPL_COLORS_H + +namespace VcoreDPL { +namespace Colors { +namespace Text { +extern const char* BOLD_GREEN_BEGIN; +extern const char* BOLD_GREEN_END; +extern const char* PURPLE_BEGIN; +extern const char* PURPLE_END; +extern const char* RED_BEGIN; +extern const char* RED_END; +extern const char* GREEN_BEGIN; +extern const char* GREEN_END; +extern const char* CYAN_BEGIN; +extern const char* CYAN_END; +extern const char* BOLD_RED_BEGIN; +extern const char* BOLD_RED_END; +extern const char* BOLD_YELLOW_BEGIN; +extern const char* BOLD_YELLOW_END; +extern const char* BOLD_GOLD_BEGIN; +extern const char* BOLD_GOLD_END; +extern const char* BOLD_WHITE_BEGIN; +extern const char* BOLD_WHITE_END; +} //namespace Text + +namespace Html { +extern const char* BOLD_GREEN_BEGIN; +extern const char* BOLD_GREEN_END; +extern const char* PURPLE_BEGIN; +extern const char* PURPLE_END; +extern const char* RED_BEGIN; +extern const char* RED_END; +extern const char* GREEN_BEGIN; +extern const char* GREEN_END; +extern const char* CYAN_BEGIN; +extern const char* CYAN_END; +extern const char* BOLD_RED_BEGIN; +extern const char* BOLD_RED_END; +extern const char* BOLD_YELLOW_BEGIN; +extern const char* BOLD_YELLOW_END; +extern const char* BOLD_GOLD_BEGIN; +extern const char* BOLD_GOLD_END; +extern const char* BOLD_WHITE_BEGIN; +extern const char* BOLD_WHITE_END; +} //namespace Html +} //namespace Colors +} //namespace VcoreDPL + +#endif /* DPL_COLORS_H */ diff --git a/vcore/src/dpl/core/include/dpl/errno_string.h b/vcore/src/dpl/core/include/dpl/errno_string.h new file mode 100644 index 0000000..5ea55e5 --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/errno_string.h @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file errno_string.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of errno string + */ +#ifndef DPL_ERRNO_STRING_H +#define DPL_ERRNO_STRING_H + +#include <dpl/exception.h> +#include <string> +#include <cerrno> + +namespace VcoreDPL { +DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, InvalidErrnoValue) + +std::string GetErrnoString(int error = errno); +} // namespace VcoreDPL + +#endif // DPL_ERRNO_STRING_H diff --git a/vcore/src/dpl/core/include/dpl/exception.h b/vcore/src/dpl/core/include/dpl/exception.h new file mode 100644 index 0000000..95ea4ac --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/exception.h @@ -0,0 +1,390 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file exception.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief Header file for base exception + */ +#ifndef VcoreDPL_EXCEPTION_H +#define VcoreDPL_EXCEPTION_H + +#include <string> +#include <cstring> +#include <cstdio> +#include <exception> +#include <cstdlib> +#include <sstream> + +namespace VcoreDPL { +void LogUnhandledException(const std::string &str); +void LogUnhandledException(const std::string &str, + const char *filename, + int line, + const char *function); +} + +namespace VcoreDPL { +class Exception { +private: + static unsigned int m_exceptionCount; + static Exception* m_lastException; + static void (*m_terminateHandler)(); + + static void AddRef(Exception* exception) + { + if (!m_exceptionCount) { + m_terminateHandler = std::set_terminate(&TerminateHandler); + } + + ++m_exceptionCount; + m_lastException = exception; + } + + static void UnRef(Exception* e) + { + if (m_lastException == e) { + m_lastException = NULL; + } + + --m_exceptionCount; + + if (!m_exceptionCount) { + std::set_terminate(m_terminateHandler); + m_terminateHandler = NULL; + } + } + + static void TerminateHandler() + { + if (m_lastException != NULL) { + DisplayKnownException(*m_lastException); + abort(); + } else { + DisplayUnknownException(); + abort(); + } + } + + Exception *m_reason; + std::string m_path; + std::string m_function; + int m_line; + +protected: + std::string m_message; + std::string m_className; + +public: + static std::string KnownExceptionToString(const Exception &e) + { + std::ostringstream message; + message << + "\033[1;5;31m\n=== Unhandled DPL exception occurred ===\033[m\n\n"; + message << "\033[1;33mException trace:\033[m\n\n"; + message << e.DumpToString(); + message << "\033[1;31m\n=== Will now abort ===\033[m\n"; + + return message.str(); + } + + static std::string UnknownExceptionToString() + { + std::ostringstream message; + message << + "\033[1;5;31m\n=== Unhandled non-DPL exception occurred ===\033[m\n\n"; + message << "\033[1;31m\n=== Will now abort ===\033[m\n"; + + return message.str(); + } + + static void DisplayKnownException(const Exception& e) + { + LogUnhandledException(KnownExceptionToString(e).c_str()); + } + + static void DisplayUnknownException() + { + LogUnhandledException(UnknownExceptionToString().c_str()); + } + + Exception(const Exception &other) + { + // Deep copy + if (other.m_reason != NULL) { + m_reason = new Exception(*other.m_reason); + } else { + m_reason = NULL; + } + + m_message = other.m_message; + m_path = other.m_path; + m_function = other.m_function; + m_line = other.m_line; + + m_className = other.m_className; + + AddRef(this); + } + + const Exception &operator =(const Exception &other) + { + if (this == &other) { + return *this; + } + + // Deep copy + if (other.m_reason != NULL) { + m_reason = new Exception(*other.m_reason); + } else { + m_reason = NULL; + } + + m_message = other.m_message; + m_path = other.m_path; + m_function = other.m_function; + m_line = other.m_line; + + m_className = other.m_className; + + AddRef(this); + + return *this; + } + + Exception(const char *path, + const char *function, + int line, + const std::string &message) : + m_reason(NULL), + m_path(path), + m_function(function), + m_line(line), + m_message(message) + { + AddRef(this); + } + + Exception(const char *path, + const char *function, + int line, + const Exception &reason, + const std::string &message) : + m_reason(new Exception(reason)), + m_path(path), + m_function(function), + m_line(line), + m_message(message) + { + AddRef(this); + } + + virtual ~Exception() throw() + { + if (m_reason != NULL) { + delete m_reason; + m_reason = NULL; + } + + UnRef(this); + } + + void Dump() const + { + // Show reason first + if (m_reason != NULL) { + m_reason->Dump(); + } + + // Afterward, dump exception + const char *file = strchr(m_path.c_str(), '/'); + + if (file == NULL) { + file = m_path.c_str(); + } else { + ++file; + } + + printf("\033[0;36m[%s:%i]\033[m %s() \033[4;35m%s\033[m: %s\033[m\n", + file, m_line, + m_function.c_str(), + m_className.c_str(), + m_message.empty() ? "<EMPTY>" : m_message.c_str()); + } + + std::string DumpToString() const + { + std::string ret; + if (m_reason != NULL) { + ret = m_reason->DumpToString(); + } + + const char *file = strchr(m_path.c_str(), '/'); + + if (file == NULL) { + file = m_path.c_str(); + } else { + ++file; + } + + char buf[1024]; + snprintf(buf, + sizeof(buf), + "\033[0;36m[%s:%i]\033[m %s() \033[4;35m%s\033[m: %s\033[m\n", + file, + m_line, + m_function.c_str(), + m_className.c_str(), + m_message.empty() ? "<EMPTY>" : m_message.c_str()); + + buf[sizeof(buf) - 1] = '\n'; + ret += buf; + + return ret; + } + + Exception *GetReason() const + { + return m_reason; + } + + std::string GetPath() const + { + return m_path; + } + + std::string GetFunction() const + { + return m_function; + } + + int GetLine() const + { + return m_line; + } + + std::string GetMessage() const + { + return m_message; + } + + std::string GetClassName() const + { + return m_className; + } +}; +} // namespace VcoreDPL + +#define Try try + +#define Throw(ClassName) \ + throw ClassName(__FILE__, __FUNCTION__, __LINE__) + +#define ThrowMsg(ClassName, Message) \ + do \ + { \ + std::ostringstream dplLoggingStream; \ + dplLoggingStream << Message; \ + throw ClassName(__FILE__, __FUNCTION__, __LINE__, dplLoggingStream.str()); \ + } while (0) + +#define ReThrow(ClassName) \ + throw ClassName(__FILE__, __FUNCTION__, __LINE__, _rethrown_exception) + +#define ReThrowMsg(ClassName, Message) \ + throw ClassName(__FILE__, \ + __FUNCTION__, \ + __LINE__, \ + _rethrown_exception, \ + Message) + +#define Catch(ClassName) \ + catch (const ClassName &_rethrown_exception) + +#define DECLARE_EXCEPTION_TYPE(BaseClass, Class) \ + class Class : public BaseClass { \ + public: \ + Class(const char *path, \ + const char *function, \ + int line, \ + const std::string & message = std::string()) \ + : BaseClass(path, function, line, message) { \ + \ + BaseClass::m_className = #Class; \ + } \ + \ + Class(const char *path, \ + const char *function, \ + int line, \ + const VcoreDPL::Exception & reason, \ + const std::string & message = std::string()) \ + : BaseClass(path, function, line, reason, message) { \ + BaseClass::m_className = #Class; \ + } \ + }; + +#define UNHANDLED_EXCEPTION_HANDLER_BEGIN try + +#define UNHANDLED_EXCEPTION_HANDLER_END \ + catch (const VcoreDPL::Exception &exception) \ + { \ + std::ostringstream msg; \ + msg << VcoreDPL::Exception::KnownExceptionToString(exception); \ + VcoreDPL::LogUnhandledException(msg.str(), \ + __FILE__, \ + __LINE__, \ + __FUNCTION__); \ + abort(); \ + } \ + catch (std::exception& e) \ + { \ + std::ostringstream msg; \ + msg << e.what(); \ + msg << "\n"; \ + msg << VcoreDPL::Exception::UnknownExceptionToString(); \ + VcoreDPL::LogUnhandledException(msg.str(), \ + __FILE__, \ + __LINE__, \ + __FUNCTION__); \ + abort(); \ + } \ + catch (...) \ + { \ + std::ostringstream msg; \ + msg << VcoreDPL::Exception::UnknownExceptionToString(); \ + VcoreDPL::LogUnhandledException(msg.str(), \ + __FILE__, \ + __LINE__, \ + __FUNCTION__); \ + abort(); \ + } + +namespace VcoreDPL { +namespace CommonException { +/** + * Internal exception definitions + * + * These should normally not happen. + * Usually, exception trace with internal error includes + * important messages. + */ +DECLARE_EXCEPTION_TYPE(Exception, InternalError) ///< Unexpected error from + // underlying libraries or + // kernel +} +} + +#endif // VcoreDPL_EXCEPTION_H diff --git a/vcore/src/dpl/core/include/dpl/file_input.h b/vcore/src/dpl/core/include/dpl/file_input.h new file mode 100644 index 0000000..d982957 --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/file_input.h @@ -0,0 +1,62 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file file_input.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of file input + */ +#ifndef DPL_FILE_INPUT_H +#define DPL_FILE_INPUT_H + +#include <dpl/noncopyable.h> +#include <dpl/exception.h> +#include <dpl/abstract_waitable_input.h> + +namespace VcoreDPL { +class FileInput : + private Noncopyable, + public AbstractWaitableInput +{ + public: + class Exception + { + public: + DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, OpenFailed) + DECLARE_EXCEPTION_TYPE(Base, CloseFailed) + }; + + protected: + int m_fd; + + public: + FileInput(); + FileInput(const std::string &fileName); + virtual ~FileInput(); + + void Open(const std::string &fileName); + void Close(); + + // AbstractInput + virtual BinaryQueueAutoPtr Read(size_t size); + + // AbstractWaitableInput + virtual WaitableHandle WaitableReadHandle() const; +}; +} // namespace VcoreDPL + +#endif // DPL_FILE_INPUT_H diff --git a/vcore/src/dpl/core/include/dpl/foreach.h b/vcore/src/dpl/core/include/dpl/foreach.h new file mode 100644 index 0000000..0a4485d --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/foreach.h @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file foreach.h + * @author Bartosz Janiak (b.janiak@samsung.com) + * @author Lukasz Wrzosek (l.wrzosek@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of foreach macro for stl + * containers + */ +#ifndef DPL_FOREACH_H +#define DPL_FOREACH_H + +#include <dpl/preprocessor.h> + +namespace VcoreDPL { +namespace Private { +/* + * Used to detect type of valid reference to value object. + */ +template <typename T> +T& ValueReference(T& t) +{ + return(t); +} + +template <typename T> +const T& ValueReference(const T& t) +{ + return(t); +} +} //Private +} //DPL + +#define DPL_FOREACH_IMPL(temporaryName, iterator, container) \ + __typeof__ (VcoreDPL::Private::ValueReference((container))) & \ + temporaryName = (container); \ + for (__typeof__ (temporaryName.begin())iterator = \ + temporaryName.begin(); \ + (iterator) != temporaryName.end(); ++iterator) + +#define FOREACH(iterator, container) \ + DPL_FOREACH_IMPL( \ + DPL_MACRO_CONCAT(foreachContainerReference, __COUNTER__), \ + iterator, \ + container) + +#endif // DPL_FOREACH_H diff --git a/vcore/src/dpl/core/include/dpl/free_deleter.h b/vcore/src/dpl/core/include/dpl/free_deleter.h new file mode 100644 index 0000000..f3494f2 --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/free_deleter.h @@ -0,0 +1,33 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file free_deleter.h + * @author Pawel Czajkowski (p.czajkowski@samsung.com) + * @version 1.0 + * @brief This file is the implementation file deleter with use std::free() + */ +#ifndef FREE_DELETER_H +#define FREE_DELETER_H + +#include <cstdlib> +namespace VcoreDPL +{ +struct free_deleter +{ + void operator()(void *p) { std::free(p); } +}; +}// DPL +#endif // FREE_DELETER_H diff --git a/vcore/src/dpl/core/include/dpl/lexical_cast.h b/vcore/src/dpl/core/include/dpl/lexical_cast.h new file mode 100644 index 0000000..b08f513 --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/lexical_cast.h @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file lexical_cast.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief Header file for lexical cast + */ +#ifndef DPL_LEXICAL_CAST_H +#define DPL_LEXICAL_CAST_H + +#include <sstream> + +namespace VcoreDPL { +template<typename TargetType, typename SourceType> +TargetType lexical_cast(const SourceType &data) +{ + TargetType result; + + std::ostringstream out; + out << data; + + std::istringstream in(out.str()); + in >> result; + + return result; +} +} // namespace VcoreDPL + +#endif // DPL_LEXICAL_CAST_H diff --git a/vcore/src/dpl/core/include/dpl/noncopyable.h b/vcore/src/dpl/core/include/dpl/noncopyable.h new file mode 100644 index 0000000..89372d0 --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/noncopyable.h @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file noncopyable + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of noncopyable + */ +#ifndef DPL_NONCOPYABLE_H +#define DPL_NONCOPYABLE_H + +namespace VcoreDPL { +class Noncopyable +{ + private: + Noncopyable(const Noncopyable &); + const Noncopyable &operator=(const Noncopyable &); + + public: + Noncopyable(); + virtual ~Noncopyable(); +}; +} // namespace VcoreDPL + +#endif // DPL_NONCOPYABLE_H diff --git a/vcore/src/dpl/core/include/dpl/optional.h b/vcore/src/dpl/core/include/dpl/optional.h new file mode 100644 index 0000000..2f37aa1 --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/optional.h @@ -0,0 +1,176 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file optional_value.h + * @author Lukasz Wrzosek (l.wrzosek@samsung.com) + * @version 1.0 + */ + +#ifndef DPL_OPTIONAL_H +#define DPL_OPTIONAL_H + +#include <dpl/exception.h> +#include <dpl/availability.h> + +namespace VcoreDPL { +template <typename Type> +class Optional +{ + class Exception + { + public: + DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, NullReference) + }; + + public: + Optional() : + m_null(true), + m_value() + {} + + Optional(const Type& t) : + m_null(false), + m_value(t) + {} + + bool IsNull() const + { + return m_null; + } + + Type& operator*() + { + if (m_null) { + Throw(typename Exception::NullReference); + } + return m_value; + } + + const Type& operator*() const + { + if (m_null) { + Throw(typename Exception::NullReference); + } + return m_value; + } + + const Type* operator->() const + { + if (m_null) { + Throw(typename Exception::NullReference); + } + return &m_value; + } + + Type* operator->() + { + if (m_null) { + Throw(typename Exception::NullReference); + } + return &m_value; + } + + bool operator!() const + { + return m_null; + } + + Optional<Type>& operator=(const Type& other) + { + m_null = false; + m_value = other; + return *this; + } + + bool operator==(const Optional<Type>& aSecond) const + { + return LogicalOperator<true>(*this, aSecond, + std::equal_to<Type>(), std::equal_to<bool>()); + } + + bool operator==(const Type& aSecond) const + { + return Optional<Type>(aSecond) == *this; + } + + bool operator!=(const Optional<Type>& aSecond) const + { + return !(*this == aSecond); + } + + bool operator<(const Optional<Type>& aSecond) const + { + return LogicalOperator<false>(*this, aSecond, + std::less<Type>(), std::less<bool>()); + } + + bool operator>(const Optional<Type>& aSecond) const + { + return LogicalOperator<false>(*this, aSecond, + std::greater<Type>(), std::greater<bool>()); + } + + bool operator<=(const Optional<Type>& aSecond) const + { + return *this == aSecond || *this < aSecond; + } + + bool operator>=(const Optional<Type>& aSecond) const + { + return *this == aSecond || *this > aSecond; + } + + static Optional<Type> Null; + + private: + bool m_null; + Type m_value; + + template <bool taEquality, typename taComparator, typename taNullComparator> + static bool LogicalOperator(const Optional<Type>& aFirst, + const Optional<Type>& aSecond, + taComparator aComparator, + taNullComparator aNullComparator) + { + if (aFirst.m_null == aSecond.m_null) { + if (aFirst.m_null) { + return taEquality; + } else { + return aComparator(aFirst.m_value, aSecond.m_value); + } + } else { + return aNullComparator(aFirst.m_null, aSecond.m_null); + } + } +} DPL_DEPRECATED_WITH_MESSAGE("Use boost::optional instead"); + +template<typename Type> +Optional<Type> Optional<Type>::Null = Optional<Type>(); +} //namespace VcoreDPL + +template<typename Type> +std::ostream& operator<<(std::ostream& aStream, + const VcoreDPL::Optional<Type>& aOptional) +{ + if (aOptional.IsNull()) { + return aStream << "null optional"; + } else { + return aStream << *aOptional; + } +} + +#endif // DPL_OPTIONAL_VALUE_H diff --git a/vcore/src/dpl/core/include/dpl/optional_typedefs.h b/vcore/src/dpl/core/include/dpl/optional_typedefs.h new file mode 100644 index 0000000..bd411f2 --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/optional_typedefs.h @@ -0,0 +1,33 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef DPL_OPTIONAL_TYPEDEFS_H +#define DPL_OPTIONAL_TYPEDEFS_H + +#include <string> +#include <dpl/string.h> +#include <boost/optional.hpp> + +namespace VcoreDPL { +typedef boost::optional<String> OptionalString; +typedef boost::optional<int> OptionalInt; +typedef boost::optional<unsigned int> OptionalUInt; +typedef boost::optional<bool> OptionalBool; +typedef boost::optional<float> OptionalFloat; +typedef boost::optional<std::string> OptionalStdString; +} //namespace VcoreDPL + +#endif /* DPL_OPTIONAL_TYPEDEFS_H */ + diff --git a/vcore/src/dpl/core/include/dpl/preprocessor.h b/vcore/src/dpl/core/include/dpl/preprocessor.h new file mode 100644 index 0000000..6fca34c --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/preprocessor.h @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file preprocessor.h + * @author Lukasz Wrzosek (l.wrzosek@samsung.com) + * @version 1.0 + * @brief This file contains some usefull macros. + */ + +#ifndef DPL_PREPROCESSOR_H +#define DPL_PREPROCESSOR_H + +#define DPL_MACRO_CONCAT_IMPL(x, y) x##y +#define DPL_MACRO_CONCAT(x, y) DPL_MACRO_CONCAT_IMPL(x, y) + +#ifdef __COUNTER__ +#define DPL_ANONYMOUS_VARIABLE(name) DPL_MACRO_CONCAT(name, __COUNTER__) +#else +#define DPL_ANONYMOUS_VARIABLE(name) DPL_MACRO_CONCAT(name, __LINE__) +#endif + +#endif //DPL_PREPROCESSOR_H diff --git a/vcore/src/dpl/core/include/dpl/scoped_array.h b/vcore/src/dpl/core/include/dpl/scoped_array.h new file mode 100644 index 0000000..e117f33 --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/scoped_array.h @@ -0,0 +1,68 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/*! + * @file scoped_ptr.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of scoped array RAII + * + * This module is deprecated, please use standard C++11 feature: std::unique_ptr<Type[]> + */ +#ifndef DPL_SCOPED_ARRAY_H +#define DPL_SCOPED_ARRAY_H + +#include <cstddef> + +#include <dpl/assert.h> +#include <dpl/scoped_resource.h> +#include <dpl/availability.h> + +namespace VcoreDPL { +template<typename Class> +struct ScopedArrayPolicy +{ + typedef Class* Type; + static Type NullValue() + { + return NULL; + } + static void Destroy(Type ptr) + { + delete[] ptr; + } +}; + +template<typename Class> +class ScopedArray : public ScopedResource<ScopedArrayPolicy<Class> > +{ + typedef ScopedArrayPolicy<Class> Policy; + typedef ScopedResource<Policy> BaseType; + + public: + explicit ScopedArray(Class *ptr = Policy::NullValue()) : BaseType(ptr) { } + + Class &operator [](std::ptrdiff_t k) const + { + Assert(this->m_value != Policy::NullValue() && + "Dereference of scoped NULL array!"); + Assert(k >= 0 && "Negative array index"); + + return this->m_value[k]; + } +} DPL_DEPRECATED_WITH_MESSAGE("use standard C++11 feature: std::unique_ptr<Type[]>"); +} // namespace VcoreDPL + +#endif // DPL_SCOPED_PTR_H diff --git a/vcore/src/dpl/core/include/dpl/scoped_fclose.h b/vcore/src/dpl/core/include/dpl/scoped_fclose.h new file mode 100644 index 0000000..8813497 --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/scoped_fclose.h @@ -0,0 +1,72 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/*! + * @file scoped_fclose.h + * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of scoped fclose RAII + */ +#ifndef DPL_SCOPED_FCLOSE_H +#define DPL_SCOPED_FCLOSE_H + +#include <unistd.h> +#include <cerrno> +#include <cstdio> +#include <string> +#include <dpl/log/vcore_log.h> +#include <dpl/scoped_resource.h> +#include <dpl/errno_string.h> + +namespace VcoreDPL { +struct ScopedFClosePolicy +{ + typedef FILE* Type; + static Type NullValue() + { + return NULL; + } + static void Destroy(Type file) + { + if (file != NULL) { + // Try to flush first + if (TEMP_FAILURE_RETRY(fflush(file)) != 0) { + std::string errString = GetErrnoString(); + VcoreLogD("Failed to fflush scoped fclose error: %s", + errString.c_str()); + } + + // fclose cannot be retried, try to close once + if (fclose(file) != 0) { + std::string errString = GetErrnoString(); + VcoreLogD("Failed scoped fclose error: %s", errString.c_str()); + } + } + } +}; + +class ScopedFClose : public ScopedResource<ScopedFClosePolicy> +{ + typedef ScopedFClosePolicy Policy; + typedef ScopedResource<Policy> BaseType; + + public: + explicit ScopedFClose(FILE* argFileStream = Policy::NullValue()) : + BaseType(argFileStream) + {} +}; +} // namespace VcoreDPL + +#endif // DPL_SCOPED_FCLOSE_H diff --git a/vcore/src/dpl/core/include/dpl/scoped_free.h b/vcore/src/dpl/core/include/dpl/scoped_free.h new file mode 100644 index 0000000..7f9685b --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/scoped_free.h @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/*! + * @file scoped_free.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of scoped free RAII + */ + +#ifndef DPL_SCOPED_FREE_H +#define DPL_SCOPED_FREE_H + +#include <malloc.h> +#include <cstddef> + +#include <dpl/scoped_resource.h> + +namespace VcoreDPL { +template<typename Class> +struct ScopedFreePolicy +{ + typedef Class* Type; + static Type NullValue() + { + return NULL; + } + static void Destroy(Type ptr) + { + free(ptr); + } +}; + +template<typename Memory> +class ScopedFree : public ScopedResource<ScopedFreePolicy<Memory> > +{ + typedef ScopedFreePolicy<Memory> Policy; + typedef ScopedResource<Policy> BaseType; + + public: + explicit ScopedFree(Memory *ptr = Policy::NullValue()) : BaseType(ptr) { } +}; +} // namespace VcoreDPL + +#endif // DPL_SCOPED_FREE_H diff --git a/vcore/src/dpl/core/include/dpl/scoped_resource.h b/vcore/src/dpl/core/include/dpl/scoped_resource.h new file mode 100644 index 0000000..ed034dd --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/scoped_resource.h @@ -0,0 +1,80 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file scoped_resource.h + * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of scoped resource pattern + */ +#ifndef DPL_SCOPED_RESOURCE_H +#define DPL_SCOPED_RESOURCE_H + +#include <dpl/noncopyable.h> + +namespace VcoreDPL { +template<typename ClassPolicy> +class ScopedResource : + private Noncopyable +{ + public: + typedef typename ClassPolicy::Type ValueType; + typedef ScopedResource<ClassPolicy> ThisType; + + protected: + ValueType m_value; + + public: + explicit ScopedResource(ValueType value) : m_value(value) { } + + ~ScopedResource() + { + ClassPolicy::Destroy(m_value); + } + + ValueType Get() const + { + return m_value; + } + + void Reset(ValueType value = ClassPolicy::NullValue()) + { + ClassPolicy::Destroy(m_value); + m_value = value; + } + + ValueType Release() + { + ValueType value = m_value; + m_value = ClassPolicy::NullValue(); + return value; + } + typedef ValueType ThisType::*UnknownBoolType; + + operator UnknownBoolType() const + { + return m_value == ClassPolicy::NullValue() ? + 0 : //0 is valid here because it converts to false + &ThisType::m_value; //it converts to true + } + + bool operator !() const + { + return m_value == ClassPolicy::NullValue(); + } +}; +} // namespace VcoreDPL + +#endif // DPL_SCOPED_RESOURCE_H diff --git a/vcore/src/dpl/core/include/dpl/singleton.h b/vcore/src/dpl/core/include/dpl/singleton.h new file mode 100644 index 0000000..4371f32 --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/singleton.h @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file singleton.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of singleton + */ +#ifndef DPL_SINGLETON_H +#define DPL_SINGLETON_H + +#include <boost/optional.hpp> +#include <dpl/thread.h> +#include <dpl/assert.h> + +namespace VcoreDPL { +template<typename Class> +class Singleton : + private Class +{ + // + // Note: + // + // To remove posibility of instantiating directly Class, + // make Class' default constructor protected + // + + private: + Singleton() + {} + + typedef boost::optional<Thread *> OptionalThreadPtr; + + static Singleton &InternalInstance(); + + public: + virtual ~Singleton() + {} + + static Class &Instance(); +}; +} // namespace VcoreDPL + +#endif // DPL_SINGLETON_H diff --git a/vcore/src/dpl/core/include/dpl/singleton_impl.h b/vcore/src/dpl/core/include/dpl/singleton_impl.h new file mode 100644 index 0000000..fd70741 --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/singleton_impl.h @@ -0,0 +1,53 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file singleton_impl.h + * @author Lukasz Wrzosek (l.wrzosek@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of singleton + */ +#ifndef DPL_SINGLETON_IMPL_H +#define DPL_SINGLETON_IMPL_H + +/* + * WARNING! + * + * If some singleton's implementation uses another singletons implementation, + * those templates make the second singleton a dubleton. Be warned. Try to use + * singleton_safe_impl.h if possible. + */ + +namespace VcoreDPL { +template<typename Class> +Singleton<Class>& Singleton<Class>::InternalInstance() +{ + static Singleton<Class> instance; + return instance; +} + +template<typename Class> +Class &Singleton<Class>::Instance() +{ + Singleton<Class>& instance = Singleton<Class>::InternalInstance(); + return instance; +} +} // namespace VcoreDPL + +#define IMPLEMENT_SINGLETON(Type) \ + template VcoreDPL::Singleton<Type>&VcoreDPL::Singleton<Type>::InternalInstance(); \ + template Type & VcoreDPL::Singleton<Type>::Instance(); \ + +#endif // DPL_SINGLETON_IMPL_H diff --git a/vcore/src/dpl/core/include/dpl/string.h b/vcore/src/dpl/core/include/dpl/string.h new file mode 100644 index 0000000..68d6a09 --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/string.h @@ -0,0 +1,157 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file string.h + * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com) + * @version 1.0 + */ +#ifndef DPL_STRING +#define DPL_STRING + +#include <dpl/exception.h> +#include <dpl/char_traits.h> +#include <string> +#include <ostream> +#include <numeric> + +namespace VcoreDPL { +// @brief DPL string +typedef std::basic_string<wchar_t, CharTraits> String; + +// @brief String exception class +class StringException +{ + public: + DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base) + + // @brief Invalid init for UTF8 to UTF32 converter + DECLARE_EXCEPTION_TYPE(Base, IconvInitErrorUTF8ToUTF32) + + // @brief Invalid taStdContainerinit for UTF32 to UTF32 converter + DECLARE_EXCEPTION_TYPE(Base, IconvInitErrorUTF32ToUTF8) + + // @brief Invalid conversion for UTF8 to UTF32 converter + DECLARE_EXCEPTION_TYPE(Base, IconvConvertErrorUTF8ToUTF32) + + // @brief Invalid conversion for UTF8 to UTF32 converter + DECLARE_EXCEPTION_TYPE(Base, IconvConvertErrorUTF32ToUTF8) + + // @brief Invalid ASCII character detected in FromASCII + DECLARE_EXCEPTION_TYPE(Base, InvalidASCIICharacter) + + // @brief Invalid ASCII character detected in FromASCII + DECLARE_EXCEPTION_TYPE(Base, ICUInvalidCharacterFound) +}; + +//!\brief convert ASCII string to VcoreDPL::String +String FromASCIIString(const std::string& aString); + +//!\brief convert UTF32 string to VcoreDPL::String +String FromUTF32String(const std::wstring& aString); + +//@brief Returns String object created from UTF8 string +//@param[in] aString input UTF-8 string +String FromUTF8String(const std::string& aString); + +//@brief Returns String content as std::string +std::string ToUTF8String(const String& aString); + +//@brief Compare two unicode strings +int StringCompare(const String &left, + const String &right, + bool caseInsensitive = false); + +//@brief Splits the string into substrings. +//@param[in] str Input string +//@param[in] delimiters array or string containing a sequence of substring +// delimiters. Can be also a single delimiter character. +//@param[in] it InserterIterator that is used to save the generated substrings. +template<typename StringType, typename Delimiters, typename InserterIterator> +void Tokenize(const StringType& str, + const Delimiters& delimiters, + InserterIterator it, + bool ignoreEmpty = false) +{ + typename StringType::size_type nextSearchStart = 0; + typename StringType::size_type pos; + typename StringType::size_type length; + + while (true) { + pos = str.find_first_of(delimiters, nextSearchStart); + length = + ((pos == StringType::npos) ? str.length() : pos) - nextSearchStart; + + if (!ignoreEmpty || length > 0) { + *it = str.substr(nextSearchStart, length); + it++; + } + + if (pos == StringType::npos) { + return; + } + + nextSearchStart = pos + 1; + } +} + +namespace Utils { + +template<typename T> class ConcatFunc : public std::binary_function<T, T, T> +{ +public: + explicit ConcatFunc(const T & val) : m_delim(val) {} + T operator()(const T & arg1, const T & arg2) const + { + return arg1 + m_delim + arg2; + } +private: + T m_delim; +}; + +} + +template<typename ForwardIterator> +typename ForwardIterator::value_type Join(ForwardIterator begin, ForwardIterator end, typename ForwardIterator::value_type delim) +{ + typedef typename ForwardIterator::value_type value; + if(begin == end) return value(); + Utils::ConcatFunc<value> func(delim); + ForwardIterator init = begin; + return std::accumulate(++begin, end, *init, func); +} + +template<class StringType> void TrimLeft(StringType & obj, typename StringType::const_pointer separators) +{ + obj.erase(0, obj.find_first_not_of(separators)); +} + +template<class StringType> void TrimRight(StringType & obj, typename StringType::const_pointer separators) +{ + obj.erase(obj.find_last_not_of(separators)+1); +} + +template<class StringType> void Trim(StringType & obj, typename StringType::const_pointer separators) +{ + TrimLeft(obj, separators); + TrimRight(obj, separators); +} + + +} //namespace VcoreDPL + +std::ostream& operator<<(std::ostream& aStream, const VcoreDPL::String& aString); + +#endif // DPL_STRING diff --git a/vcore/src/dpl/core/include/dpl/thread.h b/vcore/src/dpl/core/include/dpl/thread.h new file mode 100644 index 0000000..d13740b --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/thread.h @@ -0,0 +1,394 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file thread.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of thread + */ +#ifndef DPL_THREAD_H +#define DPL_THREAD_H + +#include <dpl/waitable_handle_watch_support.h> +#include <dpl/noncopyable.h> +#include <dpl/exception.h> +#include <dpl/assert.h> +#include <boost/optional.hpp> +#include <stdint.h> +#include <cstdlib> +#include <pthread.h> +#include <thread> +#include <vector> +#include <list> +#include <mutex> + +namespace VcoreDPL { +class Thread : + private Noncopyable, + public WaitableHandleWatchSupport +{ + public: + class Exception + { + public: + DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, CreateFailed) + DECLARE_EXCEPTION_TYPE(Base, DestroyFailed) + DECLARE_EXCEPTION_TYPE(Base, RunFailed) + DECLARE_EXCEPTION_TYPE(Base, QuitFailed) + DECLARE_EXCEPTION_TYPE(Base, UnmanagedThread) + }; + + typedef void (*EventDeleteProc)(void *event, void *userParam); + typedef void (*EventDispatchProc)(void *event, void *userParam); + + protected: + /** + * Main thread entry + * The method is intended to be overloaded with custom code. + * Default implementation just executes Exec method to process + * all thread exents + */ + virtual int ThreadEntry(); + + /** + * Start processing of thread events + */ + int Exec(); + + private: + struct InternalEvent + { + void *event; + void *userParam; + EventDispatchProc eventDispatchProc; + EventDeleteProc eventDeleteProc; + + InternalEvent(void *eventArg, + void *userParamArg, + EventDispatchProc eventDispatchProcArg, + EventDeleteProc eventDeleteProcArg) : + event(eventArg), + userParam(userParamArg), + eventDispatchProc(eventDispatchProcArg), + eventDeleteProc(eventDeleteProcArg) + {} + }; + + struct InternalTimedEvent : + InternalEvent + { + unsigned long dueTimeMiliseconds; + unsigned long registerTimeMiliseconds; + + InternalTimedEvent(void *eventArg, + void *userParamArg, + unsigned long dueTimeMilisecondsArg, + unsigned long registerTimeMilisecondsArg, + EventDispatchProc eventDispatchProcArg, + EventDeleteProc eventDeleteProcArg) : + InternalEvent(eventArg, + userParamArg, + eventDispatchProcArg, + eventDeleteProcArg), + dueTimeMiliseconds(dueTimeMilisecondsArg), + registerTimeMiliseconds(registerTimeMilisecondsArg) + {} + + bool operator<(const InternalTimedEvent &other) + { + return registerTimeMiliseconds + dueTimeMiliseconds > + other.registerTimeMiliseconds + other.dueTimeMiliseconds; + } + }; + + // Internal event list + typedef std::list<InternalEvent> InternalEventList; + + // Internal timed event list + typedef std::vector<InternalTimedEvent> InternalTimedEventVector; + + // State managment + std::thread m_thread; + volatile bool m_abandon; + volatile bool m_running; + std::mutex m_stateMutex; + WaitableEvent m_quitEvent; + + // Event processing + std::mutex m_eventMutex; + InternalEventList m_eventList; + WaitableEvent m_eventInvoker; + + // Timed events processing + std::mutex m_timedEventMutex; + InternalTimedEventVector m_timedEventVector; + WaitableEvent m_timedEventInvoker; + + // WaitableHandleWatchSupport + virtual Thread *GetInvokerThread(); + virtual void HandleDirectInvoker(); + bool m_directInvoke; + + // Internals + unsigned long GetCurrentTimeMiliseconds() const; + void ProcessEvents(); + void ProcessTimedEvents(); + + static void *StaticThreadEntry(void *param); + + public: + explicit Thread(); + virtual ~Thread(); + + /** + * Run thread. Does nothing if thread is already running + */ + void Run(); + + /** + * Send quit message to thread and wait for its end + * Does nothing is thread is not running + */ + void Quit(); + + /** + * Checks if current thread is main one + * Returns true if it is main program thread, false otherwise + */ + static bool IsMainThread(); + + /** + * Current thread retrieval + * Returns DPL thread handle or NULL if it is main program thread + */ + static Thread *GetCurrentThread(); + + /** + * Low-level event push, usually used only by EventSupport + */ + void PushEvent(void *event, + EventDispatchProc eventDispatchProc, + EventDeleteProc eventDeleteProc, + void *userParam); + + /** + * Low-level timed event push, usually used only by EventSupport + */ + void PushTimedEvent(void *event, + double dueTimeSeconds, + EventDispatchProc eventDispatchProc, + EventDeleteProc eventDeleteProc, + void *userParam); + + /** + * Sleep for a number of seconds + */ + static void Sleep(uint64_t seconds); + + /** + * Sleep for a number of miliseconds + */ + static void MiliSleep(uint64_t miliseconds); + + /** + * Sleep for a number of microseconds + */ + static void MicroSleep(uint64_t microseconds); + + /** + * Sleep for a number of nanoseconds + */ + static void NanoSleep(uint64_t nanoseconds); +}; + +extern bool g_TLSforMainCreated; + +// In case of using TLV in main thread, pthread_exit(NULL) has to be called in +// this thread explicitly. +// On the other hand, possibly, because of the kernel bug, there exist +// a problem, if any other thread than main exist during pthread_exit call +// (process can become non-responsive) +// TODO further investigation is required. +template<typename Type> +class ThreadLocalVariable : + public Noncopyable +{ + public: + typedef Type ValueType; + + class Exception + { + public: + DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, NullReference) + DECLARE_EXCEPTION_TYPE(Base, KeyCreateFailed) + }; + + private: + pthread_key_t m_key; + + struct ManagedValue + { + ValueType value; + boost::optional<pthread_key_t> guardKey; + }; + + static void MainThreadExitClean() + { + // There is a possible bug in kernel. If this function is called + // before ALL threads are closed, process will hang! + // Because of that, by default this function has to be called in well + // known "threads state". + + // pthread_exit(NULL); + } + + static void InternalDestroy(void *specific) + { + // Destroy underlying type + ManagedValue *instance = static_cast<ManagedValue *>(specific); + if (!instance->guardKey) { + delete instance; + } else { + int result = pthread_setspecific(*(instance->guardKey), instance); + + Assert(result == 0 && + "Failed to set thread local variable"); + } + } + + Type &Reference(bool allowInstantiate = false) + { + ManagedValue *instance = + static_cast<ManagedValue *>(pthread_getspecific(m_key)); + + if (!instance) { + // Check if it is allowed to instantiate + if (!allowInstantiate) { + Throw(typename Exception::NullReference); + } + + // checking, if specific data is created for Main thread + // If yes, pthread_exit(NULL) is required + if (!g_TLSforMainCreated) { + if (Thread::IsMainThread()) { + g_TLSforMainCreated = true; + atexit(&MainThreadExitClean); + } + } + + // Need to instantiate underlying type + instance = new ManagedValue(); + + int result = pthread_setspecific(m_key, instance); + + Assert(result == 0 && + "Failed to set thread local variable"); + } + + return instance->value; + } + + public: + ThreadLocalVariable() + { + int result = pthread_key_create(&m_key, &InternalDestroy); + if (result != 0) { + ThrowMsg(typename Exception::KeyCreateFailed, + "Failed to allocate thread local variable: " << result); + } + } + + ~ThreadLocalVariable() + { + pthread_key_delete(m_key); + } + + Type &operator=(const Type &other) + { + Type &reference = Reference(true); + reference = other; + return reference; + } + + bool IsNull() const + { + return pthread_getspecific(m_key) == NULL; + } + + Type& operator*() + { + return Reference(); + } + + const Type& operator*() const + { + return Reference(); + } + + const Type* operator->() const + { + return &Reference(); + } + + Type* operator->() + { + return &Reference(); + } + + bool operator!() const + { + return IsNull(); + } + + void Reset() + { + ManagedValue *specific = + static_cast<ManagedValue *>(pthread_getspecific(m_key)); + + if (!specific) { + return; + } + + // TODO Should be an assert? is it developers fault to Reset Guarded + // value? + specific->guardKey = boost::optional<pthread_key_t>(); + + InternalDestroy(specific); + + int result = pthread_setspecific(m_key, NULL); + + Assert(result == 0 && + "Failed to reset thread local variable"); + } + + // GuardValue(true) allows to defer destroy (by pthread internal + // functionality) thread specific value until GuardValue(false) will be + // called. + void GuardValue(bool guard) + { + ManagedValue *instance = + static_cast<ManagedValue *>(pthread_getspecific(m_key)); + + Assert(instance && "Failed to get the value"); + + instance->guardKey = guard ? m_key : boost::optional<pthread_key_t>(); + } +}; +} // namespace VcoreDPL + +#endif // DPL_THREAD_H diff --git a/vcore/src/dpl/core/include/dpl/type_list.h b/vcore/src/dpl/core/include/dpl/type_list.h new file mode 100644 index 0000000..e28172d --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/type_list.h @@ -0,0 +1,159 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file type_list.h + * @author Bartosz Janiak (b.janiak@samsung.com) + * @version 1.0 + * @brief Generic type list template + */ +#ifndef DPL_TYPE_LIST_H +#define DPL_TYPE_LIST_H + +#include <cstddef> + +namespace VcoreDPL { +class TypeListGuard +{ + public: + template<size_t Index> + struct Element + { + struct ERROR_TypeListElementIndexIsOutOfBounds; + typedef ERROR_TypeListElementIndexIsOutOfBounds Type; + }; + + static const size_t Size = 0; +}; + +template<typename HeadType, typename TailType> +class TypeList +{ + private: + class DummyClass + {}; + + template<typename List, size_t Enum> + struct TypeCounter : public TypeCounter<typename List::Tail, Enum + 1> + {}; + + template<size_t Enum> + struct TypeCounter<TypeListGuard, Enum> + { + static const size_t Size = Enum; + }; + + public: + typedef TailType Tail; + typedef HeadType Head; + typedef TypeList<HeadType, TailType> ThisType; + + template<size_t Index, typename DummyType = DummyClass> + struct Element + { + typedef typename TailType::template Element<Index - 1>::Type Type; + }; + + template<typename DummyType> + struct Element<0, DummyType> + { + typedef HeadType Type; + }; + + template<typename Type, typename DummyType = DummyClass> + struct Contains + { + typedef typename TailType::template Contains<Type>::Yes Yes; + }; + + template<typename DummyType> + struct Contains<HeadType, DummyType> + { + typedef int Yes; + }; + + static const size_t Size = TypeCounter<ThisType, 0>::Size; +}; + +template<typename T1 = TypeListGuard, typename T2 = TypeListGuard, + typename T3 = TypeListGuard, typename T4 = TypeListGuard, + typename T5 = TypeListGuard, typename T6 = TypeListGuard, + typename T7 = TypeListGuard, typename T8 = TypeListGuard, + typename T9 = TypeListGuard, typename T10 = TypeListGuard, + typename T11 = TypeListGuard, typename T12 = TypeListGuard, + typename T13 = TypeListGuard, typename T14 = TypeListGuard, + typename T15 = TypeListGuard, typename T16 = TypeListGuard, + typename T17 = TypeListGuard, typename T18 = TypeListGuard, + typename T19 = TypeListGuard, typename T20 = TypeListGuard, + typename T21 = TypeListGuard, typename T22 = TypeListGuard, + typename T23 = TypeListGuard, typename T24 = TypeListGuard, + typename T25 = TypeListGuard, typename T26 = TypeListGuard, + typename T27 = TypeListGuard, typename T28 = TypeListGuard, + typename T29 = TypeListGuard, typename T30 = TypeListGuard, + typename T31 = TypeListGuard, typename T32 = TypeListGuard, + typename T33 = TypeListGuard, typename T34 = TypeListGuard, + typename T35 = TypeListGuard, typename T36 = TypeListGuard, + typename T37 = TypeListGuard, typename T38 = TypeListGuard, + typename T39 = TypeListGuard, typename T40 = TypeListGuard, + typename T41 = TypeListGuard, typename T42 = TypeListGuard, + typename T43 = TypeListGuard, typename T44 = TypeListGuard, + typename T45 = TypeListGuard, typename T46 = TypeListGuard, + typename T47 = TypeListGuard, typename T48 = TypeListGuard, + typename T49 = TypeListGuard, typename T50 = TypeListGuard, + typename T51 = TypeListGuard, typename T52 = TypeListGuard, + typename T53 = TypeListGuard, typename T54 = TypeListGuard, + typename T55 = TypeListGuard, typename T56 = TypeListGuard, + typename T57 = TypeListGuard, typename T58 = TypeListGuard, + typename T59 = TypeListGuard, typename T60 = TypeListGuard, + typename T61 = TypeListGuard, typename T62 = TypeListGuard, + typename T63 = TypeListGuard, typename T64 = TypeListGuard> +struct TypeListDecl +{ + typedef TypeList<T1, + typename TypeListDecl< + T2, T3, T4, T5, T6, T7, T8, + T9, T10, T11, T12, T13, T14, T15, + T16, T17, T18, T19, T20, T21, T22, + T23, T24, T25, T26, T27, T28, T29, + T30, T31, T32, T33, T34, T35, T36, + T37, T38, T39, T40, T41, T42, T43, + T44, T45, T46, T47, T48, T49, T50, + T51, T52, T53, T54, T55, T56, T57, + T58, T59, T60, T61, T62, T63, T64>::Type> Type; +}; + +template<> +struct TypeListDecl<TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard, + TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard, + TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard, + TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard, + TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard, + TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard, + TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard, + TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard, + TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard, + TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard, + TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard, + TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard, + TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard, + TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard, + TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard, + TypeListGuard, TypeListGuard, TypeListGuard, TypeListGuard> +{ + typedef TypeListGuard Type; +}; +} // namespace VcoreDPL + +#endif // DPL_TYPE_LIST_H diff --git a/vcore/src/dpl/core/include/dpl/waitable_event.h b/vcore/src/dpl/core/include/dpl/waitable_event.h new file mode 100644 index 0000000..b6305b0 --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/waitable_event.h @@ -0,0 +1,59 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file waitable_event.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of waitable event + */ +#ifndef DPL_WAITABLE_EVENT_H +#define DPL_WAITABLE_EVENT_H + +#include <dpl/waitable_handle.h> +#include <dpl/noncopyable.h> +#include <dpl/exception.h> +#include <vector> + +namespace VcoreDPL { +class WaitableEvent : + private Noncopyable +{ + public: + class Exception + { + public: + DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, CreateFailed) + DECLARE_EXCEPTION_TYPE(Base, DestroyFailed) + DECLARE_EXCEPTION_TYPE(Base, SignalFailed) + DECLARE_EXCEPTION_TYPE(Base, ResetFailed) + }; + + private: + int m_pipe[2]; + + public: + WaitableEvent(); + virtual ~WaitableEvent(); + + WaitableHandle GetHandle() const; + + void Signal() const; + void Reset() const; +}; +} // namespace VcoreDPL + +#endif // DPL_WAITABLE_EVENT_H diff --git a/vcore/src/dpl/core/include/dpl/waitable_handle.h b/vcore/src/dpl/core/include/dpl/waitable_handle.h new file mode 100644 index 0000000..5ffd76c --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/waitable_handle.h @@ -0,0 +1,115 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file waitable_handle.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the header file of waitable handle + */ +#ifndef DPL_WAITABLE_HANDLE_H +#define DPL_WAITABLE_HANDLE_H + +#include <dpl/noncopyable.h> +#include <dpl/exception.h> +#include <vector> + +namespace VcoreDPL { +/** + * Waitable unix wait handle definition + */ +typedef int WaitableHandle; + +/** + * Waitable handle list + */ +typedef std::vector<WaitableHandle> WaitableHandleList; + +/** + * Wait mode + */ +class WaitMode +{ + public: + enum Type + { + Read, ///< Wait for readability state changes + Write ///< Wait for writability state changes + }; +}; + +/** + * Waitable handle list ex + */ +typedef std::vector<std::pair<WaitableHandle, + WaitMode::Type> > WaitableHandleListEx; + +/** + * Waitable handle index list + */ +typedef std::vector<size_t> WaitableHandleIndexList; + +/** + * Wait exceptions + */ +DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, WaitFailed) + +/** + * Wait for single handle readability + * Convience function. + * + * @return Signaled waitable handle index list + * @throw WaitFailed Fatal error occurred while waiting for signal + */ +WaitableHandleIndexList WaitForSingleHandle( + WaitableHandle handle, + unsigned long miliseconds = + 0xFFFFFFFF); + +/** + * Wait for single handle + * Convience function. + * + * @return Signaled waitable handle index list + * @throw WaitFailed Fatal error occurred while waiting for signal + */ +WaitableHandleIndexList WaitForSingleHandle( + WaitableHandle handle, + WaitMode::Type mode, + unsigned long miliseconds = + 0xFFFFFFFF); + +/** + * Wait for multiple handles readability + * + * @return Signaled waitable handle index list + * @throw WaitFailed Fatal error occurred while waiting for signal + */ +WaitableHandleIndexList WaitForMultipleHandles( + const WaitableHandleList &handleList, + unsigned long miliseconds = 0xFFFFFFFF); + +/** + * Wait for multiple handles readability + * + * @return Signaled waitable handle index list + * @throw WaitFailed Fatal error occurred while waiting for signal + */ +WaitableHandleIndexList WaitForMultipleHandles( + const WaitableHandleListEx &handleListEx, + unsigned long miliseconds = 0xFFFFFFFF); +} // namespace VcoreDPL + +#endif // DPL_WAITABLE_HANDLE_H diff --git a/vcore/src/dpl/core/include/dpl/waitable_handle_watch_support.h b/vcore/src/dpl/core/include/dpl/waitable_handle_watch_support.h new file mode 100644 index 0000000..4f3f142 --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/waitable_handle_watch_support.h @@ -0,0 +1,149 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file waitable_handle_watch_support.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of waitable handle watch + * support + */ +#ifndef DPL_WAITABLE_HANDLE_WATCH_SUPPORT_H +#define DPL_WAITABLE_HANDLE_WATCH_SUPPORT_H + +#include <dpl/waitable_event.h> +#include <dpl/waitable_handle.h> +#include <dpl/exception.h> +#include <list> +#include <map> +#include <mutex> + +namespace VcoreDPL { +class Thread; + +class WaitableHandleWatchSupport +{ + public: + class WaitableHandleListener + { + public: + virtual ~WaitableHandleListener() {} + + virtual void OnWaitableHandleEvent(WaitableHandle waitableHandle, + WaitMode::Type mode) = 0; + }; + + protected: + // Invoker waitable handle + // Signaled by Add/Remove methods + // After being signaled one must call Handle invoke to reset invoker + WaitableHandle WaitableInvokerHandle() const; + + // Waitable handle ex list + WaitableHandleListEx WaitableWatcherHandles() const; + + // Perform actions for signaled waitable handle + // Called in execution context, after + void HandleWatcher(WaitableHandle waitableHandle, WaitMode::Type mode); + + // Perform actions after invoker was signaled + void InvokerFinished(); + + // Get invoker context + virtual Thread *GetInvokerThread() = 0; + + // Invoke direct invoker + virtual void HandleDirectInvoker() = 0; + + private: + // Waitable event watchers + struct WaitableHandleWatcher + { + WaitableHandleListener *listener; + WaitMode::Type mode; + + WaitableHandleWatcher(WaitableHandleListener *l, WaitMode::Type m) : + listener(l), + mode(m) + {} + }; + + typedef std::list<WaitableHandleWatcher> WaitableHandleListenerList; + + struct WaitableHandleWatchers + { + WaitableHandleListenerList listeners; + size_t readListenersCount; + size_t writeListenersCount; + + WaitableHandleWatchers() : + readListenersCount(0), + writeListenersCount(0) + {} + }; + + typedef std::map<WaitableHandle, + WaitableHandleWatchers> WaitableHandleWatchersMap; + + // Waitable event watch support + mutable std::recursive_mutex m_watchersMutex; + WaitableHandleWatchersMap m_watchersMap; + WaitableEvent m_watchersInvoker; + WaitableEvent m_watchersInvokerCommit; + + // Invoke call + void CommitInvoker(); + + public: + /** + * Constructor + */ + explicit WaitableHandleWatchSupport(); + + /** + * Destructor + */ + virtual ~WaitableHandleWatchSupport(); + + /** + * Adds listener for specific waitable event + * + * @param[in] listener Listener to attach + * @param[in] waitableHandle Waitable handle to listen for changes + * @param[in] mode Type of changes to listen to + * @return none + * @see WaitMode::Type + */ + void AddWaitableHandleWatch(WaitableHandleListener *listener, + WaitableHandle waitableHandle, + WaitMode::Type mode); + + /** + * Remove listener for specific waitable event + * + * @param[in] listener Listener to detach + * @param[in] waitableHandle Waitable handle to unlisten for changes + * @param[in] mode Type of changes to unlisten to + * @return none + * @see WaitMode::Type + */ + void RemoveWaitableHandleWatch(WaitableHandleListener *listener, + WaitableHandle waitableHandle, + WaitMode::Type mode); + +}; +} // namespace VcoreDPL + +#endif // DPL_WAITABLE_HANDLE_WATCH_SUPPORT_H diff --git a/vcore/src/dpl/core/include/dpl/workaround.h b/vcore/src/dpl/core/include/dpl/workaround.h new file mode 100644 index 0000000..19c26ef --- /dev/null +++ b/vcore/src/dpl/core/include/dpl/workaround.h @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file workaround.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the header file of workaround + */ +#ifndef DPL_WORKAROUND_H +#define DPL_WORKAROUND_H + +/** + * Define following macro to track invalid waitable handles + * in WaitForSingle/WaitForMultiple functions + */ +#define DPL_ENABLE_WAITABLE_HANDLE_BADF_CHECK + +/** + * Define following macro to enable workaround for problem + * with GLIB loop integration and EBADF error handling + */ +#define DPL_ENABLE_GLIB_LOOP_INTEGRATION_WORKAROUND + +/** + * Define following macro to enable workaround for problem + * with invalid conversions in htons/ntohs macros + */ +#define DPL_ENABLE_HTONS_NTOHS_I386_WORKAROUND + +#endif // DPL_WORKAROUND_H diff --git a/vcore/src/dpl/core/src/assert.cpp b/vcore/src/dpl/core/src/assert.cpp new file mode 100644 index 0000000..2e55877 --- /dev/null +++ b/vcore/src/dpl/core/src/assert.cpp @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file assert.cpp + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of assert + */ +#include <cstdlib> +#include <sstream> +#include <stddef.h> +#include <dpl/assert.h> +#include <dpl/colors.h> +#include <dpl/exception.h> +#include <dpl/log/vcore_log.h> + +namespace VcoreDPL { +void AssertProc(const char *condition, + const char *file, + int line, + const char *function) +{ + +#define INTERNAL_LOG(message) \ +do { \ + std::ostringstream platformLog; \ + platformLog << message; \ + VcoreLogD("%s", platformLog.str().c_str()); \ +} while (0) + + // Try to log failed assertion to log system + Try { + INTERNAL_LOG("########################################################################"); + INTERNAL_LOG("### DPL assertion failed! ###"); + INTERNAL_LOG("########################################################################"); + INTERNAL_LOG("### Condition: " << condition); + INTERNAL_LOG("### File: " << file); + INTERNAL_LOG("### Line: " << line); + INTERNAL_LOG("### Function: " << function); + INTERNAL_LOG("########################################################################"); + } catch (Exception) { + // Just ignore possible double errors + } + + // Fail with c-library abort + abort(); +} +} // namespace VcoreDPL diff --git a/vcore/src/dpl/core/src/binary_queue.cpp b/vcore/src/dpl/core/src/binary_queue.cpp new file mode 100644 index 0000000..0b39a22 --- /dev/null +++ b/vcore/src/dpl/core/src/binary_queue.cpp @@ -0,0 +1,312 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file binary_queue.cpp + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of binary queue + */ +#include <stddef.h> +#include <dpl/binary_queue.h> +#include <dpl/assert.h> +#include <dpl/scoped_free.h> +#include <algorithm> +#include <malloc.h> +#include <cstring> +#include <new> + +namespace VcoreDPL { +BinaryQueue::BinaryQueue() : + m_size(0) +{} + +BinaryQueue::BinaryQueue(const BinaryQueue &other) : + m_size(0) +{ + AppendCopyFrom(other); +} + +BinaryQueue::~BinaryQueue() +{ + // Remove all remainig buckets + Clear(); +} + +BinaryQueue &BinaryQueue::operator=(const BinaryQueue &other) +{ + if (this != &other) { + Clear(); + AppendCopyFrom(other); + } + + return *this; +} + +void BinaryQueue::AppendCopyFrom(const BinaryQueue &other) +{ + // To speed things up, always copy as one bucket + void *bufferCopy = malloc(other.m_size); + + if (bufferCopy == NULL) { + throw std::bad_alloc(); + } + + try { + other.Flatten(bufferCopy, other.m_size); + AppendUnmanaged(bufferCopy, other.m_size, &BufferDeleterFree, NULL); + } catch (const std::bad_alloc &) { + // Free allocated memory + free(bufferCopy); + throw; + } +} + +void BinaryQueue::AppendMoveFrom(BinaryQueue &other) +{ + // Copy all buckets + std::copy(other.m_buckets.begin(), + other.m_buckets.end(), std::back_inserter(m_buckets)); + m_size += other.m_size; + + // Clear other, but do not free memory + other.m_buckets.clear(); + other.m_size = 0; +} + +void BinaryQueue::AppendCopyTo(BinaryQueue &other) const +{ + other.AppendCopyFrom(*this); +} + +void BinaryQueue::AppendMoveTo(BinaryQueue &other) +{ + other.AppendMoveFrom(*this); +} + +void BinaryQueue::Clear() +{ + std::for_each(m_buckets.begin(), m_buckets.end(), &DeleteBucket); + m_buckets.clear(); + m_size = 0; +} + +void BinaryQueue::AppendCopy(const void* buffer, size_t bufferSize) +{ + // Create data copy with malloc/free + void *bufferCopy = malloc(bufferSize); + + // Check if allocation succeded + if (bufferCopy == NULL) { + throw std::bad_alloc(); + } + + // Copy user data + memcpy(bufferCopy, buffer, bufferSize); + + try { + // Try to append new bucket + AppendUnmanaged(bufferCopy, bufferSize, &BufferDeleterFree, NULL); + } catch (const std::bad_alloc &) { + // Free allocated memory + free(bufferCopy); + throw; + } +} + +void BinaryQueue::AppendUnmanaged(const void* buffer, + size_t bufferSize, + BufferDeleter deleter, + void* userParam) +{ + // Do not attach empty buckets + if (bufferSize == 0) { + deleter(buffer, bufferSize, userParam); + return; + } + + // Just add new bucket with selected deleter + m_buckets.push_back(new Bucket(buffer, bufferSize, deleter, userParam)); + + // Increase total queue size + m_size += bufferSize; +} + +size_t BinaryQueue::Size() const +{ + return m_size; +} + +bool BinaryQueue::Empty() const +{ + return m_size == 0; +} + +void BinaryQueue::Consume(size_t size) +{ + // Check parameters + if (size > m_size) { + Throw(Exception::OutOfData); + } + + size_t bytesLeft = size; + + // Consume data and/or remove buckets + while (bytesLeft > 0) { + // Get consume size + size_t count = std::min(bytesLeft, m_buckets.front()->left); + + m_buckets.front()->ptr = + static_cast<const char *>(m_buckets.front()->ptr) + count; + m_buckets.front()->left -= count; + bytesLeft -= count; + m_size -= count; + + if (m_buckets.front()->left == 0) { + DeleteBucket(m_buckets.front()); + m_buckets.pop_front(); + } + } +} + +void BinaryQueue::Flatten(void *buffer, size_t bufferSize) const +{ + // Check parameters + if (bufferSize == 0) { + return; + } + + if (bufferSize > m_size) { + Throw(Exception::OutOfData); + } + + size_t bytesLeft = bufferSize; + void *ptr = buffer; + BucketList::const_iterator bucketIterator = m_buckets.begin(); + Assert(m_buckets.end() != bucketIterator); + + // Flatten data + while (bytesLeft > 0) { + // Get consume size + size_t count = std::min(bytesLeft, (*bucketIterator)->left); + + // Copy data to user pointer + memcpy(ptr, (*bucketIterator)->ptr, count); + + // Update flattened bytes count + bytesLeft -= count; + ptr = static_cast<char *>(ptr) + count; + + // Take next bucket + ++bucketIterator; + } +} + +void BinaryQueue::FlattenConsume(void *buffer, size_t bufferSize) +{ + // FIXME: Optimize + Flatten(buffer, bufferSize); + Consume(bufferSize); +} + +void BinaryQueue::DeleteBucket(BinaryQueue::Bucket *bucket) +{ + delete bucket; +} + +void BinaryQueue::BufferDeleterFree(const void* data, + size_t dataSize, + void* userParam) +{ + (void)dataSize; + (void)userParam; + + // Default free deleter + free(const_cast<void *>(data)); +} + +BinaryQueue::Bucket::Bucket(const void* data, + size_t dataSize, + BufferDeleter dataDeleter, + void* userParam) : + buffer(data), + ptr(data), + size(dataSize), + left(dataSize), + deleter(dataDeleter), + param(userParam) +{ + Assert(data != NULL); + Assert(deleter != NULL); +} + +BinaryQueue::Bucket::~Bucket() +{ + // Invoke deleter on bucket data + deleter(buffer, size, param); +} + +BinaryQueue::BucketVisitor::~BucketVisitor() +{} + +BinaryQueue::BucketVisitorCall::BucketVisitorCall(BucketVisitor *visitor) : + m_visitor(visitor) +{} + +BinaryQueue::BucketVisitorCall::~BucketVisitorCall() +{} + +void BinaryQueue::BucketVisitorCall::operator()(Bucket *bucket) const +{ + m_visitor->OnVisitBucket(bucket->ptr, bucket->left); +} + +void BinaryQueue::VisitBuckets(BucketVisitor *visitor) const +{ + Assert(visitor != NULL); + + // Visit all buckets + std::for_each(m_buckets.begin(), m_buckets.end(), BucketVisitorCall(visitor)); +} + +BinaryQueueAutoPtr BinaryQueue::Read(size_t size) +{ + // Simulate input stream + size_t available = std::min(size, m_size); + + ScopedFree<void> bufferCopy(malloc(available)); + + if (!bufferCopy) { + throw std::bad_alloc(); + } + + BinaryQueueAutoPtr result(new BinaryQueue()); + + Flatten(bufferCopy.Get(), available); + result->AppendUnmanaged( + bufferCopy.Get(), available, &BufferDeleterFree, NULL); + bufferCopy.Release(); + Consume(available); + + return result; +} + +size_t BinaryQueue::Write(const BinaryQueue &buffer, size_t bufferSize) +{ + // Simulate output stream + AppendCopyFrom(buffer); + return bufferSize; +} +} // namespace VcoreDPL diff --git a/vcore/src/dpl/core/src/char_traits.cpp b/vcore/src/dpl/core/src/char_traits.cpp new file mode 100644 index 0000000..32b9197 --- /dev/null +++ b/vcore/src/dpl/core/src/char_traits.cpp @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file char_traits.cpp + * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com) + * @version 1.0 + * @biref Char traits are used to create basic_string extended with + * additional features + * Current char traits could be extended in feature to boost + * performance + */ +#include <stddef.h> +#include <dpl/char_traits.h> + +// +// Note: +// +// The file here is left blank to enable precompilation +// of templates in corresponding header file. +// Do not remove this file. +// diff --git a/vcore/src/dpl/core/src/colors.cpp b/vcore/src/dpl/core/src/colors.cpp new file mode 100644 index 0000000..e918453 --- /dev/null +++ b/vcore/src/dpl/core/src/colors.cpp @@ -0,0 +1,70 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file colors.cpp + * @author Lukasz Wrzosek (l.wrzosek@samsung.com) + * @version 1.0 + * @brief Some constants with definition of colors for Console + * and html output + */ +#include <stddef.h> +#include <dpl/colors.h> + +namespace VcoreDPL { +namespace Colors { +namespace Text { +const char* BOLD_GREEN_BEGIN = "\033[1;32m"; +const char* BOLD_GREEN_END = "\033[m"; +const char* RED_BEGIN = "\033[0;31m"; +const char* RED_END = "\033[m"; +const char* PURPLE_BEGIN = "\033[0;35m"; +const char* PURPLE_END = "\033[m"; +const char* GREEN_BEGIN = "\033[0;32m"; +const char* GREEN_END = "\033[m"; +const char* CYAN_BEGIN = "\033[0;36m"; +const char* CYAN_END = "\033[m"; +const char* BOLD_RED_BEGIN = "\033[1;31m"; +const char* BOLD_RED_END = "\033[m"; +const char* BOLD_YELLOW_BEGIN = "\033[1;33m"; +const char* BOLD_YELLOW_END = "\033[m"; +const char* BOLD_GOLD_BEGIN = "\033[0;33m"; +const char* BOLD_GOLD_END = "\033[m"; +const char* BOLD_WHITE_BEGIN = "\033[1;37m"; +const char* BOLD_WHITE_END = "\033[m"; +} //namespace Text + +namespace Html { +const char* BOLD_GREEN_BEGIN = "<font color=\"green\"><b>"; +const char* BOLD_GREEN_END = "</b></font>"; +const char* PURPLE_BEGIN = "<font color=\"purple\"><b>"; +const char* PURPLE_END = "</b></font>"; +const char* RED_BEGIN = "<font color=\"red\"><b>"; +const char* RED_END = "</b></font>"; +const char* GREEN_BEGIN = "<font color=\"green\">"; +const char* GREEN_END = "</font>"; +const char* CYAN_BEGIN = "<font color=\"cyan\">"; +const char* CYAN_END = "</font>"; +const char* BOLD_RED_BEGIN = "<font color=\"red\"><b>"; +const char* BOLD_RED_END = "</b></font>"; +const char* BOLD_YELLOW_BEGIN = "<font color=\"yellow\"><b>"; +const char* BOLD_YELLOW_END = "</b></font>"; +const char* BOLD_GOLD_BEGIN = "<font color=\"gold\"><b>"; +const char* BOLD_GOLD_END = "</b></font>"; +const char* BOLD_WHITE_BEGIN = "<font color=\"white\"><b>"; +const char* BOLD_WHITE_END = "</b></font>"; +} //namespace Html +} //namespace Colors +} //namespace VcoreDPL diff --git a/vcore/src/dpl/core/src/errno_string.cpp b/vcore/src/dpl/core/src/errno_string.cpp new file mode 100644 index 0000000..c4efc4d --- /dev/null +++ b/vcore/src/dpl/core/src/errno_string.cpp @@ -0,0 +1,98 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file errno_string.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of errno string + */ +#include <stddef.h> +#include <dpl/errno_string.h> +#include <dpl/assert.h> +#include <dpl/exception.h> +#include <dpl/assert.h> +#include <dpl/scoped_free.h> +#include <string> +#include <cstddef> +#include <cstring> +#include <malloc.h> +#include <cerrno> +#include <stdexcept> + +namespace VcoreDPL { +namespace // anonymous +{ +const size_t DEFAULT_ERRNO_STRING_SIZE = 32; +} // namespace anonymous + +std::string GetErrnoString(int error) +{ + size_t size = DEFAULT_ERRNO_STRING_SIZE; + char *buffer = NULL; + + for (;;) { + // Add one extra characted for end of string null value + char *newBuffer = static_cast<char *>(::realloc(buffer, size + 1)); + + if (!newBuffer) { + // Failed to realloc + ::free(buffer); + throw std::bad_alloc(); + } + + // Setup reallocated buffer + buffer = newBuffer; + ::memset(buffer, 0, size + 1); + + // Try to retrieve error string +#if (_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600) && !_GNU_SOURCE + // The XSI-compliant version of strerror_r() is provided if: + int result = ::strerror_r(error, buffer, size); + + if (result == 0) { + ScopedFree<char> scopedBufferFree(buffer); + return std::string(buffer); + } +#else + errno = 0; + + // Otherwise, the GNU-specific version is provided. + char *result = ::strerror_r(error, buffer, size); + + if (result != NULL) { + ScopedFree<char> scopedBufferFree(buffer); + return std::string(result); + } +#endif + + // Interpret errors + switch (errno) { + case EINVAL: + // We got an invalid errno value + ::free(buffer); + ThrowMsg(InvalidErrnoValue, "Invalid errno value: " << error); + + case ERANGE: + // Incease buffer size and retry + size <<= 1; + continue; + + default: + AssertMsg(0, "Invalid errno value after call to strerror_r!"); + } + } +} +} // namespace VcoreDPL diff --git a/vcore/src/dpl/core/src/exception.cpp b/vcore/src/dpl/core/src/exception.cpp new file mode 100644 index 0000000..16a3c25 --- /dev/null +++ b/vcore/src/dpl/core/src/exception.cpp @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file exception.cpp + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation of exception system + */ +#include <stddef.h> +#include <dpl/exception.h> +#include <dpl/log/vcore_log.h> +#include <cstdio> + +namespace VcoreDPL { +Exception* Exception::m_lastException = NULL; +unsigned int Exception::m_exceptionCount = 0; +void (*Exception::m_terminateHandler)() = NULL; + +void LogUnhandledException(const std::string &str) +{ + // Logging to dlog + VcoreLogD("%s", str.c_str()); +} + +void LogUnhandledException(const std::string &str, + const char *filename, + int line, + const char *function) +{ + // Logging to dlog + VcoreLogE("Exception occured on file[%s] line[%d] function[%s] msg[%s]", + filename, line, function, str.c_str()); +} +} // namespace VcoreDPL diff --git a/vcore/src/dpl/core/src/file_input.cpp b/vcore/src/dpl/core/src/file_input.cpp new file mode 100644 index 0000000..18bef68 --- /dev/null +++ b/vcore/src/dpl/core/src/file_input.cpp @@ -0,0 +1,142 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file file_input.cpp + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of named input pipe + */ +#include <stddef.h> +#include <dpl/file_input.h> +#include <dpl/binary_queue.h> +#include <dpl/log/log.h> +#include <unistd.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <errno.h> + +namespace VcoreDPL { +namespace // anonymous +{ +const size_t DEFAULT_READ_BUFFER_SIZE = 4096; +} // namespace anonymous + +FileInput::FileInput() : + m_fd(-1) +{} + +FileInput::FileInput(const std::string& fileName) : + m_fd(-1) +{ + Open(fileName); +} + +FileInput::~FileInput() +{ + Close(); +} + +void FileInput::Open(const std::string& fileName) +{ + // Open non-blocking + int fd = TEMP_FAILURE_RETRY(open(fileName.c_str(), O_RDONLY | O_NONBLOCK)); + + // Throw an exception if an error occurred + if (fd == -1) { + ThrowMsg(Exception::OpenFailed, fileName); + } + + // Close if any existing + Close(); + + // Save new descriptor + m_fd = fd; + + LogPedantic("Opened file: " << fileName); +} + +void FileInput::Close() +{ + if (m_fd == -1) { + return; + } + + if (TEMP_FAILURE_RETRY(close(m_fd)) == -1) { + Throw(Exception::CloseFailed); + } + + m_fd = -1; + + LogPedantic("Closed file"); +} + +BinaryQueueAutoPtr FileInput::Read(size_t size) +{ + size_t bytesToRead = size > + DEFAULT_READ_BUFFER_SIZE ? DEFAULT_READ_BUFFER_SIZE : size; + + // Malloc default read buffer size + // It is unmanaged, so it can be then attached directly to binary queue + void *buffer = malloc(bytesToRead); + + if (buffer == NULL) { + throw std::bad_alloc(); + } + + LogPedantic("Trying to read " << bytesToRead << " bytes"); + + ssize_t result = TEMP_FAILURE_RETRY(read(m_fd, buffer, bytesToRead)); + + LogPedantic("Read " << result << " bytes from file"); + + if (result > 0) { + // Succedded to read socket data + BinaryQueueAutoPtr binaryQueue(new BinaryQueue()); + + // Append unmanaged memory + binaryQueue->AppendUnmanaged(buffer, + result, + &BinaryQueue::BufferDeleterFree, + NULL); + + // Return buffer + return binaryQueue; + } else if (result == 0) { + // Socket was gracefuly closed + free(buffer); + + // Return empty buffer + return BinaryQueueAutoPtr(new BinaryQueue()); + } else { + // Must first save errno value, because it may be altered + int lastErrno = errno; + + // Free buffer + free(buffer); + + // Interpret error result + (void)lastErrno; + + // FIXME: Handle specific errno + Throw(AbstractInput::Exception::ReadFailed); + } +} + +WaitableHandle FileInput::WaitableReadHandle() const +{ + return static_cast<WaitableHandle>(m_fd); +} +} // namespace VcoreDPL diff --git a/vcore/src/dpl/core/src/noncopyable.cpp b/vcore/src/dpl/core/src/noncopyable.cpp new file mode 100644 index 0000000..74fc9af --- /dev/null +++ b/vcore/src/dpl/core/src/noncopyable.cpp @@ -0,0 +1,31 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file noncopyable.cpp + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of noncopyable + */ +#include <stddef.h> +#include <dpl/noncopyable.h> + +namespace VcoreDPL { +Noncopyable::Noncopyable() +{} + +Noncopyable::~Noncopyable() +{} +} // namespace VcoreDPL diff --git a/vcore/src/dpl/core/src/singleton.cpp b/vcore/src/dpl/core/src/singleton.cpp new file mode 100644 index 0000000..a76e8ac --- /dev/null +++ b/vcore/src/dpl/core/src/singleton.cpp @@ -0,0 +1,31 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file generic_event.cpp + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of singleton + */ +#include <stddef.h> +#include <dpl/singleton.h> + +// +// Note: +// +// The file here is left blank to enable precompilation +// of templates in corresponding header file. +// Do not remove this file. +// diff --git a/vcore/src/dpl/core/src/string.cpp b/vcore/src/dpl/core/src/string.cpp new file mode 100644 index 0000000..fb2f79c --- /dev/null +++ b/vcore/src/dpl/core/src/string.cpp @@ -0,0 +1,250 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file string.cpp + * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com) + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + */ +#include <stddef.h> +#include <memory> +#include <dpl/string.h> +#include <dpl/char_traits.h> +#include <dpl/errno_string.h> +#include <dpl/exception.h> +#include <dpl/log/vcore_log.h> +#include <string> +#include <vector> +#include <algorithm> +#include <cstring> +#include <errno.h> +#include <iconv.h> +#include <unicode/ustring.h> + +// TODO: Completely move to ICU +namespace VcoreDPL { +namespace //anonymous +{ +class ASCIIValidator +{ + const std::string& m_TestedString; + + public: + ASCIIValidator(const std::string& aTestedString); + + void operator()(char aCharacter) const; +}; + +ASCIIValidator::ASCIIValidator(const std::string& aTestedString) : + m_TestedString(aTestedString) +{} + +void ASCIIValidator::operator()(char aCharacter) const +{ + // Check for ASCII data range + if (aCharacter <= 0) { + ThrowMsg( + StringException::InvalidASCIICharacter, + "invalid character code " << static_cast<int>(aCharacter) + << " from string [" << + m_TestedString + << "] passed as ASCII"); + } +} + +const iconv_t gc_IconvOperError = reinterpret_cast<iconv_t>(-1); +const size_t gc_IconvConvertError = static_cast<size_t>(-1); +} // namespace anonymous + +String FromUTF8String(const std::string& aIn) +{ + if (aIn.empty()) { + return String(); + } + + size_t inbytes = aIn.size(); + + // Default iconv UTF-32 module adds BOM (4 bytes) in from of string + // The worst case is when 8bit UTF-8 char converts to 32bit UTF-32 + // newsize = oldsize * 4 + end + bom + // newsize - bytes for UTF-32 string + // oldsize - letters in UTF-8 string + // end - end character for UTF-32 (\0) + // bom - Unicode header in front of string (0xfeff) + size_t outbytes = sizeof(wchar_t) * (inbytes + 2); + std::vector<wchar_t> output(inbytes + 2, 0); + + size_t outbytesleft = outbytes; + char* inbuf = const_cast<char*>(aIn.c_str()); + + // vector is used to provide buffer for iconv which expects char* buffer + // but during conversion from UTF32 uses internaly wchar_t + char* outbuf = reinterpret_cast<char*>(&output[0]); + + iconv_t iconvHandle = iconv_open("UTF-32", "UTF-8"); + + if (gc_IconvOperError == iconvHandle) { + int error = errno; + + ThrowMsg(StringException::IconvInitErrorUTF8ToUTF32, + "iconv_open failed for " << "UTF-32 <- UTF-8" << + "error: " << GetErrnoString(error)); + } + + size_t iconvRet = iconv(iconvHandle, + &inbuf, + &inbytes, + &outbuf, + &outbytesleft); + + iconv_close(iconvHandle); + + if (gc_IconvConvertError == iconvRet) { + ThrowMsg(StringException::IconvConvertErrorUTF8ToUTF32, + "iconv failed for " << "UTF-32 <- UTF-8" << "error: " + << GetErrnoString()); + } + + // Ignore BOM in front of UTF-32 + return &output[1]; +} + +std::string ToUTF8String(const VcoreDPL::String& aIn) +{ + if (aIn.empty()) { + return std::string(); + } + + size_t inbytes = aIn.size() * sizeof(wchar_t); + size_t outbytes = inbytes + sizeof(char); + + // wstring returns wchar_t but iconv expects char* + // iconv internally is processing input as wchar_t + char* inbuf = reinterpret_cast<char*>(const_cast<wchar_t*>(aIn.c_str())); + std::vector<char> output(inbytes, 0); + char* outbuf = &output[0]; + + size_t outbytesleft = outbytes; + + iconv_t iconvHandle = iconv_open("UTF-8", "UTF-32"); + + if (gc_IconvOperError == iconvHandle) { + ThrowMsg(StringException::IconvInitErrorUTF32ToUTF8, + "iconv_open failed for " << "UTF-8 <- UTF-32" + << "error: " << GetErrnoString()); + } + + size_t iconvRet = iconv(iconvHandle, + &inbuf, + &inbytes, + &outbuf, + &outbytesleft); + + iconv_close(iconvHandle); + + if (gc_IconvConvertError == iconvRet) { + ThrowMsg(StringException::IconvConvertErrorUTF32ToUTF8, + "iconv failed for " << "UTF-8 <- UTF-32" + << "error: " << GetErrnoString()); + } + + return &output[0]; +} + +String FromASCIIString(const std::string& aString) +{ + String output; + + std::for_each(aString.begin(), aString.end(), ASCIIValidator(aString)); + std::copy(aString.begin(), aString.end(), std::back_inserter<String>(output)); + + return output; +} + +String FromUTF32String(const std::wstring& aString) +{ + return String(&aString[0]); +} + +static UChar *ConvertToICU(const String &inputString) +{ + std::unique_ptr<UChar[]> outputString; + int32_t size = 0; + int32_t convertedSize = 0; + UErrorCode error = U_ZERO_ERROR; + + // Calculate size of output string + ::u_strFromWCS(NULL, + 0, + &size, + inputString.c_str(), + -1, + &error); + + if (error == U_ZERO_ERROR || + error == U_BUFFER_OVERFLOW_ERROR) + { + // What buffer size is ok ? + VcoreLogD("ICU: Output buffer size: %i", size); + } else { + ThrowMsg(StringException::ICUInvalidCharacterFound, + "ICU: Failed to retrieve output string size. Error: " + << error); + } + + // Allocate proper buffer + outputString.reset(new UChar[size + 1]); + ::memset(outputString.get(), 0, sizeof(UChar) * (size + 1)); + + error = U_ZERO_ERROR; + + // Do conversion + ::u_strFromWCS(outputString.get(), + size + 1, + &convertedSize, + inputString.c_str(), + -1, + &error); + + if (!U_SUCCESS(error)) { + ThrowMsg(StringException::ICUInvalidCharacterFound, + "ICU: Failed to convert string. Error: " << error); + } + + // Done + return outputString.release(); +} + +int StringCompare(const String &left, + const String &right, + bool caseInsensitive) +{ + // Convert input strings + std::unique_ptr<UChar[]> leftICU(ConvertToICU(left)); + std::unique_ptr<UChar[]> rightICU(ConvertToICU(right)); + + if (caseInsensitive) { + return static_cast<int>(u_strcasecmp(leftICU.get(), rightICU.get(), 0)); + } else { + return static_cast<int>(u_strcmp(leftICU.get(), rightICU.get())); + } +} +} //namespace VcoreDPL + +std::ostream& operator<<(std::ostream& aStream, const VcoreDPL::String& aString) +{ + return aStream << VcoreDPL::ToUTF8String(aString); +} diff --git a/vcore/src/dpl/core/src/thread.cpp b/vcore/src/dpl/core/src/thread.cpp new file mode 100644 index 0000000..98fdd48 --- /dev/null +++ b/vcore/src/dpl/core/src/thread.cpp @@ -0,0 +1,609 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file thread.cpp + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of thread + */ +#include <stddef.h> +#include <dpl/thread.h> +#include <dpl/log/vcore_log.h> +#include <sys/time.h> +#include <algorithm> +#include <dpl/assert.h> +#include <errno.h> +#include <time.h> +#include <string.h> + +namespace // anonymous +{ +static const size_t NANOSECONDS_PER_SECOND = + static_cast<uint64_t>(1000 * 1000 * 1000); + +static const size_t NANOSECONDS_PER_MILISECOND = + static_cast<uint64_t>(1000 * 1000); + +static const size_t NANOSECONDS_PER_MICROSECOND = + static_cast<uint64_t>(1000); + +static const std::thread::id g_mainThread = std::this_thread::get_id(); + +class ThreadSpecific +{ + public: + pthread_key_t threadSpecific; + + ThreadSpecific() : + threadSpecific(0) + { + threadSpecific = 0; + pthread_key_create(&threadSpecific, NULL); + } + + virtual ~ThreadSpecific() + { + pthread_key_delete(threadSpecific); + } +}; + +static ThreadSpecific g_threadSpecific; +} // namespace anonymous + +namespace VcoreDPL { +bool g_TLSforMainCreated = false; + +Thread::Thread() : + m_thread(), + m_abandon(false), + m_running(false), + m_directInvoke(false) +{} + +Thread::~Thread() +{ + // Ensure that we quit thread + // Always wait thread by yourself; if thread is still running + // this may be sometimes very bad. When derived, some resources + // may leak or be doubly freed + Quit(); + + // Remove any remainig events + // Thread proc is surely not running now + for (InternalEventList::iterator iterator = m_eventList.begin(); + iterator != m_eventList.end(); + ++iterator) + { + iterator->eventDeleteProc(iterator->event, iterator->userParam); + } + + m_eventList.clear(); +} + +bool Thread::IsMainThread() +{ + return (std::this_thread::get_id() == g_mainThread); +} + +Thread *Thread::GetCurrentThread() +{ + if (std::this_thread::get_id() == g_mainThread) { + return NULL; + } + + void *threadSpecific = pthread_getspecific(g_threadSpecific.threadSpecific); + + // Is this a managed thread ? + if (threadSpecific == NULL) { + Throw(Exception::UnmanagedThread); + } + + return static_cast<Thread *>(threadSpecific); +} + +void *Thread::StaticThreadEntry(void *param) +{ + VcoreLogD("Entered static thread entry"); + + // Retrieve context + Thread *This = static_cast<Thread *>(param); + Assert(This != NULL); + + // Set thread specific + int result = pthread_setspecific(g_threadSpecific.threadSpecific, This); + + if (result) + VcoreLogE("Failed to set threadSpecific."); + + // Enter thread proc + // Do not allow exceptions to hit pthread core + UNHANDLED_EXCEPTION_HANDLER_BEGIN + { + This->ThreadEntry(); + } + UNHANDLED_EXCEPTION_HANDLER_END + + // Critical section + { + // Leave running state + std::lock_guard<std::mutex> lock(This->m_stateMutex); + + This->m_running = false; + + // Abandon thread + if (This->m_abandon) { + VcoreLogD("Thread was abandoned"); + This->m_thread.detach(); + } else { + VcoreLogD("Thread is joinable"); + } + } + + return NULL; +} + +int Thread::ThreadEntry() +{ + VcoreLogD("Entered default thread entry"); + return Exec(); +} + +void Thread::ProcessEvents() +{ + VcoreLogD("Processing events"); + + // Steal current event list + InternalEventList stolenEvents; + + // Enter event list critical section + { + std::lock_guard<std::mutex> lock(m_eventMutex); + m_eventList.swap(stolenEvents); + m_eventInvoker.Reset(); + } + + // Process event list + VcoreLogD("Stolen %u internal events", stolenEvents.size()); + + for (InternalEventList::iterator iterator = stolenEvents.begin(); + iterator != stolenEvents.end(); + ++iterator) + { + // Dispatch immediate event + iterator->eventDispatchProc(iterator->event, iterator->userParam); + + // Delete event + iterator->eventDeleteProc(iterator->event, iterator->userParam); + } +} + +void Thread::ProcessTimedEvents() +{ + // Critical section on timed events mutex + { + std::lock_guard<std::mutex> lock(m_timedEventMutex); + + // Get current time + unsigned long currentTimeMiliseconds = GetCurrentTimeMiliseconds(); + + // Info + VcoreLogD("Processing timed events. Time now: %lu ms", currentTimeMiliseconds); + + // All timed events are sorted chronologically + // Emit timed out events + while (!m_timedEventVector.empty() && + currentTimeMiliseconds >= + m_timedEventVector.begin()->registerTimeMiliseconds + + m_timedEventVector.begin()->dueTimeMiliseconds) + { + // Info + VcoreLogD("Transforming timed event into immediate event. Absolute due time: %lu ms", + (m_timedEventVector.begin()->registerTimeMiliseconds + + m_timedEventVector.begin()->dueTimeMiliseconds)); + + // Emit immediate event + PushEvent(m_timedEventVector.begin()->event, + m_timedEventVector.begin()->eventDispatchProc, + m_timedEventVector.begin()->eventDeleteProc, + m_timedEventVector.begin()->userParam); + + // Remove timed eventand fix heap + std::pop_heap(m_timedEventVector.begin(), m_timedEventVector.end()); + m_timedEventVector.pop_back(); + } + } +} + +unsigned long Thread::GetCurrentTimeMiliseconds() const +{ + timeval tv; + gettimeofday(&tv, NULL); + return static_cast<unsigned long>(tv.tv_sec) * 1000 + + static_cast<unsigned long>(tv.tv_usec) / 1000; +} + +int Thread::Exec() +{ + VcoreLogD("Executing thread event processing"); + + const std::size_t MIN_HANDLE_LIST_SIZE = 4; + + // Start processing of events + WaitableHandleListEx handleList; + + // index 0: Quit waitable event handle + handleList.push_back(std::make_pair(m_quitEvent.GetHandle(), WaitMode::Read)); + + // index 1: Event occurred event handle + handleList.push_back(std::make_pair(m_eventInvoker.GetHandle(), + WaitMode::Read)); + + // index 2: Timed event occurred event handle + handleList.push_back(std::make_pair(m_timedEventInvoker.GetHandle(), + WaitMode::Read)); + + // index 3: Waitable handle watch support invoker + handleList.push_back(std::make_pair(WaitableHandleWatchSupport:: + WaitableInvokerHandle(), + WaitMode::Read)); + + // + // Watch list might have been initialized before threaded started + // Need to fill waitable event watch list in this case + // + { + WaitableHandleListEx waitableHandleWatchHandles = + WaitableHandleWatchSupport::WaitableWatcherHandles(); + std::copy( + waitableHandleWatchHandles.begin(), + waitableHandleWatchHandles.end(), std::back_inserter(handleList)); + } + + // Quit flag + bool quit = false; + + while (!quit) { + // Retrieve minimum wait time, according to timed events list + unsigned long minimumWaitTime; + + // Critical section on timed events mutex + { + std::lock_guard<std::mutex> lock(m_timedEventMutex); + + if (!m_timedEventVector.empty()) { + unsigned long currentTimeMiliseconds = + GetCurrentTimeMiliseconds(); + unsigned long destinationTimeMiliseconds = + m_timedEventVector.begin()->registerTimeMiliseconds + + m_timedEventVector.begin()->dueTimeMiliseconds; + + // Are we already late with timed event ? + if (currentTimeMiliseconds > destinationTimeMiliseconds) { + minimumWaitTime = 0; + } else { + minimumWaitTime = destinationTimeMiliseconds - + currentTimeMiliseconds; + } + } else { + minimumWaitTime = 0xFFFFFFFF; // Infinity + } + } + + // Info + VcoreLogD("Thread loop minimum wait time: %lu ms", minimumWaitTime); + + // Do thread waiting + WaitableHandleIndexList waitableHandleIndexList = + WaitForMultipleHandles(handleList, minimumWaitTime); + + if (waitableHandleIndexList.empty()) { + // Timeout occurred. Process timed events. + VcoreLogD("Timed event list elapsed invoker"); + ProcessTimedEvents(); + continue; + } + + // Go through each index + for (WaitableHandleIndexList::const_iterator + waitableHandleIndexIterator = waitableHandleIndexList.begin(); + waitableHandleIndexIterator != waitableHandleIndexList.end(); + ++waitableHandleIndexIterator) + { + size_t index = *waitableHandleIndexIterator; + + VcoreLogD("Event loop triggered with index: %u", index); + + switch (index) { + case 0: + // Quit waitable event handle + quit = true; + break; + + case 1: + // Event occurred event handle + ProcessEvents(); + + // Handle direct invoker + if (m_directInvoke) { + m_directInvoke = false; + + VcoreLogD("Handling direct invoker"); + + // Update list + while (handleList.size() > MIN_HANDLE_LIST_SIZE) { + handleList.pop_back(); + } + + // Insert current waitable event handles instead + { + WaitableHandleListEx waitableHandleWatchHandles = + WaitableHandleWatchSupport::WaitableWatcherHandles(); + std::copy( + waitableHandleWatchHandles.begin(), + waitableHandleWatchHandles.end(), + std::back_inserter(handleList)); + } + } + + // Done + break; + + case 2: + // Timed event list changed + VcoreLogD("Timed event list changed invoker"); + ProcessTimedEvents(); + + // Reset timed event invoker + m_timedEventInvoker.Reset(); + + // Done + break; + + case 3: + // Waitable handle watch support invoker + VcoreLogD("Waitable handle watch invoker event occurred"); + + // First, remove all previous handles + while (handleList.size() > MIN_HANDLE_LIST_SIZE) { + handleList.pop_back(); + } + + // Insert current waitable event handles instead + { + WaitableHandleListEx waitableHandleWatchHandles = + WaitableHandleWatchSupport::WaitableWatcherHandles(); + std::copy( + waitableHandleWatchHandles.begin(), + waitableHandleWatchHandles.end(), + std::back_inserter(handleList)); + } + + // Handle invoker in waitable watch support + WaitableHandleWatchSupport::InvokerFinished(); + + VcoreLogD("Waitable handle watch invoker event handled"); + + // Done + break; + + default: + // Waitable event watch list + VcoreLogD("Waitable handle watch event occurred"); + + // Handle event in waitable handle watch + { + std::pair<WaitableHandle, + WaitMode::Type> handle = handleList[index]; + WaitableHandleWatchSupport::HandleWatcher(handle.first, + handle.second); + } + + if (m_directInvoke) { + m_directInvoke = false; + + VcoreLogD("Handling direct invoker"); + + // Update list + while (handleList.size() > MIN_HANDLE_LIST_SIZE) { + handleList.pop_back(); + } + + // Insert current waitable event handles instead + { + WaitableHandleListEx waitableHandleWatchHandles = + WaitableHandleWatchSupport:: + WaitableWatcherHandles(); + std::copy(waitableHandleWatchHandles.begin(), + waitableHandleWatchHandles.end(), + std::back_inserter(handleList)); + } + } + + VcoreLogD("Waitable handle watch event handled"); + + // Done + break; + } + } + } + + VcoreLogD("Leaving thread event processing"); + return 0; +} + +void Thread::Run() +{ + VcoreLogD("Running thread"); + + // Critical section + { + std::lock_guard<std::mutex> lock(m_stateMutex); + + if (m_running) { + return; + } + + try{ + m_thread = std::thread(StaticThreadEntry,this); + }catch(std::system_error e){ + Throw(Exception::RunFailed); + } + + // At default, we abandon thread + m_abandon = true; + + // Enter running state + m_running = true; + } + + VcoreLogD("Thread run"); +} + +void Thread::Quit() +{ + // Critical section + { + std::lock_guard<std::mutex> lock(m_stateMutex); + + // Is thread running ? + if (!m_running) { + return; + } + + VcoreLogD("Quitting thread..."); + + // Do not abandon thread, we will join + m_abandon = false; + + // Singal quit waitable event + m_quitEvent.Signal(); + } + + try{ + m_thread.join(); + }catch(std::system_error e){ + Throw(Exception::QuitFailed); + } + + VcoreLogD("Thread quit"); +} + +void Thread::PushEvent(void *event, + EventDispatchProc eventDispatchProc, + EventDeleteProc eventDeleteProc, + void *userParam) +{ + // Enter event list critical section + std::lock_guard<std::mutex> lock(m_eventMutex); + + // Push new event + m_eventList.push_back(InternalEvent(event, userParam, eventDispatchProc, + eventDeleteProc)); + + // Trigger invoker + m_eventInvoker.Signal(); + + VcoreLogD("Event pushed and invoker signaled"); +} + +void Thread::PushTimedEvent(void *event, + double dueTimeSeconds, + EventDispatchProc eventDispatchProc, + EventDeleteProc eventDeleteProc, + void *userParam) +{ + // Check for developer errors + Assert(dueTimeSeconds >= 0.0); + + // Enter timed event list critical section + std::lock_guard<std::mutex> lock(m_timedEventMutex); + + // Get current time + unsigned long currentTimeMiliseconds = GetCurrentTimeMiliseconds(); + + // Convert to miliseconds + unsigned long dueTimeMiliseconds = + static_cast<unsigned long>(1000.0 * dueTimeSeconds); + + // Push new timed event + m_timedEventVector.push_back(InternalTimedEvent(event, userParam, + dueTimeMiliseconds, + currentTimeMiliseconds, + eventDispatchProc, + eventDeleteProc)); + + // Heapify timed events + std::make_heap(m_timedEventVector.begin(), m_timedEventVector.end()); + + // Trigger invoker + m_timedEventInvoker.Signal(); + + VcoreLogD("Timed event pushed and invoker signaled: " + "due time: %lu ms, absolute due time: %lu ms", + dueTimeMiliseconds, currentTimeMiliseconds + dueTimeMiliseconds); +} + +Thread *Thread::GetInvokerThread() +{ + return this; +} + +void Thread::HandleDirectInvoker() +{ + // We must be in ProcessEvents call stack + // Mark that situation to handle direct invoker + m_directInvoke = true; +} + +void Thread::Sleep(uint64_t seconds) +{ + NanoSleep(seconds * NANOSECONDS_PER_SECOND); +} + +void Thread::MiliSleep(uint64_t miliseconds) +{ + NanoSleep(miliseconds * NANOSECONDS_PER_MILISECOND); +} + +void Thread::MicroSleep(uint64_t microseconds) +{ + NanoSleep(microseconds * NANOSECONDS_PER_MICROSECOND); +} + +void Thread::NanoSleep(uint64_t nanoseconds) +{ + timespec requestedTime = { + static_cast<time_t>( + nanoseconds / NANOSECONDS_PER_SECOND), + + static_cast<long>( + nanoseconds % NANOSECONDS_PER_SECOND) + }; + + timespec remainingTime; + + for (;;) { + if (nanosleep(&requestedTime, &remainingTime) == 0) { + break; + } + + int error = errno; + Assert(error == EINTR); + + requestedTime = remainingTime; + } +} +} // namespace VcoreDPL diff --git a/vcore/src/dpl/core/src/type_list.cpp b/vcore/src/dpl/core/src/type_list.cpp new file mode 100644 index 0000000..fa94806 --- /dev/null +++ b/vcore/src/dpl/core/src/type_list.cpp @@ -0,0 +1,31 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file type_list.cpp + * @author Bartosz Janiak (b.janiak@samsung.com) + * @version 1.0 + * @brief Generic type list template + */ +#include <stddef.h> +#include <dpl/type_list.h> + +// +// Note: +// +// The file here is left blank to enable precompilation +// of templates in corresponding header file. +// Do not remove this file. +// diff --git a/vcore/src/dpl/core/src/waitable_event.cpp b/vcore/src/dpl/core/src/waitable_event.cpp new file mode 100644 index 0000000..8ff1417 --- /dev/null +++ b/vcore/src/dpl/core/src/waitable_event.cpp @@ -0,0 +1,77 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file waitable_event.cpp + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of waitable event + */ +#include <stddef.h> +#include <dpl/waitable_event.h> +#include <sys/select.h> +#include <unistd.h> +#include <fcntl.h> +#include <errno.h> +#include <errno.h> + +namespace VcoreDPL { +WaitableEvent::WaitableEvent() +{ + if (pipe(m_pipe) == -1) { + Throw(Exception::CreateFailed); + } + + if (fcntl(m_pipe[0], F_SETFL, O_NONBLOCK | + fcntl(m_pipe[0], F_GETFL)) == -1) + { + Throw(Exception::CreateFailed); + } +} + +WaitableEvent::~WaitableEvent() +{ + if (TEMP_FAILURE_RETRY(close(m_pipe[0])) == -1) { + Throw(Exception::DestroyFailed); + } + + if (TEMP_FAILURE_RETRY(close(m_pipe[1])) == -1) { + Throw(Exception::DestroyFailed); + } +} + +WaitableHandle WaitableEvent::GetHandle() const +{ + return m_pipe[0]; +} + +void WaitableEvent::Signal() const +{ + char data = 0; + + if (TEMP_FAILURE_RETRY(write(m_pipe[1], &data, 1)) != 1) { + Throw(Exception::SignalFailed); + } +} + +void WaitableEvent::Reset() const +{ + char data; + + if (TEMP_FAILURE_RETRY(read(m_pipe[0], &data, 1)) != 1) { + Throw(Exception::ResetFailed); + } +} +} // namespace VcoreDPL diff --git a/vcore/src/dpl/core/src/waitable_handle.cpp b/vcore/src/dpl/core/src/waitable_handle.cpp new file mode 100644 index 0000000..58d0a35 --- /dev/null +++ b/vcore/src/dpl/core/src/waitable_handle.cpp @@ -0,0 +1,161 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file waitable_handle.cpp + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of waitable handle + */ +#include <stddef.h> +#include <dpl/waitable_event.h> +#include <dpl/workaround.h> +#include <sys/select.h> +#include <unistd.h> +#include <fcntl.h> +#include <errno.h> +#include <dpl/assert.h> + +namespace VcoreDPL { +namespace // anonymous +{ +void CheckWaitableHandle(WaitableHandle handle) +{ +#ifdef DPL_ENABLE_WAITABLE_HANDLE_BADF_CHECK + // Try to get descriptor flags + int result = fcntl(handle, F_GETFL); + + if (result == -1 && errno == EBADF) { + AssertMsg(0, "CheckWaitableHandle: Invalid WaitableHandle! (EBADF)"); + } + + AssertMsg(result != -1, "CheckWaitableHandle: Invalid WaitableHandle!"); +#endif // DPL_ENABLE_WAITABLE_HANDLE_BADF_CHECK +} +} // namespace anonymous + +WaitableHandleIndexList WaitForSingleHandle(WaitableHandle handle, + unsigned long miliseconds) +{ + WaitableHandleList waitHandles; + waitHandles.push_back(handle); + return WaitForMultipleHandles(waitHandles, miliseconds); +} + +WaitableHandleIndexList WaitForSingleHandle(WaitableHandle handle, + WaitMode::Type mode, + unsigned long miliseconds) +{ + WaitableHandleListEx waitHandles; + waitHandles.push_back(std::make_pair(handle, mode)); + return WaitForMultipleHandles(waitHandles, miliseconds); +} + +WaitableHandleIndexList WaitForMultipleHandles( + const WaitableHandleList &waitableHandleList, + unsigned long miliseconds) +{ + WaitableHandleListEx handleList; + + for (WaitableHandleList::const_iterator iterator = waitableHandleList.begin(); + iterator != waitableHandleList.end(); + ++iterator) + { + // Wait for multiple objects + handleList.push_back(std::make_pair(*iterator, WaitMode::Read)); + } + + // Do waiting + return WaitForMultipleHandles(handleList, miliseconds); +} + +WaitableHandleIndexList WaitForMultipleHandles( + const WaitableHandleListEx &waitableHandleListEx, + unsigned long miliseconds) +{ + fd_set readFds, writeFds, errorFds; + + // Fill sets + int maxFd = -1; + + FD_ZERO(&readFds); + FD_ZERO(&writeFds); + FD_ZERO(&errorFds); + + // Add read wait handles + for (WaitableHandleListEx::const_iterator iterator = + waitableHandleListEx.begin(); + iterator != waitableHandleListEx.end(); + ++iterator) + { + if (iterator->first > maxFd) { + maxFd = iterator->first; + } + + CheckWaitableHandle(iterator->first); + + // Handle errors along with read and write events + FD_SET(iterator->first, &errorFds); + + if (iterator->second == WaitMode::Read) { + FD_SET(iterator->first, &readFds); + } else if (iterator->second == WaitMode::Write) { + FD_SET(iterator->first, &writeFds); + } + } + + // Do select + timeval timeout; + timeval *effectiveTimeout = NULL; + if (miliseconds != 0xFFFFFFFF) { + timeout.tv_sec = miliseconds / 1000; + timeout.tv_usec = (miliseconds % 1000) * 1000; + effectiveTimeout = &timeout; + } + + if (TEMP_FAILURE_RETRY(select(maxFd + 1, &readFds, &writeFds, &errorFds, + effectiveTimeout)) == -1) + { + Throw(WaitFailed); + } + + // Check results + WaitableHandleIndexList indexes; + size_t index = 0; + + for (WaitableHandleListEx::const_iterator iterator = + waitableHandleListEx.begin(); + iterator != waitableHandleListEx.end(); + ++iterator) + { + // Always return errors, no matter what type of listening is set + if (FD_ISSET(iterator->first, &errorFds)) { + indexes.push_back(index); + } else if (iterator->second == WaitMode::Read) { + if (FD_ISSET(iterator->first, &readFds)) { + indexes.push_back(index); + } + } else if (iterator->second == WaitMode::Write) { + if (FD_ISSET(iterator->first, &writeFds)) { + indexes.push_back(index); + } + } + ++index; + } + + // Successfuly awaited some events or timeout occurred + return indexes; +} +} // namespace VcoreDPL diff --git a/vcore/src/dpl/core/src/waitable_handle_watch_support.cpp b/vcore/src/dpl/core/src/waitable_handle_watch_support.cpp new file mode 100644 index 0000000..fb46539 --- /dev/null +++ b/vcore/src/dpl/core/src/waitable_handle_watch_support.cpp @@ -0,0 +1,376 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file waitable_handle_watch_support.cpp + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of waitable handle watch + * support + */ +#include <stddef.h> +#include <dpl/waitable_handle_watch_support.h> +#include <dpl/thread.h> +#include <dpl/log/vcore_log.h> +#include <algorithm> +#include <dpl/assert.h> + +namespace VcoreDPL { +WaitableHandleWatchSupport::WaitableHandleWatchSupport() +{} + +WaitableHandleWatchSupport::~WaitableHandleWatchSupport() +{ + // Developer assertions + if (!m_watchersMap.empty()) { + VcoreLogW("### Leaked watchers map dump ###"); + + for (WaitableHandleWatchersMap::const_iterator iterator = + m_watchersMap.begin(); + iterator != m_watchersMap.end(); + ++iterator) + { + VcoreLogW("### Waitable handle: %i", iterator->first); + + VcoreLogW("### Read listeners: %u", iterator->second.readListenersCount); + VcoreLogW("### Write listeners: %u", iterator->second.writeListenersCount); + + for (WaitableHandleListenerList::const_iterator listenersIterator = + iterator->second.listeners.begin(); + listenersIterator != iterator->second.listeners.end(); + ++listenersIterator) + { + VcoreLogW("### Mode: %i. Listener: %p", + listenersIterator->mode, listenersIterator->listener); + } + } + } +} + +WaitableHandle WaitableHandleWatchSupport::WaitableInvokerHandle() const +{ + return m_watchersInvoker.GetHandle(); +} + +WaitableHandleListEx WaitableHandleWatchSupport::WaitableWatcherHandles() const +{ + // Critical section + { + std::lock_guard<std::recursive_mutex> lock(m_watchersMutex); + + WaitableHandleListEx handleList; + + for (WaitableHandleWatchersMap::const_iterator iterator = + m_watchersMap.begin(); + iterator != m_watchersMap.end(); + ++iterator) + { + // Register waitable event id for wait + // Check if there are any read listeners and write listeners + // and register for both if applicable + if (iterator->second.readListenersCount > 0) { + handleList.push_back(std::make_pair(iterator->first, + WaitMode::Read)); + } + + if (iterator->second.writeListenersCount > 0) { + handleList.push_back(std::make_pair(iterator->first, + WaitMode::Write)); + } + } + + return handleList; + } +} + +void WaitableHandleWatchSupport::InvokerFinished() +{ + VcoreLogD("Invoker finished called"); + + // Reset invoker + m_watchersInvoker.Reset(); + + // Commit invoke + m_watchersInvokerCommit.Signal(); +} + +void WaitableHandleWatchSupport::HandleWatcher(WaitableHandle waitableHandle, + WaitMode::Type mode) +{ + // + // Waitable event occurred + // Now call all listeners for that waitable event. It is possible + // that some of listeners early disappeared. This is not a problem. + // Warning: Listeners and/or watcher may also disappear during dispatching + // handlers! + // + VcoreLogD("Waitable event occurred"); + + // Critical section for other threads + { + std::lock_guard<std::recursive_mutex> lock(m_watchersMutex); + + // Notice: We must carefully call watchers here as they may disappear + // (zero listeners) or be created during each of handler call + // All removed listeners are handled correctly. Adding + // additional listener to the same waitable handle + // during handler dispatch sequence is _not_ supported. + WaitableHandleWatchersMap trackedWatchers = m_watchersMap; + + for (WaitableHandleWatchersMap::const_iterator trackedWatchersIterator + = trackedWatchers.begin(); + trackedWatchersIterator != trackedWatchers.end(); + ++trackedWatchersIterator) + { + // Check if this watcher still exists + // If not, go to next tracked watcher + if (m_watchersMap.find(trackedWatchersIterator->first) == + m_watchersMap.end()) + { + VcoreLogD("Watcher disappeared during watcher handler"); + continue; + } + + // Is this is a waitable handle that we are searching for ? + if (waitableHandle != trackedWatchersIterator->first) { + continue; + } + + // Track watcher listeners list + WaitableHandleListenerList trackedListeners = + trackedWatchersIterator->second.listeners; + + VcoreLogD("Calling waitable event listeners (%u)...", + trackedListeners.size()); + + // Notice: We must carefully call listeners here as they may + // disappear or be created during each of handler call + // All removed listeners are handled correctly. Adding + // additional listener to the same waitable handle + // during handler dispatch sequence is should be also + // handled, as an extremly case. + + // Call all waitable event listeners who listen for that event + for (WaitableHandleListenerList::const_iterator + trackedListenersIterator = trackedListeners.begin(); + trackedListenersIterator != trackedListeners.end(); + ++trackedListenersIterator) + { + // Check if this watcher still exists + // If not, there cannot be another one. Must exit now (after + // break, we actually exit) + if (m_watchersMap.find(trackedWatchersIterator->first) == + m_watchersMap.end()) + { + VcoreLogD("Watcher disappeared during watcher handler"); + break; + } + + // Check if this watcher listener still exists + // If not, go to next tracked watcher listener + bool listenerStillExists = false; + + for (WaitableHandleListenerList::const_iterator + searchListenerIterator = + trackedWatchersIterator->second.listeners.begin(); + searchListenerIterator != + trackedWatchersIterator->second.listeners.end(); + ++searchListenerIterator) + { + if (searchListenerIterator->listener == + trackedListenersIterator->listener && + searchListenerIterator->mode == + trackedListenersIterator->mode) + { + listenerStillExists = true; + break; + } + } + + if (!listenerStillExists) { + VcoreLogD("Watcher listener disappeared during watcher handler"); + break; + } + + // Is this is a listener mode that we are searching for ? + if (mode != trackedListenersIterator->mode) { + continue; + } + + // Call waitable event watch listener + VcoreLogD("Before tracker listener call..."); + trackedListenersIterator->listener->OnWaitableHandleEvent( + trackedWatchersIterator->first, + trackedListenersIterator->mode); + VcoreLogD("After tracker listener call..."); + } + + // Now call all those listeners who registered during listener calls + // FIXME: Implement! Notice, that scenario may be recursive! + + VcoreLogD("Waitable event listeners called"); + + // No more waitable events possible - consistency check + break; + } + } +} + +void WaitableHandleWatchSupport::AddWaitableHandleWatch( + WaitableHandleListener* listener, + WaitableHandle waitableHandle, + WaitMode::Type mode) +{ + // Enter waitable event list critical section + std::lock_guard<std::recursive_mutex> lock(m_watchersMutex); + + // Find proper list to register into + WaitableHandleWatchersMap::iterator mapIterator = m_watchersMap.find( + waitableHandle); + + if (mapIterator != m_watchersMap.end()) { + // Assert if there is no such listener already that is listening in this + // mode + for (WaitableHandleListenerList::iterator listenersIterator = + mapIterator->second.listeners.begin(); + listenersIterator != mapIterator->second.listeners.end(); + ++listenersIterator) + { + // Must not insert same listener-mode pair + Assert( + listenersIterator->listener != listener || + listenersIterator->mode != mode); + } + } + + VcoreLogD("Adding waitable handle watch: %i", waitableHandle); + + // Push new waitable event watch + if (mapIterator != m_watchersMap.end()) { + mapIterator->second.listeners.push_back(WaitableHandleWatcher(listener, + mode)); + } else { + m_watchersMap[waitableHandle].listeners.push_back(WaitableHandleWatcher( + listener, mode)); + } + + // Update counters + switch (mode) { + case WaitMode::Read: + m_watchersMap[waitableHandle].readListenersCount++; + break; + + case WaitMode::Write: + m_watchersMap[waitableHandle].writeListenersCount++; + break; + + default: + Assert(0); + } + + // Trigger waitable event invoker to commit changes + CommitInvoker(); + + VcoreLogD("Waitable event watch added and invoker signaled"); +} + +void WaitableHandleWatchSupport::RemoveWaitableHandleWatch( + WaitableHandleListener *listener, + WaitableHandle waitableHandle, + WaitMode::Type mode) +{ + // Enter waitable event list critical section + std::lock_guard<std::recursive_mutex> lock(m_watchersMutex); + + // Find proper list with listener + WaitableHandleWatchersMap::iterator mapIterator = m_watchersMap.find( + waitableHandle); + + Assert(mapIterator != m_watchersMap.end()); + + // Assert if there is such listener and mode + WaitableHandleListenerList::iterator listIterator = + mapIterator->second.listeners.end(); + + for (WaitableHandleListenerList::iterator listenersIterator = + mapIterator->second.listeners.begin(); + listenersIterator != mapIterator->second.listeners.end(); + ++listenersIterator) + { + // Check same pair listener-mode + if (listenersIterator->listener == listener && + listenersIterator->mode == mode) + { + listIterator = listenersIterator; + break; + } + } + + // Same pair listener-mode must exist + Assert(listIterator != mapIterator->second.listeners.end()); + + VcoreLogD("Removing waitable handle watch: %i", waitableHandle); + + // Remove waitable event watch + mapIterator->second.listeners.erase(listIterator); + + // Update counters + switch (mode) { + case WaitMode::Read: + mapIterator->second.readListenersCount--; + break; + + case WaitMode::Write: + mapIterator->second.writeListenersCount--; + break; + + default: + Assert(0); + } + + // If list is empty, remove it too + if (mapIterator->second.listeners.empty()) { + m_watchersMap.erase(mapIterator); + } + + // Trigger waitable event invoker to commit changes + CommitInvoker(); + + VcoreLogD("Waitable event watch removed and invoker signaled"); +} + +void WaitableHandleWatchSupport::CommitInvoker() +{ + // Check calling context and execute invoker + if (Thread::GetCurrentThread() == GetInvokerThread()) { + VcoreLogD("Calling direct invoker"); + + // Direct invoker call + HandleDirectInvoker(); + } else { + VcoreLogD("Calling indirect invoker"); + + // Indirect invoker call + m_watchersInvoker.Signal(); + + WaitableHandleList waitHandles; + waitHandles.push_back(m_watchersInvokerCommit.GetHandle()); + WaitForMultipleHandles(waitHandles); + + m_watchersInvokerCommit.Reset(); + } +} + +} // namespace VcoreDPL diff --git a/vcore/src/dpl/db/include/dpl/db/naive_synchronization_object.h b/vcore/src/dpl/db/include/dpl/db/naive_synchronization_object.h new file mode 100644 index 0000000..d774ce0 --- /dev/null +++ b/vcore/src/dpl/db/include/dpl/db/naive_synchronization_object.h @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file naive_synchronization_object.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of SQL naive + * synchronization object + */ +#ifndef DPL_NAIVE_SYNCHRONIZATION_OBJECT_H +#define DPL_NAIVE_SYNCHRONIZATION_OBJECT_H + +#include <dpl/db/sql_connection.h> + +namespace VcoreDPL { +namespace DB { +/** + * Naive synchronization object used to synchronize SQL connection + * to the same database across different threads and processes + */ +class NaiveSynchronizationObject : + public SqlConnection::SynchronizationObject +{ + public: + // [SqlConnection::SynchronizationObject] + virtual void Synchronize(); + virtual void NotifyAll(); +}; +} // namespace DB +} // namespace VcoreDPL + +#endif // DPL_NAIVE_SYNCHRONIZATION_OBJECT_H diff --git a/vcore/src/dpl/db/include/dpl/db/orm.h b/vcore/src/dpl/db/include/dpl/db/orm.h new file mode 100644 index 0000000..39d0503 --- /dev/null +++ b/vcore/src/dpl/db/include/dpl/db/orm.h @@ -0,0 +1,1117 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file orm.h + * @author Bartosz Janiak (b.janiak@samsung.com) + * @version 1.0 + * @brief DPL-ORM: Object-relational mapping for sqlite database, written on top of DPL. + */ + +#include <cstdlib> +#include <cstdio> +#include <string> +#include <typeinfo> +#include <utility> +#include <set> +#include <list> +#include <memory> +#include <boost/optional.hpp> + +#include <dpl/db/sql_connection.h> +#include <dpl/db/orm_interface.h> +#include <dpl/string.h> +#include <dpl/type_list.h> +#include <dpl/assert.h> +#include <dpl/foreach.h> + +#ifndef DPL_ORM_H +#define DPL_ORM_H + +namespace VcoreDPL { +namespace DB { +namespace ORM { + +//TODO move to type utils +#define DPL_CHECK_TYPE_INSTANTIABILITY(type) \ + { \ + type _ignored_; \ + (void)_ignored_; \ + } + +#define DECLARE_COLUMN_TYPE_LIST() typedef VcoreDPL::TypeListDecl< +#define SELECTED_COLUMN(table_name, column_name) table_name::column_name, +#define DECLARE_COLUMN_TYPE_LIST_END(name) VcoreDPL::TypeListGuard>::Type name; + +typedef size_t ColumnIndex; +typedef size_t ArgumentIndex; +typedef boost::optional<VcoreDPL::String> OptionalString; +typedef boost::optional<int> OptionalInteger; +typedef VcoreDPL::DB::SqlConnection::DataCommand DataCommand; + +namespace RelationTypes { + extern const char Equal[]; + extern const char LessThan[]; + extern const char And[]; + extern const char Or[]; + extern const char Is[]; + extern const char In[]; + //TODO define more relation types +} + +namespace DataCommandUtils { + //TODO move to VcoreDPL::DataCommand? + void BindArgument(DataCommand *command, ArgumentIndex index, int argument); + void BindArgument(DataCommand *command, ArgumentIndex index, const OptionalInteger& argument); + void BindArgument(DataCommand *command, ArgumentIndex index, const VcoreDPL::String& argument); + void BindArgument(DataCommand *command, ArgumentIndex index, const OptionalString& argument); +} +class __attribute__ ((visibility("hidden"))) Expression { +public: + virtual ~Expression() {} + virtual std::string GetString() const = 0; + virtual ArgumentIndex BindTo(DataCommand *command, ArgumentIndex index) = 0; +}; + +typedef std::shared_ptr<Expression> ExpressionPtr; + +namespace OrderingUtils { + +template<typename CompoundType> inline std::string OrderByInternal() +{ + std::string order = OrderByInternal<typename CompoundType::Tail>(); + if(!order.empty()) return CompoundType::Head::GetString() + ", " + order; + else return CompoundType::Head::GetString(); +} + +template<> inline std::string OrderByInternal<TypeListGuard>() +{ + return std::string(); +} + +} + +template<typename ColumnType> +class __attribute__ ((visibility("hidden"))) OrderingExpression { +protected: + static std::string GetSchemaAndName() + { + std::string statement; + statement += ColumnType::GetTableName(); + statement += "."; + statement += ColumnType::GetColumnName(); + statement += " "; + return statement; + } +public: + virtual ~OrderingExpression() {} +}; + +template<const char* Operator, typename LeftExpression, typename RightExpression> +class __attribute__ ((visibility("hidden"))) BinaryExpression : public Expression { +protected: + LeftExpression m_leftExpression; + RightExpression m_rightExpression; + bool m_outerParenthesis; +public: + BinaryExpression(const LeftExpression& leftExpression, const RightExpression& rightExpression, bool outerParenthesis = true) : + m_leftExpression(leftExpression), + m_rightExpression(rightExpression), + m_outerParenthesis(outerParenthesis) + {} + + virtual std::string GetString() const + { + return (m_outerParenthesis ? "( " : " " ) + + m_leftExpression.GetString() + " " + Operator + " " + m_rightExpression.GetString() + + (m_outerParenthesis ? " )" : " " ) ; + } + + virtual ArgumentIndex BindTo(DataCommand *command, ArgumentIndex index) + { + index = m_leftExpression.BindTo(command, index); + return m_rightExpression.BindTo(command, index); + } + + template<typename TableDefinition> + struct ValidForTable { + typedef std::pair<typename LeftExpression ::template ValidForTable<TableDefinition>::Yes , + typename RightExpression::template ValidForTable<TableDefinition>::Yes > + Yes; + }; +}; + +template<typename LeftExpression, typename RightExpression> +BinaryExpression<RelationTypes::And, LeftExpression, RightExpression> + And(const LeftExpression& leftExpression, const RightExpression& rightExpression) +{ + return BinaryExpression<RelationTypes::And, LeftExpression, RightExpression> + (leftExpression, rightExpression); +} + +template<typename LeftExpression, typename RightExpression> +BinaryExpression<RelationTypes::Or, LeftExpression, RightExpression> + Or(const LeftExpression& leftExpression, const RightExpression& rightExpression) +{ + return BinaryExpression<RelationTypes::Or, LeftExpression, RightExpression> + (leftExpression, rightExpression); +} + +template<typename ArgumentType> +class __attribute__ ((visibility("hidden"))) ExpressionWithArgument : public Expression { +protected: + ArgumentType argument; + +public: + explicit ExpressionWithArgument(const ArgumentType& _argument) : argument(_argument) {} + + virtual ArgumentIndex BindTo(DataCommand *command, ArgumentIndex index) + { + DataCommandUtils::BindArgument(command, index, argument); + return index + 1; + } +}; + +template<typename ColumnData, const char* Relation> +class __attribute__ ((visibility("hidden"))) Compare : public ExpressionWithArgument<typename ColumnData::ColumnType> { +public: + explicit Compare(typename ColumnData::ColumnType column) : + ExpressionWithArgument<typename ColumnData::ColumnType>(column) + {} + + virtual std::string GetString() const + { + std::string statement; + statement += ColumnData::GetTableName(); + statement += "."; + statement += ColumnData::GetColumnName(); + statement += " "; + statement += Relation; + statement += " ?"; + return statement; + } + + template<typename TableDefinition> + struct ValidForTable { + typedef typename TableDefinition::ColumnList::template Contains<ColumnData> Yes; + }; +}; +#define ORM_DEFINE_COMPARE_EXPRESSION(name, relationType) \ + template<typename ColumnData> \ + class __attribute__ ((visibility("hidden"))) name : public Compare<ColumnData, RelationTypes::relationType> { \ + public: \ + name(typename ColumnData::ColumnType column) : \ + Compare<ColumnData, RelationTypes::relationType>(column) \ + {} \ + }; + +ORM_DEFINE_COMPARE_EXPRESSION(Equals, Equal) +ORM_DEFINE_COMPARE_EXPRESSION(Is, Is) + +#define ORM_DEFINE_ORDERING_EXPRESSION(name, value) \ + template<typename ColumnType> \ + class __attribute__ ((visibility("hidden"))) name \ + : OrderingExpression<ColumnType> { \ + public: \ + static std::string GetString() \ + { \ + std::string statement = OrderingExpression<ColumnType>::GetSchemaAndName(); \ + statement += value; \ + return statement; \ + } \ + }; + +ORM_DEFINE_ORDERING_EXPRESSION(OrderingAscending, "ASC") +ORM_DEFINE_ORDERING_EXPRESSION(OrderingDescending, "DESC") + +template<typename ColumnData1, typename ColumnData2> +class __attribute__ ((visibility("hidden"))) CompareBinaryColumn { +private: + std::string m_relation; +public: + CompareBinaryColumn(const char* Relation) : + m_relation(Relation) + {} + + virtual ~CompareBinaryColumn() {} + + virtual std::string GetString() const + { + std::string statement; + statement += ColumnData1::GetTableName(); + statement += "."; + statement += ColumnData1::GetColumnName(); + statement += " "; + statement += m_relation; + statement += " "; + statement += ColumnData2::GetTableName(); + statement += "."; + statement += ColumnData2::GetColumnName(); + + return statement; + } +}; + +template<typename ColumnData1, typename ColumnData2> +CompareBinaryColumn<ColumnData1, ColumnData2> + Equal() +{ + return CompareBinaryColumn<ColumnData1, ColumnData2>(RelationTypes::Equal); +} + +template<typename ColumnData, const char* Relation> +class __attribute__ ((visibility("hidden"))) NumerousArguments : public Expression { +protected: + std::set<typename ColumnData::ColumnType> m_argumentList; +public: + NumerousArguments(const std::set<typename ColumnData::ColumnType>& argumentList) : m_argumentList(argumentList) {} + + virtual std::string GetString() const + { + std::string statement; + statement += ColumnData::GetColumnName(); + statement += " "; + statement += Relation; + statement += " ( "; + + int argumentCount = m_argumentList.size(); + while(argumentCount) + { + statement += "?"; + argumentCount--; + if (argumentCount) + { + statement += ", "; + } + } + + statement += " )"; + + return statement; + } + + virtual ArgumentIndex BindTo(DataCommand *command, ArgumentIndex index) + { + ArgumentIndex argumentIndex = index; + FOREACH(argumentIt, m_argumentList) + { + DataCommandUtils::BindArgument(command, argumentIndex, *argumentIt); + argumentIndex++; + } + return argumentIndex + 1; + } + + template<typename TableDefinition> + struct ValidForTable { + typedef typename TableDefinition::ColumnList::template Contains<ColumnData> Yes; + }; +}; + +#define ORM_DEFINE_COMPARE_EXPRESSION_NUMEROUS_ARGUMENTS(name, relationType) \ + template<typename ColumnData> \ + class __attribute__ ((visibility("hidden"))) name : public NumerousArguments<ColumnData, RelationTypes::relationType> { \ + public: \ + name(std::set<typename ColumnData::ColumnType> column) : \ + NumerousArguments<ColumnData, RelationTypes::relationType>(column) \ + {} \ + }; + +ORM_DEFINE_COMPARE_EXPRESSION_NUMEROUS_ARGUMENTS(In, In) + +template<typename ColumnType> +ColumnType GetColumnFromCommand(ColumnIndex columnIndex, DataCommand *command); + +class __attribute__ ((visibility("hidden"))) CustomColumnBase { +public: + CustomColumnBase() {} + virtual ~CustomColumnBase() {} +}; + +template<typename ColumnType> +class __attribute__ ((visibility("hidden"))) CustomColumn : public CustomColumnBase { +private: + ColumnType m_columnData; + +public: + CustomColumn() {} + CustomColumn(ColumnType data) + { + m_columnData = data; + } + + void SetColumnData(ColumnType data) + { + m_columnData = data; + } + + ColumnType GetColumnData() const + { + return m_columnData; + } +}; + +template<typename ColumnList> +class __attribute__ ((visibility("hidden"))) CustomRowUtil { +public: + static void MakeColumnList(std::vector<CustomColumnBase*>& columnList) + { + typedef CustomColumn<typename ColumnList::Head::ColumnType> Type; + Type* pColumn = new Type(); + columnList.push_back(pColumn); + CustomRowUtil<typename ColumnList::Tail>::MakeColumnList(columnList); + } + + static void CopyColumnList(const std::vector<CustomColumnBase*>& srcList, std::vector<CustomColumnBase*>& dstList) + { + CopyColumnList(srcList, dstList, 0); + } + + static ColumnIndex GetColumnIndex(const std::string& columnName) + { + return GetColumnIndex(columnName, 0); + } + +private: + static void CopyColumnList(const std::vector<CustomColumnBase*>& srcList, std::vector<CustomColumnBase*>& dstList, ColumnIndex index) + { + typedef CustomColumn<typename ColumnList::Head::ColumnType> Type; + Type* pColumn = new Type(((Type*)(srcList.at(index)))->GetColumnData()); + dstList.push_back(pColumn); + CustomRowUtil<typename ColumnList::Tail>::CopyColumnList(srcList, dstList, index + 1); + } + + static ColumnIndex GetColumnIndex(const std::string& columnName, ColumnIndex index) + { + if (ColumnList::Head::GetColumnName() == columnName) + return index; + + return CustomRowUtil<typename ColumnList::Tail>::GetColumnIndex(columnName, index + 1); + } + +template<typename Other> +friend class CustomRowUtil; +}; + +template<> +class __attribute__ ((visibility("hidden"))) CustomRowUtil<VcoreDPL::TypeListGuard> { +public: + static void MakeColumnList(std::vector<CustomColumnBase*>&) {} +private: + static void CopyColumnList(const std::vector<CustomColumnBase*>&, std::vector<CustomColumnBase*>&, ColumnIndex) {} + static ColumnIndex GetColumnIndex(const std::string&, ColumnIndex) { return -1; } + +template<typename Other> +friend class CustomRowUtil; +}; + +template<typename ColumnList> +class __attribute__ ((visibility("hidden"))) CustomRow { +private: + std::vector<CustomColumnBase*> m_columns; + +public: + CustomRow() + { + CustomRowUtil<ColumnList>::MakeColumnList(m_columns); + } + + CustomRow(const CustomRow& r) + { + CustomRowUtil<ColumnList>::CopyColumnList(r.m_columns, m_columns); + } + + virtual ~CustomRow() + { + while (!m_columns.empty()) + { + CustomColumnBase* pCustomColumn = m_columns.back(); + m_columns.pop_back(); + if (pCustomColumn) + delete pCustomColumn; + } + } + + template<typename ColumnType> + void SetColumnData(ColumnIndex columnIndex, ColumnType data) + { + typedef CustomColumn<ColumnType> Type; + Assert(columnIndex < m_columns.size()); + Type* pColumn = dynamic_cast<Type*>(m_columns.at(columnIndex)); + Assert(pColumn); + pColumn->SetColumnData(data); + } + + template<typename ColumnData> + typename ColumnData::ColumnType GetColumnData() + { + typedef CustomColumn<typename ColumnData::ColumnType> Type; + ColumnIndex index = CustomRowUtil<ColumnList>::GetColumnIndex(ColumnData::GetColumnName()); + Assert(index < m_columns.size()); + Type* pColumn = dynamic_cast<Type*>(m_columns.at(index)); + Assert(pColumn); + return pColumn->GetColumnData(); + } +}; + +template<typename CustomRow, typename ColumnType> +void SetColumnData(CustomRow& row, ColumnType columnData, ColumnIndex columnIndex) +{ + row.SetColumnData<ColumnType>(columnIndex, columnData); +} + +template<typename ColumnList, typename CustomRow> +class __attribute__ ((visibility("hidden"))) FillCustomRowUtil { +public: + static void FillCustomRow(CustomRow& row, DataCommand* command) + { + FillCustomRow(row, 0, command); + } + +private: + static void FillCustomRow(CustomRow& row, ColumnIndex columnIndex, DataCommand* command) + { + typename ColumnList::Head::ColumnType columnData; + columnData = GetColumnFromCommand<typename ColumnList::Head::ColumnType>(columnIndex, command); + SetColumnData<CustomRow, typename ColumnList::Head::ColumnType>(row, columnData, columnIndex); + FillCustomRowUtil<typename ColumnList::Tail, CustomRow>::FillCustomRow(row, columnIndex + 1, command); + } + +template<typename Other, typename OtherRow> +friend class FillCustomRowUtil; +}; + +template<typename CustomRow> +class __attribute__ ((visibility("hidden"))) FillCustomRowUtil<VcoreDPL::TypeListGuard, CustomRow> { +private: + static void FillCustomRow(CustomRow&, ColumnIndex, DataCommand *) + { /* do nothing, we're past the last element of column list */ } + +template<typename Other, typename OtherRow> +friend class FillCustomRowUtil; +}; + +template<typename ColumnList, typename Row> +class __attribute__ ((visibility("hidden"))) FillRowUtil { +public: + static void FillRow(Row& row, DataCommand *command) + { + FillRow(row, 0, command); + } + +private: + static void FillRow(Row& row, ColumnIndex columnIndex, DataCommand *command) + { + typename ColumnList::Head::ColumnType rowField; + rowField = GetColumnFromCommand<typename ColumnList::Head::ColumnType>(columnIndex, command); + ColumnList::Head::SetRowField(row, rowField); + FillRowUtil<typename ColumnList::Tail, Row>::FillRow(row, columnIndex + 1, command); + } + +template<typename Other, typename OtherRow> +friend class FillRowUtil; +}; + +template<typename Row> +class __attribute__ ((visibility("hidden"))) FillRowUtil<VcoreDPL::TypeListGuard, Row> { +private: + static void FillRow(Row&, ColumnIndex, DataCommand *) + { /* do nothing, we're past the last element of column list */ } + +template<typename Other, typename OtherRow> +friend class FillRowUtil; +}; + +template<typename ColumnList> +class __attribute__ ((visibility("hidden"))) JoinUtil { +public: + static std::string GetColumnNames() + { + std::string result; + result = ColumnList::Head::GetTableName(); + result += "."; + result += ColumnList::Head::GetColumnName(); + if (ColumnList::Tail::Size > 0) + result += ", "; + + return result += JoinUtil<typename ColumnList::Tail>::GetColumnNames(); + } + + static std::string GetJoinTableName(const std::string& tableName) + { + std::string joinTableName = ColumnList::Head::GetTableName(); + if (tableName.find(joinTableName) == std::string::npos) + return joinTableName; + + return JoinUtil<typename ColumnList::Tail>::GetJoinTableName(tableName); + } +}; + +template<> +class __attribute__ ((visibility("hidden"))) JoinUtil<VcoreDPL::TypeListGuard> { +public: + static std::string GetColumnNames() { return ""; } + static std::string GetJoinTableName(std::string) { return ""; } +}; + +class Exception { +public: + DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, SelectReuseWithDifferentQuerySignature) + DECLARE_EXCEPTION_TYPE(Base, RowFieldNotInitialized) + DECLARE_EXCEPTION_TYPE(Base, EmptyUpdateStatement) +}; + +template<typename TableDefinition> +class __attribute__ ((visibility("hidden"))) Query +{ +protected: + explicit Query(IOrmInterface* interface) : + m_interface(interface), + m_command(NULL) + { + } + + virtual ~Query() + { + if (m_command == NULL) + return; + + TableDefinition::FreeTableDataCommand(m_command, m_interface); + } + + IOrmInterface* m_interface; + DataCommand *m_command; + std::string m_commandString; + ArgumentIndex m_bindArgumentIndex; +}; + +template<typename TableDefinition> +class __attribute__ ((visibility("hidden"))) QueryWithWhereClause : public Query<TableDefinition> +{ +protected: + ExpressionPtr m_whereExpression; + + void Prepare() + { + if ( !!m_whereExpression ) + { + this->m_commandString += " WHERE "; + this->m_commandString += m_whereExpression->GetString(); + } + } + + void Bind() + { + if ( !!m_whereExpression ) + { + this->m_bindArgumentIndex = m_whereExpression->BindTo( + this->m_command, this->m_bindArgumentIndex); + } + } + +public: + explicit QueryWithWhereClause(IOrmInterface* interface) : + Query<TableDefinition>(interface) + { + } + + template<typename Expression> + void Where(const Expression& expression) + { + DPL_CHECK_TYPE_INSTANTIABILITY(typename Expression::template ValidForTable<TableDefinition>::Yes); + if ( !!m_whereExpression && ( typeid(Expression) != typeid(*m_whereExpression) ) ) + { + std::ostringstream str; + str << "Current ORM implementation doesn't allow to reuse Select" + " instance with different query signature (particularly " + "WHERE on different column).\n"; + str << "Query: "; + str << this->m_commandString; + ThrowMsg(Exception::SelectReuseWithDifferentQuerySignature, + str.str()); + } + //TODO maybe don't make a copy here but just generate the string part of the query. + m_whereExpression.reset(new Expression(expression)); + } + +}; + +template<typename TableDefinition> +class __attribute__ ((visibility("hidden"))) Delete : public QueryWithWhereClause<TableDefinition> +{ +protected: + void Prepare() + { + if ( !this->m_command) + { + this->m_commandString = "DELETE FROM "; + this->m_commandString += TableDefinition::GetName(); + + QueryWithWhereClause<TableDefinition>::Prepare(); + + this->m_command = TableDefinition::AllocTableDataCommand( + this->m_commandString.c_str(), + Query<TableDefinition>::m_interface); + VcoreLogD("Prepared SQL command %s", this->m_commandString.c_str()); + } + } + + void Bind() + { + this->m_bindArgumentIndex = 1; + QueryWithWhereClause<TableDefinition>::Bind(); + } + +public: + explicit Delete(IOrmInterface *interface = NULL) : + QueryWithWhereClause<TableDefinition>(interface) + { + } + + void Execute() + { + Prepare(); + Bind(); + this->m_command->Step(); + this->m_command->Reset(); + } +}; + +namespace { +class BindVisitor { +private: + DataCommand *m_command; +public: + ArgumentIndex m_bindArgumentIndex; + + BindVisitor(DataCommand *command) : + m_command(command), + m_bindArgumentIndex(1) + {} + + template<typename ColumnType> + void Visit(const char*, const ColumnType& value, bool isSet) + { + if ( isSet ) + { + DataCommandUtils::BindArgument(m_command, m_bindArgumentIndex, value); + m_bindArgumentIndex++; + } + } +}; +} //anonymous namespace +template<typename TableDefinition> +class __attribute__ ((visibility("hidden"))) Insert : public Query<TableDefinition> +{ +public: + typedef typename TableDefinition::Row Row; + typedef VcoreDPL::DB::SqlConnection::RowID RowID; + +protected: + boost::optional<std::string> m_orClause; + Row m_row; + + class PrepareVisitor { + public: + std::string m_columnNames; + std::string m_values; + + template<typename ColumnType> + void Visit(const char* name, const ColumnType&, bool isSet) + { + if ( isSet ) + { + if ( !m_columnNames.empty() ) + { + m_columnNames += ", "; + m_values += ", "; + } + m_columnNames += name; + m_values += "?"; + } + } + }; + + void Prepare() + { + if ( !this->m_command ) + { + this->m_commandString = "INSERT "; + if ( !!m_orClause ) + { + this->m_commandString += " OR " + *m_orClause + " "; + } + this->m_commandString += "INTO "; + this->m_commandString += TableDefinition::GetName(); + + PrepareVisitor visitor; + m_row.VisitColumns(visitor); + + this->m_commandString += " ( " + visitor.m_columnNames + " ) "; + this->m_commandString += "VALUES ( " + visitor.m_values + " )"; + + VcoreLogD("Prepared SQL command %s", this->m_commandString.c_str()); + this->m_command = TableDefinition::AllocTableDataCommand( + this->m_commandString.c_str(), + Query<TableDefinition>::m_interface); + } + } + + void Bind() + { + BindVisitor visitor(this->m_command); + m_row.VisitColumns(visitor); + } + +public: + explicit Insert( + IOrmInterface* interface = NULL, + const boost::optional<std::string>& orClause = boost::optional<std::string>()) : + Query<TableDefinition>(interface), + m_orClause(orClause) + { + } + + void Values(const Row& row) + { + if ( this->m_command ) + { + if ( !row.IsSignatureMatching(m_row) ) + { + ThrowMsg(Exception::SelectReuseWithDifferentQuerySignature, + "Current ORM implementation doesn't allow to reuse Insert instance " + "with different query signature."); + } + } + m_row = row; + } + + RowID Execute() + { + Prepare(); + Bind(); + this->m_command->Step(); + + RowID result = TableDefinition::GetLastInsertRowID( + Query<TableDefinition>::m_interface); + + this->m_command->Reset(); + return result; + } +}; + +template<typename TableDefinition> +class __attribute__ ((visibility("hidden"))) Select : public QueryWithWhereClause<TableDefinition> +{ +public: + typedef typename TableDefinition::ColumnList ColumnList; + typedef typename TableDefinition::Row Row; + + typedef std::list<Row> RowList; +protected: + boost::optional<std::string> m_orderBy; + std::string m_JoinClause; + bool m_distinctResults; + + void Prepare(const char* selectColumnName) + { + if ( !this->m_command ) + { + this->m_commandString = "SELECT "; + if (m_distinctResults) + this->m_commandString += "DISTINCT "; + this->m_commandString += selectColumnName; + this->m_commandString += " FROM "; + this->m_commandString += TableDefinition::GetName(); + + this->m_commandString += m_JoinClause; + + QueryWithWhereClause<TableDefinition>::Prepare(); + + if ( !!m_orderBy ) + { + this->m_commandString += " ORDER BY " + *m_orderBy; + } + + this->m_command = TableDefinition::AllocTableDataCommand( + this->m_commandString.c_str(), + Query<TableDefinition>::m_interface); + + VcoreLogD("Prepared SQL command %s", this->m_commandString.c_str()); + } + } + + void Bind() + { + this->m_bindArgumentIndex = 1; + QueryWithWhereClause<TableDefinition>::Bind(); + } + + template<typename ColumnType> + ColumnType GetColumn(ColumnIndex columnIndex) + { + return GetColumnFromCommand<ColumnType>(columnIndex, this->m_command); + } + + Row GetRow() + { + Row row; + FillRowUtil<ColumnList, Row>::FillRow(row, this->m_command); + return row; + } + + template<typename ColumnList, typename CustomRow> + CustomRow GetCustomRow() + { + CustomRow row; + FillCustomRowUtil<ColumnList, CustomRow>::FillCustomRow(row, this->m_command); + return row; + } + +public: + + explicit Select(IOrmInterface *interface = NULL) : + QueryWithWhereClause<TableDefinition>(interface), + m_distinctResults(false) + { + } + + void Distinct() + { + m_distinctResults = true; + } + + template<typename CompoundType> + void OrderBy(const CompoundType&) + { + m_orderBy = OrderingUtils::OrderByInternal<typename CompoundType::Type>(); + } + + void OrderBy(const std::string & orderBy) //backward compatibility + { + m_orderBy = orderBy; + } + + void OrderBy(const char * orderBy) //backward compatibility + { + m_orderBy = std::string(orderBy); + } + + template<typename ColumnList, typename Expression> + void Join(const Expression& expression) { + std::string usedTableNames = TableDefinition::GetName(); + if (!m_JoinClause.empty()) + usedTableNames += m_JoinClause; + + this->m_JoinClause += " JOIN "; + this->m_JoinClause += JoinUtil<ColumnList>::GetJoinTableName(usedTableNames); + this->m_JoinClause += " ON "; + this->m_JoinClause += expression.GetString(); + } + + template<typename ColumnData> + typename ColumnData::ColumnType GetSingleValue() + { + Prepare(ColumnData::GetColumnName()); + Bind(); + this->m_command->Step(); + + typename ColumnData::ColumnType result = + GetColumn<typename ColumnData::ColumnType>(0); + + this->m_command->Reset(); + return result; + } + + //TODO return range - pair of custom iterators + template<typename ColumnData> + std::list<typename ColumnData::ColumnType> GetValueList() + { + Prepare(ColumnData::GetColumnName()); + Bind(); + + std::list<typename ColumnData::ColumnType> resultList; + + while (this->m_command->Step()) + resultList.push_back(GetColumn<typename ColumnData::ColumnType>(0)); + + this->m_command->Reset(); + return resultList; + } + + Row GetSingleRow() + { + Prepare("*"); + Bind(); + this->m_command->Step(); + + Row result = GetRow(); + + this->m_command->Reset(); + return result; + } + + //TODO return range - pair of custom iterators + RowList GetRowList() + { + Prepare("*"); + Bind(); + + RowList resultList; + + while (this->m_command->Step()) + resultList.push_back(GetRow()); + + this->m_command->Reset(); + return resultList; + } + + template<typename ColumnList, typename CustomRow> + CustomRow GetCustomSingleRow() + { + Prepare(JoinUtil<ColumnList>::GetColumnNames().c_str()); + Bind(); + this->m_command->Step(); + + CustomRow result = GetCustomRow<ColumnList, CustomRow>(); + + this->m_command->Reset(); + return result; + } + + template<typename ColumnList, typename CustomRow> + std::list<CustomRow> GetCustomRowList() + { + Prepare(JoinUtil<ColumnList>::GetColumnNames().c_str()); + Bind(); + + std::list<CustomRow> resultList; + + while (this->m_command->Step()) + resultList.push_back(GetCustomRow<ColumnList, CustomRow>()); + + this->m_command->Reset(); + return resultList; + } +}; + +template<typename TableDefinition> +class __attribute__ ((visibility("hidden"))) Update : public QueryWithWhereClause<TableDefinition> { +public: + typedef typename TableDefinition::Row Row; + +protected: + boost::optional<std::string> m_orClause; + Row m_row; + + class PrepareVisitor { + public: + std::string m_setExpressions; + + template<typename ColumnType> + void Visit(const char* name, const ColumnType&, bool isSet) + { + if ( isSet ) + { + if ( !m_setExpressions.empty() ) + { + m_setExpressions += ", "; + } + m_setExpressions += name; + m_setExpressions += " = "; + m_setExpressions += "?"; + } + } + }; + + void Prepare() + { + if ( !this->m_command ) + { + this->m_commandString = "UPDATE "; + if ( !!m_orClause ) + { + this->m_commandString += " OR " + *m_orClause + " "; + } + this->m_commandString += TableDefinition::GetName(); + this->m_commandString += " SET "; + + // got through row columns and values + PrepareVisitor visitor; + m_row.VisitColumns(visitor); + + if(visitor.m_setExpressions.empty()) + { + ThrowMsg(Exception::EmptyUpdateStatement, "No SET expressions in update statement"); + } + + this->m_commandString += visitor.m_setExpressions; + + // where + QueryWithWhereClause<TableDefinition>::Prepare(); + + this->m_command = TableDefinition::AllocTableDataCommand( + this->m_commandString.c_str(), + Query<TableDefinition>::m_interface); + VcoreLogD("Prepared SQL command %s", this->m_commandString.c_str()); + } + } + + void Bind() + { + BindVisitor visitor(this->m_command); + m_row.VisitColumns(visitor); + + this->m_bindArgumentIndex = visitor.m_bindArgumentIndex; + QueryWithWhereClause<TableDefinition>::Bind(); + } + + +public: + explicit Update(IOrmInterface *interface = NULL, + const boost::optional<std::string>& orClause = boost::optional<std::string>()) : + QueryWithWhereClause<TableDefinition>(interface), + m_orClause(orClause) + { + } + + void Values(const Row& row) + { + if ( this->m_command ) + { + if ( !row.IsSignatureMatching(m_row) ) + { + ThrowMsg(Exception::SelectReuseWithDifferentQuerySignature, + "Current ORM implementation doesn't allow to reuse Update instance " + "with different query signature."); + } + } + m_row = row; + } + + void Execute() + { + Prepare(); + Bind(); + this->m_command->Step(); + this->m_command->Reset(); + } +}; + +} //namespace ORM +} //namespace DB +} //namespace VcoreDPL + +#endif // DPL_ORM_H diff --git a/vcore/src/dpl/db/include/dpl/db/orm_generator.h b/vcore/src/dpl/db/include/dpl/db/orm_generator.h new file mode 100644 index 0000000..dd1b0dd --- /dev/null +++ b/vcore/src/dpl/db/include/dpl/db/orm_generator.h @@ -0,0 +1,382 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file orm_generator.h + * @author Bartosz Janiak (b.janiak@samsung.com) + * @version 1.0 + * @brief Macro definitions for generating the DPL-ORM table definitions from database definitions. + */ + +#ifndef ORM_GENERATOR_DATABASE_NAME +#error You need to define database name in ORM_GENERATOR_DATABASE_NAME define before you include orm_generator.h file +#endif + +#include <dpl/db/orm_interface.h> + +#define ORM_GENERATOR_DATABASE_NAME_LOCAL <ORM_GENERATOR_DATABASE_NAME> + +#ifdef DPL_ORM_GENERATOR_H +#warning orm_generator.h is included multiply times. Make sure it has different ORM_GENERATOR_DATABASE_NAME set. +#endif + +#define DPL_ORM_GENERATOR_H + + +#include <boost/optional.hpp> +#include <dpl/string.h> +#include <dpl/type_list.h> +#include <dpl/db/sql_connection.h> +#include <dpl/db/orm.h> +#include <dpl/assert.h> +#include <string> + +/* + +This is true only when exactly one db is available. + +#if (defined DECLARE_COLUMN) || (defined INT) || (defined TINYINT) || \ + (defined INTEGER) || (defined BIGINT) || defined(VARCHAR) || defined(TEXT) || \ + (defined SQL) || (defined TABLE_CONSTRAINTS) || (defined OPTIONAL) || \ + (defined DATABASE_START) || (defined DATABASE_END) || (defined CREATE_TABLE) || \ + (defined COLUMN) || (defined COLUMN_NOT_NULL) || (defined CREATE_TABLE_END) + +#error This file temporarily defines many macros with generic names. To avoid name clash please include \ + this file as early as possible. If this is not possible please report this problem to DPL developers. + +#endif +*/ + +namespace VcoreDPL { +namespace DB { +namespace ORM { + +// Global macros + +#define STRINGIFY(s) _str(s) +#define _str(s) #s +#define DECLARE_COLUMN(FIELD, TYPE) \ + struct FIELD { \ + typedef TYPE ColumnType; \ + static const char* GetTableName() { return GetName(); } \ + static const char* GetColumnName() { return STRINGIFY(FIELD); } \ + static void SetRowField(Row& row, const TYPE& _value) { row.Set_##FIELD(_value);} \ + }; + +#define INT int +#define TINYINT int +#define INTEGER int //TODO: should be long long? +#define BIGINT int //TODO: should be long long? +#define VARCHAR(x) VcoreDPL::String +#define TEXT VcoreDPL::String + +#define SQL(...) +#define TABLE_CONSTRAINTS(...) +#define OPTIONAL(type) boost::optional< type > +#define DATABASE_START(db_name) \ + namespace db_name \ + { \ + class ScopedTransaction \ + { \ + bool m_commited; \ + IOrmInterface *m_interface; \ + \ + public: \ + ScopedTransaction(IOrmInterface *interface) : \ + m_commited(false), \ + m_interface(interface) \ + { \ + Assert(interface != NULL); \ + m_interface->TransactionBegin(); \ + } \ + \ + ~ScopedTransaction() \ + { \ + if (!m_commited) \ + m_interface->TransactionRollback(); \ + } \ + \ + void Commit() \ + { \ + m_interface->TransactionCommit(); \ + m_commited = true; \ + } \ + }; + +#define DATABASE_END() } + +// RowBase ostream operator<< declaration + +#define CREATE_TABLE(name) \ + namespace name { \ + class RowBase; \ + inline std::ostream& operator<<(std::ostream& ostr, const RowBase& row); \ + } +#define COLUMN_NOT_NULL(name, type, ...) +#define COLUMN(name, type, ...) +#define CREATE_TABLE_END() + +#include ORM_GENERATOR_DATABASE_NAME_LOCAL + +#undef CREATE_TABLE +#undef COLUMN_NOT_NULL +#undef COLUMN +#undef CREATE_TABLE_END + +#undef DATABASE_START +#define DATABASE_START(db_name) namespace db_name { + +// RowBase class + +#define CREATE_TABLE(name) namespace name { class RowBase { \ + public: friend std::ostream& operator<<(std::ostream&, const RowBase&); +#define COLUMN_NOT_NULL(name, type, ...) \ + protected: type name; bool m_##name##_set; \ + public: void Set_##name(const type& _value) { \ + m_##name##_set = true; \ + this->name = _value; \ + } \ + public: type Get_##name() const { \ + if ( !m_##name##_set ) { \ + ThrowMsg(Exception::RowFieldNotInitialized, \ + "You tried to read a row field that hasn't been set yet."); \ + } \ + return name; \ + } + +#define COLUMN(name, type, ...) \ + protected: OPTIONAL(type) name; bool m_##name##_set; \ + public: void Set_##name(const OPTIONAL(type)& _value) { \ + m_##name##_set = true; \ + this->name = _value; \ + } \ + public: OPTIONAL(type) Get_##name() const { \ + if ( !m_##name##_set ) { \ + ThrowMsg(Exception::RowFieldNotInitialized, \ + "You tried to read a row field that hasn't been set yet."); \ + } \ + return name; \ + } +#define CREATE_TABLE_END() }; } + +#include ORM_GENERATOR_DATABASE_NAME_LOCAL + +#undef CREATE_TABLE +#undef COLUMN_NOT_NULL +#undef COLUMN +#undef CREATE_TABLE_END + +// RowBase ostream operator<< + +#define CREATE_TABLE(name) std::ostream& name::operator<<(std::ostream& ostr, const RowBase& row) { using ::operator<< ; ostr << STRINGIFY(name) << " ("; +#define COLUMN_NOT_NULL(name, type, ...) ostr << " '" << row.name << "'" ; +#define COLUMN(name, type, ...) ostr << " '" << row.name << "'" ; +#define CREATE_TABLE_END() ostr << " )" ; return ostr; } + +#include ORM_GENERATOR_DATABASE_NAME_LOCAL + +#undef CREATE_TABLE +#undef COLUMN_NOT_NULL +#undef COLUMN +#undef CREATE_TABLE_END + +// RowBase2 class (== RowBase + operator==) + +#define CREATE_TABLE(name) namespace name { class RowBase2 : public RowBase { \ + public: bool operator==(const RowBase2& row) const { return true +#define COLUMN_NOT_NULL(name, type, ...) && (this->name == row.name) +#define COLUMN(name, type, ...) && (this->name == row.name) +#define CREATE_TABLE_END() ; } }; } + +#include ORM_GENERATOR_DATABASE_NAME_LOCAL + +#undef CREATE_TABLE +#undef COLUMN_NOT_NULL +#undef COLUMN +#undef CREATE_TABLE_END + +// RowBase3 class (== RowBase2 + operator<) + +#define CREATE_TABLE(name) namespace name { class RowBase3 : public RowBase2 { \ + public: bool operator<(const RowBase3& row) const { +#define COLUMN_NOT_NULL(name, type, ...) if (this->name < row.name) { return true; } if (this->name > row.name) { return false; } +#define COLUMN(name, type, ...) if (this->name < row.name) { return true; } if (this->name > row.name) { return false; } +#define CREATE_TABLE_END() return false; } }; } + +#include ORM_GENERATOR_DATABASE_NAME_LOCAL + +#undef CREATE_TABLE +#undef COLUMN_NOT_NULL +#undef COLUMN +#undef CREATE_TABLE_END + +// RowBase4 class (== RowBase3 + IsSignatureMatching ) + +#define CREATE_TABLE(name) namespace name { class RowBase4 : public RowBase3 { \ + public: bool IsSignatureMatching(const RowBase4& row) const { return true +#define COLUMN_NOT_NULL(name, type, ...) && (this->m_##name##_set == row.m_##name##_set) +#define COLUMN(name, type, ...) && (this->m_##name##_set == row.m_##name##_set) +#define CREATE_TABLE_END() ; } }; } + +#include ORM_GENERATOR_DATABASE_NAME_LOCAL + +#undef CREATE_TABLE +#undef COLUMN_NOT_NULL +#undef COLUMN +#undef CREATE_TABLE_END + +// RowBase5 class (== RowBase4 + default constructor) + +#define CREATE_TABLE(name) namespace name { class RowBase5 : public RowBase4 { \ + public: RowBase5() { +#define COLUMN_NOT_NULL(name, type, ...) m_##name##_set = false; +#define COLUMN(name, type, ...) m_##name##_set = false; +#define CREATE_TABLE_END() } }; } + +#include ORM_GENERATOR_DATABASE_NAME_LOCAL + +#undef CREATE_TABLE +#undef COLUMN_NOT_NULL +#undef COLUMN +#undef CREATE_TABLE_END + +// Row class (== RowBase5 + ForEachColumn ) + +#define CREATE_TABLE(name) namespace name { class Row : public RowBase5 { \ + public: template<typename Visitor> \ + void VisitColumns(Visitor& visitor) const { +#define COLUMN_NOT_NULL(name, type, ...) visitor.Visit(STRINGIFY(name), this->name, this->m_##name##_set); +#define COLUMN(name, type, ...) visitor.Visit(STRINGIFY(name), this->name, this->m_##name##_set); +#define CREATE_TABLE_END() } }; } + +#include ORM_GENERATOR_DATABASE_NAME_LOCAL + +#undef CREATE_TABLE +#undef COLUMN_NOT_NULL +#undef COLUMN +#undef CREATE_TABLE_END + +// Field structure declarations + +#define CREATE_TABLE(name) namespace name { \ + static const char* GetName() { return STRINGIFY(name); } +#define COLUMN_NOT_NULL(name, type, ...) DECLARE_COLUMN(name, type) +#define COLUMN(name, type, ...) DECLARE_COLUMN(name, OPTIONAL(type)) +#define CREATE_TABLE_END() } + +#include ORM_GENERATOR_DATABASE_NAME_LOCAL + +#undef CREATE_TABLE +#undef COLUMN_NOT_NULL +#undef COLUMN +#undef CREATE_TABLE_END + +// ColumnList typedef + +#define CREATE_TABLE(name) namespace name { typedef VcoreDPL::TypeListDecl< +#define COLUMN_NOT_NULL(name, type, ...) name, +#define COLUMN(name, type, ...) name, +#define CREATE_TABLE_END() VcoreDPL::TypeListGuard>::Type ColumnList; } + +#include ORM_GENERATOR_DATABASE_NAME_LOCAL + +#undef CREATE_TABLE +#undef COLUMN_NOT_NULL +#undef COLUMN +#undef CREATE_TABLE_END + +// TableDefinition struct + +#define CREATE_TABLE(table_name) \ + namespace table_name { \ + struct TableDefinition { \ + typedef table_name::ColumnList ColumnList; \ + typedef table_name::Row Row; \ + static const char* GetName() { return STRINGIFY(table_name); } \ + static VcoreDPL::DB::SqlConnection::DataCommand *AllocTableDataCommand( \ + const std::string &statement, \ + IOrmInterface *interface) \ + { \ + Assert(interface != NULL); \ + return interface->AllocDataCommand(statement); \ + } \ + static void FreeTableDataCommand( \ + VcoreDPL::DB::SqlConnection::DataCommand *command, \ + IOrmInterface *interface) \ + { \ + Assert(interface != NULL); \ + interface->FreeDataCommand(command); \ + } \ + static VcoreDPL::DB::SqlConnection::RowID GetLastInsertRowID( \ + IOrmInterface *interface) \ + { \ + Assert(interface != NULL); \ + return interface->GetLastInsertRowID(); \ + } \ + }; \ + } + +#define COLUMN_NOT_NULL(name, type, ...) +#define COLUMN(name, type, ...) +#define CREATE_TABLE_END() + +#include ORM_GENERATOR_DATABASE_NAME_LOCAL + +#undef CREATE_TABLE +#undef COLUMN_NOT_NULL +#undef COLUMN +#undef CREATE_TABLE_END + +// Query typedefs + +#define CREATE_TABLE(name) \ + namespace name { \ + typedef Select<TableDefinition> Select; \ + typedef Insert<TableDefinition> Insert; \ + typedef Delete<TableDefinition> Delete; \ + typedef Update<TableDefinition> Update; \ + } +#define COLUMN_NOT_NULL(name, type, ...) +#define COLUMN(name, type, ...) +#define CREATE_TABLE_END() + +#include ORM_GENERATOR_DATABASE_NAME_LOCAL + +#undef CREATE_TABLE +#undef COLUMN_NOT_NULL +#undef COLUMN +#undef CREATE_TABLE_END + + +// Global undefs +#undef INT +#undef TINYINT +#undef INTEGER +#undef BIGINT +#undef VARCHAR +#undef TEXT + +#undef SQL +#undef TABLE_CONSTRAINTS +#undef OPTIONAL +#undef DATABASE_START +#undef DATABASE_END + +} //namespace ORM +} //namespace DB +} //namespace VcoreDPL + +#undef ORM_GENERATOR_DATABASE_NAME +#undef ORM_GENERATOR_DATABASE_NAME_LOCAL diff --git a/vcore/src/dpl/db/include/dpl/db/orm_interface.h b/vcore/src/dpl/db/include/dpl/db/orm_interface.h new file mode 100644 index 0000000..025c642 --- /dev/null +++ b/vcore/src/dpl/db/include/dpl/db/orm_interface.h @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file orm_interface.h + * @author Lukasz Marek (l.marek@samsung.com) + * @version 1.0 + */ + +#include <string> +#include <dpl/db/sql_connection.h> + +#ifndef DPL_ORM_INTERFACE_H +#define DPL_ORM_INTERFACE_H + +namespace VcoreDPL { +namespace DB { +namespace ORM { +class IOrmInterface +{ + public: + virtual ~IOrmInterface() {} + virtual VcoreDPL::DB::SqlConnection::DataCommand *AllocDataCommand( + const std::string &statement) = 0; + virtual void FreeDataCommand(VcoreDPL::DB::SqlConnection::DataCommand *command) + = 0; + virtual void TransactionBegin() = 0; + virtual void TransactionCommit() = 0; + virtual void TransactionRollback() = 0; + virtual VcoreDPL::DB::SqlConnection::RowID GetLastInsertRowID() = 0; +}; +} +} +} + +#endif diff --git a/vcore/src/dpl/db/include/dpl/db/orm_macros.h b/vcore/src/dpl/db/include/dpl/db/orm_macros.h new file mode 100644 index 0000000..a038523 --- /dev/null +++ b/vcore/src/dpl/db/include/dpl/db/orm_macros.h @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file orm_macros.h + * @author Bartosz Janiak (b.janiak@samsung.com) + * @version 1.0 + * @brief Macro definitions for generating the SQL input file from + * database definition. + */ + +//Do not include this file directly! It is used only for SQL code generation. + +#define CREATE_TABLE(name) CREATE TABLE name( +#define COLUMN(name, type, ...) name type __VA_ARGS__, +#define COLUMN_NOT_NULL(name, type, ...) name type __VA_ARGS__ not null, +#define SQL(...) __VA_ARGS__ +#define TABLE_CONSTRAINTS(...) __VA_ARGS__, +#define CREATE_TABLE_END() CHECK(1) ); +#define DATABASE_START(db_name) +#define DATABASE_END() + diff --git a/vcore/src/dpl/db/include/dpl/db/sql_connection.h b/vcore/src/dpl/db/include/dpl/db/sql_connection.h new file mode 100644 index 0000000..56714ee --- /dev/null +++ b/vcore/src/dpl/db/include/dpl/db/sql_connection.h @@ -0,0 +1,519 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file sql_connection.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of SQL connection + */ +#ifndef DPL_SQL_CONNECTION_H +#define DPL_SQL_CONNECTION_H + +#include <dpl/noncopyable.h> +#include <dpl/exception.h> +#include <dpl/availability.h> +#include <memory> +#include <boost/optional.hpp> +#include <dpl/string.h> +#include <dpl/log/vcore_log.h> +#include <sqlite3.h> +#include <string> +#include <dpl/assert.h> +#include <memory> +#include <stdint.h> + +namespace VcoreDPL { +namespace DB { +/** + * SQL connection class + */ +class SqlConnection +{ + public: + /** + * SQL Exception classes + */ + class Exception + { + public: + DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, SyntaxError) + DECLARE_EXCEPTION_TYPE(Base, ConnectionBroken) + DECLARE_EXCEPTION_TYPE(Base, InternalError) + DECLARE_EXCEPTION_TYPE(Base, InvalidColumn) + }; + + typedef int ColumnIndex; + typedef int ArgumentIndex; + + /* + * SQL processed data command + */ + class DataCommand : + private Noncopyable + { + private: + SqlConnection *m_masterConnection; + sqlite3_stmt *m_stmt; + + void CheckBindResult(int result); + void CheckColumnIndex(SqlConnection::ColumnIndex column); + + DataCommand(SqlConnection *connection, const char *buffer); + + friend class SqlConnection; + + public: + virtual ~DataCommand(); + + /** + * Bind null to the prepared statement argument + * + * @param position Index of argument to bind value to + */ + void BindNull(ArgumentIndex position); + + /** + * Bind int to the prepared statement argument + * + * @param position Index of argument to bind value to + * @param value Value to bind + */ + void BindInteger(ArgumentIndex position, int value); + + /** + * Bind int8_t to the prepared statement argument + * + * @param position Index of argument to bind value to + * @param value Value to bind + */ + void BindInt8(ArgumentIndex position, int8_t value); + + /** + * Bind int16 to the prepared statement argument + * + * @param position Index of argument to bind value to + * @param value Value to bind + */ + void BindInt16(ArgumentIndex position, int16_t value); + + /** + * Bind int32 to the prepared statement argument + * + * @param position Index of argument to bind value to + * @param value Value to bind + */ + void BindInt32(ArgumentIndex position, int32_t value); + + /** + * Bind int64 to the prepared statement argument + * + * @param position Index of argument to bind value to + * @param value Value to bind + */ + void BindInt64(ArgumentIndex position, int64_t value); + + /** + * Bind float to the prepared statement argument + * + * @param position Index of argument to bind value to + * @param value Value to bind + */ + void BindFloat(ArgumentIndex position, float value); + + /** + * Bind double to the prepared statement argument + * + * @param position Index of argument to bind value to + * @param value Value to bind + */ + void BindDouble(ArgumentIndex position, double value); + + /** + * Bind string to the prepared statement argument + * + * @param position Index of argument to bind value to + * @param value Value to bind + */ + void BindString(ArgumentIndex position, const char *value); + + /** + * Bind string to the prepared statement argument + * + * @param position Index of argument to bind value to + * @param value Value to bind + */ + void BindString(ArgumentIndex position, const String& value); + + /** + * Bind optional int to the prepared statement argument. + * If optional is not set null will be bound + * + * @param position Index of argument to bind value to + * @param value Value to bind + */ + void BindInteger(ArgumentIndex position, const boost::optional<int> &value); + + /** + * Bind optional int8 to the prepared statement argument. + * If optional is not set null will be bound + * + * @param position Index of argument to bind value to + * @param value Value to bind + */ + void BindInt8(ArgumentIndex position, const boost::optional<int8_t> &value); + + /** + * Bind optional int16 to the prepared statement argument. + * If optional is not set null will be bound + * + * @param position Index of argument to bind value to + * @param value Value to bind + */ + void BindInt16(ArgumentIndex position, const boost::optional<int16_t> &value); + + /** + * Bind optional int32 to the prepared statement argument. + * If optional is not set null will be bound + * + * @param position Index of argument to bind value to + * @param value Value to bind + */ + void BindInt32(ArgumentIndex position, const boost::optional<int32_t> &value); + + /** + * Bind optional int64 to the prepared statement argument. + * If optional is not set null will be bound + * + * @param position Index of argument to bind value to + * @param value Value to bind + */ + void BindInt64(ArgumentIndex position, const boost::optional<int64_t> &value); + + /** + * Bind optional float to the prepared statement argument. + * If optional is not set null will be bound + * + * @param position Index of argument to bind value to + * @param value Value to bind + */ + void BindFloat(ArgumentIndex position, const boost::optional<float> &value); + + /** + * Bind optional double to the prepared statement argument. + * If optional is not set null will be bound + * + * @param position Index of argument to bind value to + * @param value Value to bind + */ + void BindDouble(ArgumentIndex position, const boost::optional<double> &value); + + /** + * Bind optional string to the prepared statement argument. + * If optional is not set null will be bound + * + * @param position Index of argument to bind value to + * @param value Value to bind + */ + void BindString(ArgumentIndex position, const boost::optional<String> &value); + + /** + * Execute the prepared statement and/or move + * to the next row of the result + * + * @return True when there was a row returned + */ + bool Step(); + + /** + * Reset prepared statement's arguments + * All parameters will become null + */ + void Reset(); + + /** + * Checks whether column value is null + * + * @throw Exception::InvalidColumn + */ + bool IsColumnNull(ColumnIndex column); + + /** + * Get integer value from column in current row. + * + * @throw Exception::InvalidColumn + */ + int GetColumnInteger(ColumnIndex column); + + /** + * Get int8 value from column in current row. + * + * @throw Exception::InvalidColumn + */ + int8_t GetColumnInt8(ColumnIndex column); + + /** + * Get int16 value from column in current row. + * + * @throw Exception::InvalidColumn + */ + int16_t GetColumnInt16(ColumnIndex column); + /** + * Get int32 value from column in current row. + * + * @throw Exception::InvalidColumn + */ + int32_t GetColumnInt32(ColumnIndex column); + + /** + * Get int64 value from column in current row. + * + * @throw Exception::InvalidColumn + */ + int64_t GetColumnInt64(ColumnIndex column); + + /** + * Get float value from column in current row. + * + * @throw Exception::InvalidColumn + */ + float GetColumnFloat(ColumnIndex column); + + /** + * Get double value from column in current row. + * + * @throw Exception::InvalidColumn + */ + double GetColumnDouble(ColumnIndex column); + + /** + * Get string value from column in current row. + * + * @throw Exception::InvalidColumn + */ + std::string GetColumnString(ColumnIndex column); + + /** + * Get optional integer value from column in current row. + * + * @throw Exception::InvalidColumn + */ + boost::optional<int> GetColumnOptionalInteger(ColumnIndex column); + + /** + * Get optional int8 value from column in current row. + * + * @throw Exception::InvalidColumn + */ + boost::optional<int8_t> GetColumnOptionalInt8(ColumnIndex column); + + /** + * Get optional int16value from column in current row. + * + * @throw Exception::InvalidColumn + */ + boost::optional<int16_t> GetColumnOptionalInt16(ColumnIndex column); + + /** + * Get optional int32 value from column in current row. + * + * @throw Exception::InvalidColumn + */ + boost::optional<int32_t> GetColumnOptionalInt32(ColumnIndex column); + + /** + * Get optional int64 value from column in current row. + * + * @throw Exception::InvalidColumn + */ + boost::optional<int64_t> GetColumnOptionalInt64(ColumnIndex column); + + /** + * Get optional float value from column in current row. + * + * @throw Exception::InvalidColumn + */ + boost::optional<float> GetColumnOptionalFloat(ColumnIndex column); + + /** + * Get optional double value from column in current row. + * + * @throw Exception::InvalidColumn + */ + boost::optional<double> GetColumnOptionalDouble(ColumnIndex column); + + /** + * Get optional string value from column in current row. + * + * @throw Exception::InvalidColumn + */ + boost::optional<String> GetColumnOptionalString(ColumnIndex column); + }; + + // Move on copy semantics + typedef std::auto_ptr<DataCommand> DataCommandAutoPtr; + + // Open flags + class Flag + { + public: + enum Type + { + None = 1 << 0, + UseLucene = 1 << 1 + }; + + enum Option + { + RO = SQLITE_OPEN_NOMUTEX | SQLITE_OPEN_READONLY, + /** + * *TODO: please remove CREATE option from RW flag when all places + * that need that switched do CRW + */ + RW = SQLITE_OPEN_NOMUTEX | SQLITE_OPEN_READWRITE | + SQLITE_OPEN_CREATE, + CRW = RW | SQLITE_OPEN_CREATE + }; + }; + + // RowID + typedef sqlite3_int64 RowID; + + /** + * Synchronization object used to synchronize SQL connection + * to the same database across different threads and processes + */ + class SynchronizationObject + { + public: + virtual ~SynchronizationObject() {} + + /** + * Synchronizes SQL connection for multiple clients. + */ + virtual void Synchronize() = 0; + + /** + * Notify all waiting clients that the connection is no longer locked. + */ + virtual void NotifyAll() = 0; + }; + + protected: + sqlite3 *m_connection; + + // Options + bool m_usingLucene; + + // Stored data procedures + int m_dataCommandsCount; + + // Synchronization object + std::unique_ptr<SynchronizationObject> m_synchronizationObject; + + virtual void Connect(const std::string &address, + Flag::Type = Flag::None, Flag::Option = Flag::RO); + virtual void Disconnect(); + + void TurnOnForeignKeys(); + + static SynchronizationObject *AllocDefaultSynchronizationObject(); + + public: + /** + * Open SQL connection + * + * Synchronization is archieved by using provided asynchronization object. + * If synchronizationObject is set to NULL, so synchronization is performed. + * Ownership of the synchronization object is transfered to sql connection + * object. + * + * @param address Database file name + * @param flags Open flags + * @param synchronizationObject A synchronization object to use. + */ + explicit SqlConnection(const std::string &address = std::string(), + Flag::Type flags = Flag::None, + Flag::Option options = Flag::RO, + SynchronizationObject *synchronizationObject = + AllocDefaultSynchronizationObject()); + + /** + * Destructor + */ + virtual ~SqlConnection(); + + /** + * Execute SQL command without result + * + * @param format + * @param ... + */ + void ExecCommand(const char *format, ...) DPL_DEPRECATED_WITH_MESSAGE( + "To prevent sql injection do not use this \ + method for direct sql execution"); + + /** + * Execute BEGIN; command to start new transaction + * + */ + void BeginTransaction(); + + /** + * Execute ROLLBACK; command to discard changes made + * + */ + void RollbackTransaction(); + + /** + * Execute COMMIT; command to commit changes in database + * + */ + void CommitTransaction(); + + /** + * Prepare stored procedure + * + * @param format SQL statement + * @return Data command representing stored procedure + */ + DataCommandAutoPtr PrepareDataCommand(const char *format, ...); + + /** + * Check whether given table exists + * + * @param tableName Name of the table to check + * @return True if given table name exists + */ + bool CheckTableExist(const char *tableName); + + /** + * Get last insert operation new row id + * + * @return Row ID + */ + RowID GetLastInsertRowID() const; + + private: + int db_util_open_with_options(const char *pszFilePath, sqlite3 **ppDB, + int flags, const char *zVfs); + int db_util_close(sqlite3 *pDB); + +}; +} // namespace DB +} // namespace VcoreDPL + +#endif // DPL_SQL_CONNECTION_H diff --git a/vcore/src/dpl/db/include/dpl/db/thread_database_support.h b/vcore/src/dpl/db/include/dpl/db/thread_database_support.h new file mode 100644 index 0000000..5c82ae5 --- /dev/null +++ b/vcore/src/dpl/db/include/dpl/db/thread_database_support.h @@ -0,0 +1,300 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file thread_database_support.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk) + * @version 1.0 + * @brief This file contains the declaration of thread database support + */ + +#ifndef DPL_THREAD_DATABASE_SUPPORT_H +#define DPL_THREAD_DATABASE_SUPPORT_H + +#include <string> +#include <dpl/db/sql_connection.h> +#include <dpl/db/orm_interface.h> +#include <dpl/thread.h> +#include <dpl/assert.h> +#include <stdint.h> + +namespace VcoreDPL { +namespace DB { +/** + * Thread database support + * + * Associate database connection with thread lifecycle + * + */ + +class ThreadDatabaseSupport : + public VcoreDPL::DB::ORM::IOrmInterface +{ + private: + typedef VcoreDPL::DB::SqlConnection *SqlConnectionPtr; + typedef VcoreDPL::ThreadLocalVariable<SqlConnectionPtr> TLVSqlConnectionPtr; + typedef VcoreDPL::ThreadLocalVariable<size_t> TLVSizeT; + typedef VcoreDPL::ThreadLocalVariable<bool> TLVBool; + + TLVSqlConnectionPtr m_connection; + TLVBool m_linger; + TLVSizeT m_refCounter; + TLVSizeT m_transactionDepth; + TLVSizeT m_attachCount; + TLVBool m_transactionCancel; + std::string m_address; + VcoreDPL::DB::SqlConnection::Flag::Type m_flags; + + TLVSqlConnectionPtr &Connection() + { + return m_connection; + } + + TLVBool &Linger() + { + return m_linger; + } + + TLVSizeT &RefCounter() + { + return m_refCounter; + } + + TLVSizeT &TransactionDepth() + { + return m_transactionDepth; + } + + TLVSizeT &AttachCount() + { + return m_attachCount; + } + + TLVBool &TransactionCancel() + { + return m_transactionCancel; + } + + void CheckedConnectionDelete() + { + Assert(!Connection().IsNull()); + Assert(*Linger() == true); + + if (*RefCounter() > 0 || *AttachCount() > 0) { + return; + } + + // Destroy connection + VcoreLogD("Destroying thread database connection: %s", m_address.c_str()); + + delete *Connection(); + + // Blocking destroy + Connection().GuardValue(false); + Linger().GuardValue(false); + RefCounter().GuardValue(false); + TransactionCancel().GuardValue(false); + TransactionDepth().GuardValue(false); + AttachCount().GuardValue(false); + + Connection().Reset(); + Linger().Reset(); + RefCounter().Reset(); + TransactionCancel().Reset(); + TransactionDepth().Reset(); + AttachCount().Reset(); + } + + void TransactionUnref() + { + VcoreLogD("Unref transaction"); + + if (--(*TransactionDepth()) == 0) { + VcoreLogD("Transaction is finalized"); + + if (*TransactionCancel()) { + VcoreLogD("Transaction will be rolled back"); + (*Connection())->RollbackTransaction(); + } else { + VcoreLogD("Transaction will be commited"); + (*Connection())->CommitTransaction(); + } + } + } + + public: + ThreadDatabaseSupport(const std::string &address, + VcoreDPL::DB::SqlConnection::Flag::Type flags) : + m_address(address), + m_flags(flags) + {} + + virtual ~ThreadDatabaseSupport() + {} + + void AttachToThread( + VcoreDPL::DB::SqlConnection::Flag::Option options = + VcoreDPL::DB::SqlConnection::Flag::RO) + { + Linger() = false; + + if (!Connection().IsNull()) { + // Add reference + ++*AttachCount(); + return; + } + + // Initialize SQL connection described in traits + VcoreLogD("Attaching thread database connection: %s", m_address.c_str()); + + Connection() = new VcoreDPL::DB::SqlConnection( + m_address.c_str(), m_flags, options); + + RefCounter() = 0; + + AttachCount() = 1; + + //Init Transaction related variables + TransactionDepth() = 0; + TransactionCancel() = false; + + // Blocking destroy + Connection().GuardValue(true); + Linger().GuardValue(true); + RefCounter().GuardValue(true); + TransactionDepth().GuardValue(true); + AttachCount().GuardValue(true); + TransactionCancel().GuardValue(true); + } + + void DetachFromThread() + { + // Calling thread must support thread database connections + Assert(!Connection().IsNull()); + + // Remove reference + --*AttachCount(); + + if (*AttachCount() > 0) { + return; + } + + // It must not be in linger state yet + Assert(*Linger() == false); + + VcoreLogD("Detaching thread database connection: %s", m_address.c_str()); + + // Enter linger state + *Linger() = true; + + // Checked delete + CheckedConnectionDelete(); + } + + bool IsAttached() + { + return !AttachCount().IsNull() && *AttachCount() > 0; + } + + VcoreDPL::DB::SqlConnection::DataCommand *AllocDataCommand( + const std::string &statement) + { + // Calling thread must support thread database connections + Assert(!Connection().IsNull()); + + // Calling thread must not be in linger state + Assert(*Linger() == false); + + // Add reference + ++*RefCounter(); + + // Create new unmanaged data command + return (*Connection())->PrepareDataCommand(statement.c_str()).release(); + } + + void FreeDataCommand(VcoreDPL::DB::SqlConnection::DataCommand *command) + { + // Calling thread must support thread database connections + Assert(!Connection().IsNull()); + + // Delete data command + delete command; + + // Unreference SQL connection + --*RefCounter(); + + // If it is linger state, connection may be destroyed + if (*Linger() == true) { + CheckedConnectionDelete(); + } + } + + void TransactionBegin() + { + // Calling thread must support thread database connections + Assert(!Connection().IsNull()); + + VcoreLogD("Begin transaction"); + + // Addref transaction + if (++(*TransactionDepth()) == 1) { + VcoreLogD("Transaction is initialized"); + + TransactionCancel() = false; + (*Connection())->BeginTransaction(); + } + } + + void TransactionCommit() + { + // Calling thread must support thread database connections + Assert(!Connection().IsNull()); + + VcoreLogD("Commit transaction"); + + // Unref transation + TransactionUnref(); + } + + void TransactionRollback() + { + // Calling thread must support thread database connections + Assert(!Connection().IsNull()); + + // Cancel and unref transaction + TransactionCancel() = true; + TransactionUnref(); + } + + VcoreDPL::DB::SqlConnection::RowID GetLastInsertRowID() + { + // Calling thread must support thread database connections + Assert(!Connection().IsNull()); + + return (*Connection())->GetLastInsertRowID(); + } + + bool CheckTableExist(const char *name) + { + // Calling thread must support thread database connections + Assert(!Connection().IsNull()); + + return (*Connection())->CheckTableExist(name); + } +}; +} +} + +#endif // DPL_THREAD_DATABASE_SUPPORT_H diff --git a/vcore/src/dpl/db/src/naive_synchronization_object.cpp b/vcore/src/dpl/db/src/naive_synchronization_object.cpp new file mode 100644 index 0000000..f67694a --- /dev/null +++ b/vcore/src/dpl/db/src/naive_synchronization_object.cpp @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file naive_synchronization_object.cpp + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of SQL naive + * synchronization object + */ +#include <stddef.h> +#include <dpl/db/naive_synchronization_object.h> +#include <dpl/thread.h> + +namespace { + unsigned int seed = time(NULL); +} + +namespace VcoreDPL { +namespace DB { +void NaiveSynchronizationObject::Synchronize() +{ + // Sleep for about 10ms - 30ms + Thread::MiliSleep(10 + rand_r(&seed) % 20); +} + +void NaiveSynchronizationObject::NotifyAll() +{ + // No need to inform about anything +} +} // namespace DB +} // namespace VcoreDPL diff --git a/vcore/src/dpl/db/src/orm.cpp b/vcore/src/dpl/db/src/orm.cpp new file mode 100644 index 0000000..6e79d46 --- /dev/null +++ b/vcore/src/dpl/db/src/orm.cpp @@ -0,0 +1,102 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file orm.cpp + * @author Bartosz Janiak (b.janiak@samsung.com) + * @version 1.0 + * @brief Static definitions and function template specialziations of + * DPL-ORM. + */ +#include <stddef.h> +#include <dpl/db/orm.h> + +namespace VcoreDPL { +namespace DB { +namespace ORM { +namespace RelationTypes { +const char Equal[] = "="; +const char LessThan[] = "<"; +const char And[] = "AND"; +const char Or[] = "OR"; +const char Is[] = "IS"; +const char In[] = "IN"; +} + +template<> +int GetColumnFromCommand<int>(ColumnIndex columnIndex, + DataCommand *command) +{ + return command->GetColumnInteger(columnIndex); +} + +template<> +VcoreDPL::String GetColumnFromCommand<VcoreDPL::String>(ColumnIndex columnIndex, + DataCommand *command) +{ + return VcoreDPL::FromUTF8String(command->GetColumnString(columnIndex)); +} + +template<> +OptionalInteger GetColumnFromCommand<OptionalInteger>(ColumnIndex columnIndex, + DataCommand *command) +{ + return command->GetColumnOptionalInteger(columnIndex); +} + +template<> +OptionalString GetColumnFromCommand<OptionalString>(ColumnIndex columnIndex, + DataCommand *command) +{ + return command->GetColumnOptionalString(columnIndex); +} + +template<> +double GetColumnFromCommand<double>(ColumnIndex columnIndex, + DataCommand *command) +{ + return command->GetColumnDouble(columnIndex); +} + +void DataCommandUtils::BindArgument(DataCommand *command, + ArgumentIndex index, + int argument) +{ + command->BindInteger(index, argument); +} + +void DataCommandUtils::BindArgument(DataCommand *command, + ArgumentIndex index, + const OptionalInteger& argument) +{ + command->BindInteger(index, argument); +} + +void DataCommandUtils::BindArgument(DataCommand *command, + ArgumentIndex index, + const VcoreDPL::String& argument) +{ + command->BindString(index, argument); +} + +void DataCommandUtils::BindArgument(DataCommand *command, + ArgumentIndex index, + const OptionalString& argument) +{ + command->BindString(index, argument); +} +} +} +} diff --git a/vcore/src/dpl/db/src/sql_connection.cpp b/vcore/src/dpl/db/src/sql_connection.cpp new file mode 100644 index 0000000..9da8266 --- /dev/null +++ b/vcore/src/dpl/db/src/sql_connection.cpp @@ -0,0 +1,896 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file sql_connection.cpp + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of SQL connection + */ +#include <stddef.h> +#include <dpl/db/sql_connection.h> +#include <dpl/db/naive_synchronization_object.h> +#include <dpl/free_deleter.h> +#include <memory> +#include <dpl/noncopyable.h> +#include <dpl/assert.h> +#include <unistd.h> +#include <cstdio> +#include <cstdarg> + +namespace VcoreDPL { +namespace DB { +namespace // anonymous +{ +class ScopedNotifyAll : + public Noncopyable +{ + private: + SqlConnection::SynchronizationObject *m_synchronizationObject; + + public: + explicit ScopedNotifyAll( + SqlConnection::SynchronizationObject *synchronizationObject) : + m_synchronizationObject(synchronizationObject) + {} + + ~ScopedNotifyAll() + { + if (!m_synchronizationObject) { + return; + } + + VcoreLogD("Notifying after successful synchronize"); + m_synchronizationObject->NotifyAll(); + } +}; +} // namespace anonymous + +SqlConnection::DataCommand::DataCommand(SqlConnection *connection, + const char *buffer) : + m_masterConnection(connection), + m_stmt(NULL) +{ + Assert(connection != NULL); + + // Notify all after potentially synchronized database connection access + ScopedNotifyAll notifyAll(connection->m_synchronizationObject.get()); + + for (;;) { + int ret = sqlite3_prepare_v2(connection->m_connection, + buffer, strlen(buffer), + &m_stmt, NULL); + + if (ret == SQLITE_OK) { + VcoreLogD("Data command prepared successfuly"); + break; + } else if (ret == SQLITE_BUSY) { + VcoreLogD("Collision occurred while preparing SQL command"); + + // Synchronize if synchronization object is available + if (connection->m_synchronizationObject) { + VcoreLogD("Performing synchronization"); + connection->m_synchronizationObject->Synchronize(); + continue; + } + + // No synchronization object defined. Fail. + } + + // Fatal error + const char *error = sqlite3_errmsg(m_masterConnection->m_connection); + + VcoreLogD("SQL prepare data command failed"); + VcoreLogD(" Statement: %s", buffer); + VcoreLogD(" Error: %s", error); + + ThrowMsg(Exception::SyntaxError, error); + } + + VcoreLogD("Prepared data command: %s", buffer); + + // Increment stored data command count + ++m_masterConnection->m_dataCommandsCount; +} + +SqlConnection::DataCommand::~DataCommand() +{ + VcoreLogD("SQL data command finalizing"); + + if (sqlite3_finalize(m_stmt) != SQLITE_OK) { + VcoreLogD("Failed to finalize data command"); + } + + // Decrement stored data command count + --m_masterConnection->m_dataCommandsCount; +} + +void SqlConnection::DataCommand::CheckBindResult(int result) +{ + if (result != SQLITE_OK) { + const char *error = sqlite3_errmsg( + m_masterConnection->m_connection); + + VcoreLogD("Failed to bind SQL statement parameter"); + VcoreLogD(" Error: %s", error); + + ThrowMsg(Exception::SyntaxError, error); + } +} + +void SqlConnection::DataCommand::BindNull( + SqlConnection::ArgumentIndex position) +{ + CheckBindResult(sqlite3_bind_null(m_stmt, position)); + VcoreLogD("SQL data command bind null: [%i]", position); +} + +void SqlConnection::DataCommand::BindInteger( + SqlConnection::ArgumentIndex position, + int value) +{ + CheckBindResult(sqlite3_bind_int(m_stmt, position, value)); + VcoreLogD("SQL data command bind integer: [%i] -> %i", position, value); +} + +void SqlConnection::DataCommand::BindInt8( + SqlConnection::ArgumentIndex position, + int8_t value) +{ + CheckBindResult(sqlite3_bind_int(m_stmt, position, + static_cast<int>(value))); + VcoreLogD("SQL data command bind int8: [%i] -> %i", position, value); +} + +void SqlConnection::DataCommand::BindInt16( + SqlConnection::ArgumentIndex position, + int16_t value) +{ + CheckBindResult(sqlite3_bind_int(m_stmt, position, + static_cast<int>(value))); + VcoreLogD("SQL data command bind int16: [%i] -> %i", position, value); +} + +void SqlConnection::DataCommand::BindInt32( + SqlConnection::ArgumentIndex position, + int32_t value) +{ + CheckBindResult(sqlite3_bind_int(m_stmt, position, + static_cast<int>(value))); + VcoreLogD("SQL data command bind int32: [%i] -> %i", position, value); +} + +void SqlConnection::DataCommand::BindInt64( + SqlConnection::ArgumentIndex position, + int64_t value) +{ + CheckBindResult(sqlite3_bind_int64(m_stmt, position, + static_cast<sqlite3_int64>(value))); + VcoreLogD("SQL data command bind int64: [%i] -> %lli", position, value); +} + +void SqlConnection::DataCommand::BindFloat( + SqlConnection::ArgumentIndex position, + float value) +{ + CheckBindResult(sqlite3_bind_double(m_stmt, position, + static_cast<double>(value))); + VcoreLogD("SQL data command bind float: [%i] -> %f", position, value); +} + +void SqlConnection::DataCommand::BindDouble( + SqlConnection::ArgumentIndex position, + double value) +{ + CheckBindResult(sqlite3_bind_double(m_stmt, position, value)); + VcoreLogD("SQL data command bind double: [%i] -> %f", position, value); +} + +void SqlConnection::DataCommand::BindString( + SqlConnection::ArgumentIndex position, + const char *value) +{ + if (!value) { + BindNull(position); + return; + } + + // Assume that text may disappear + CheckBindResult(sqlite3_bind_text(m_stmt, position, + value, strlen(value), + SQLITE_TRANSIENT)); + + VcoreLogD("SQL data command bind string: [%i] -> %s", position, value); +} + +void SqlConnection::DataCommand::BindString( + SqlConnection::ArgumentIndex position, + const String &value) +{ + BindString(position, ToUTF8String(value).c_str()); +} + +void SqlConnection::DataCommand::BindInteger( + SqlConnection::ArgumentIndex position, + const boost::optional<int> &value) +{ + if (!value) { + BindNull(position); + } else { + BindInteger(position, *value); + } +} + +void SqlConnection::DataCommand::BindInt8( + SqlConnection::ArgumentIndex position, + const boost::optional<int8_t> &value) +{ + if (!value) { + BindNull(position); + } else { + BindInt8(position, *value); + } +} + +void SqlConnection::DataCommand::BindInt16( + SqlConnection::ArgumentIndex position, + const boost::optional<int16_t> &value) +{ + if (!value) { + BindNull(position); + } else { + BindInt16(position, *value); + } +} + +void SqlConnection::DataCommand::BindInt32( + SqlConnection::ArgumentIndex position, + const boost::optional<int32_t> &value) +{ + if (!value) { + BindNull(position); + } else { + BindInt32(position, *value); + } +} + +void SqlConnection::DataCommand::BindInt64( + SqlConnection::ArgumentIndex position, + const boost::optional<int64_t> &value) +{ + if (!value) { + BindNull(position); + } else { + BindInt64(position, *value); + } +} + +void SqlConnection::DataCommand::BindFloat( + SqlConnection::ArgumentIndex position, + const boost::optional<float> &value) +{ + if (!value) { + BindNull(position); + } else { + BindFloat(position, *value); + } +} + +void SqlConnection::DataCommand::BindDouble( + SqlConnection::ArgumentIndex position, + const boost::optional<double> &value) +{ + if (!value) { + BindNull(position); + } else { + BindDouble(position, *value); + } +} + +void SqlConnection::DataCommand::BindString( + SqlConnection::ArgumentIndex position, + const boost::optional<String> &value) +{ + if (!!value) { + BindString(position, ToUTF8String(*value).c_str()); + } else { + BindNull(position); + } +} + +bool SqlConnection::DataCommand::Step() +{ + // Notify all after potentially synchronized database connection access + ScopedNotifyAll notifyAll( + m_masterConnection->m_synchronizationObject.get()); + + for (;;) { + int ret = sqlite3_step(m_stmt); + + if (ret == SQLITE_ROW) { + VcoreLogD("SQL data command step ROW"); + return true; + } else if (ret == SQLITE_DONE) { + VcoreLogD("SQL data command step DONE"); + return false; + } else if (ret == SQLITE_BUSY) { + VcoreLogD("Collision occurred while executing SQL command"); + + // Synchronize if synchronization object is available + if (m_masterConnection->m_synchronizationObject) { + VcoreLogD("Performing synchronization"); + + m_masterConnection-> + m_synchronizationObject->Synchronize(); + + continue; + } + + // No synchronization object defined. Fail. + } + + // Fatal error + const char *error = sqlite3_errmsg(m_masterConnection->m_connection); + + VcoreLogD("SQL step data command failed"); + VcoreLogD(" Error: %s", error); + + ThrowMsg(Exception::InternalError, error); + } +} + +void SqlConnection::DataCommand::Reset() +{ + /* + * According to: + * http://www.sqlite.org/c3ref/stmt.html + * + * if last sqlite3_step command on this stmt returned an error, + * then sqlite3_reset will return that error, althought it is not an error. + * So sqlite3_reset allways succedes. + */ + sqlite3_reset(m_stmt); + + VcoreLogD("SQL data command reset"); +} + +void SqlConnection::DataCommand::CheckColumnIndex( + SqlConnection::ColumnIndex column) +{ + if (column < 0 || column >= sqlite3_column_count(m_stmt)) { + ThrowMsg(Exception::InvalidColumn, "Column index is out of bounds"); + } +} + +bool SqlConnection::DataCommand::IsColumnNull( + SqlConnection::ColumnIndex column) +{ + VcoreLogD("SQL data command get column type: [%i]", column); + CheckColumnIndex(column); + return sqlite3_column_type(m_stmt, column) == SQLITE_NULL; +} + +int SqlConnection::DataCommand::GetColumnInteger( + SqlConnection::ColumnIndex column) +{ + VcoreLogD("SQL data command get column integer: [%i]", column); + CheckColumnIndex(column); + int value = sqlite3_column_int(m_stmt, column); + VcoreLogD(" Value: %i", value); + return value; +} + +int8_t SqlConnection::DataCommand::GetColumnInt8( + SqlConnection::ColumnIndex column) +{ + VcoreLogD("SQL data command get column int8: [%i]", column); + CheckColumnIndex(column); + int8_t value = static_cast<int8_t>(sqlite3_column_int(m_stmt, column)); + VcoreLogD(" Value: %i", value); + return value; +} + +int16_t SqlConnection::DataCommand::GetColumnInt16( + SqlConnection::ColumnIndex column) +{ + VcoreLogD("SQL data command get column int16: [%i]", column); + CheckColumnIndex(column); + int16_t value = static_cast<int16_t>(sqlite3_column_int(m_stmt, column)); + VcoreLogD(" Value: %i", value); + return value; +} + +int32_t SqlConnection::DataCommand::GetColumnInt32( + SqlConnection::ColumnIndex column) +{ + VcoreLogD("SQL data command get column int32: [%i]", column); + CheckColumnIndex(column); + int32_t value = static_cast<int32_t>(sqlite3_column_int(m_stmt, column)); + VcoreLogD(" Value: %i", value); + return value; +} + +int64_t SqlConnection::DataCommand::GetColumnInt64( + SqlConnection::ColumnIndex column) +{ + VcoreLogD("SQL data command get column int64: [%i]", column); + CheckColumnIndex(column); + int64_t value = static_cast<int64_t>(sqlite3_column_int64(m_stmt, column)); + VcoreLogD(" Value: %lli", value); + return value; +} + +float SqlConnection::DataCommand::GetColumnFloat( + SqlConnection::ColumnIndex column) +{ + VcoreLogD("SQL data command get column float: [%i]", column); + CheckColumnIndex(column); + float value = static_cast<float>(sqlite3_column_double(m_stmt, column)); + VcoreLogD(" Value: %f", value); + return value; +} + +double SqlConnection::DataCommand::GetColumnDouble( + SqlConnection::ColumnIndex column) +{ + VcoreLogD("SQL data command get column double: [%i]", column); + CheckColumnIndex(column); + double value = sqlite3_column_double(m_stmt, column); + VcoreLogD(" Value: %f", value); + return value; +} + +std::string SqlConnection::DataCommand::GetColumnString( + SqlConnection::ColumnIndex column) +{ + VcoreLogD("SQL data command get column string: [%i]", column); + CheckColumnIndex(column); + + const char *value = reinterpret_cast<const char *>( + sqlite3_column_text(m_stmt, column)); + + VcoreLogD(" Value: %s", value); + + if (value == NULL) { + return std::string(); + } + + return std::string(value); +} + +boost::optional<int> SqlConnection::DataCommand::GetColumnOptionalInteger( + SqlConnection::ColumnIndex column) +{ + VcoreLogD("SQL data command get column optional integer: [%i]", column); + CheckColumnIndex(column); + if (sqlite3_column_type(m_stmt, column) == SQLITE_NULL) { + return boost::optional<int>(); + } + int value = sqlite3_column_int(m_stmt, column); + VcoreLogD(" Value: %i", value); + return boost::optional<int>(value); +} + +boost::optional<int8_t> SqlConnection::DataCommand::GetColumnOptionalInt8( + SqlConnection::ColumnIndex column) +{ + VcoreLogD("SQL data command get column optional int8: [%i]", column); + CheckColumnIndex(column); + if (sqlite3_column_type(m_stmt, column) == SQLITE_NULL) { + return boost::optional<int8_t>(); + } + int8_t value = static_cast<int8_t>(sqlite3_column_int(m_stmt, column)); + VcoreLogD(" Value: %i", value); + return boost::optional<int8_t>(value); +} + +boost::optional<int16_t> SqlConnection::DataCommand::GetColumnOptionalInt16( + SqlConnection::ColumnIndex column) +{ + VcoreLogD("SQL data command get column optional int16: [%i]", column); + CheckColumnIndex(column); + if (sqlite3_column_type(m_stmt, column) == SQLITE_NULL) { + return boost::optional<int16_t>(); + } + int16_t value = static_cast<int16_t>(sqlite3_column_int(m_stmt, column)); + VcoreLogD(" Value: %i", value); + return boost::optional<int16_t>(value); +} + +boost::optional<int32_t> SqlConnection::DataCommand::GetColumnOptionalInt32( + SqlConnection::ColumnIndex column) +{ + VcoreLogD("SQL data command get column optional int32: [%i]", column); + CheckColumnIndex(column); + if (sqlite3_column_type(m_stmt, column) == SQLITE_NULL) { + return boost::optional<int32_t>(); + } + int32_t value = static_cast<int32_t>(sqlite3_column_int(m_stmt, column)); + VcoreLogD(" Value: %i", value); + return boost::optional<int32_t>(value); +} + +boost::optional<int64_t> SqlConnection::DataCommand::GetColumnOptionalInt64( + SqlConnection::ColumnIndex column) +{ + VcoreLogD("SQL data command get column optional int64: [%i]", column); + CheckColumnIndex(column); + if (sqlite3_column_type(m_stmt, column) == SQLITE_NULL) { + return boost::optional<int64_t>(); + } + int64_t value = static_cast<int64_t>(sqlite3_column_int64(m_stmt, column)); + VcoreLogD(" Value: %lli", value); + return boost::optional<int64_t>(value); +} + +boost::optional<float> SqlConnection::DataCommand::GetColumnOptionalFloat( + SqlConnection::ColumnIndex column) +{ + VcoreLogD("SQL data command get column optional float: [%i]", column); + CheckColumnIndex(column); + if (sqlite3_column_type(m_stmt, column) == SQLITE_NULL) { + return boost::optional<float>(); + } + float value = static_cast<float>(sqlite3_column_double(m_stmt, column)); + VcoreLogD(" Value: %f", value); + return boost::optional<float>(value); +} + +boost::optional<double> SqlConnection::DataCommand::GetColumnOptionalDouble( + SqlConnection::ColumnIndex column) +{ + VcoreLogD("SQL data command get column optional double: [%i]", column); + CheckColumnIndex(column); + if (sqlite3_column_type(m_stmt, column) == SQLITE_NULL) { + return boost::optional<double>(); + } + double value = sqlite3_column_double(m_stmt, column); + VcoreLogD(" Value: %f", value); + return boost::optional<double>(value); +} + +boost::optional<String> SqlConnection::DataCommand::GetColumnOptionalString( + SqlConnection::ColumnIndex column) +{ + VcoreLogD("SQL data command get column optional string: [%i]", column); + CheckColumnIndex(column); + if (sqlite3_column_type(m_stmt, column) == SQLITE_NULL) { + return boost::optional<String>(); + } + const char *value = reinterpret_cast<const char *>( + sqlite3_column_text(m_stmt, column)); + VcoreLogD(" Value: %s", value); + String s = FromUTF8String(value); + return boost::optional<String>(s); +} + +void SqlConnection::Connect(const std::string &address, + Flag::Type type, + Flag::Option flag) +{ + if (m_connection != NULL) { + VcoreLogD("Already connected."); + return; + } + VcoreLogD("Connecting to DB: %s...", address.c_str()); + + // Connect to database + int result; + if (type & Flag::UseLucene) { + result = db_util_open_with_options( + address.c_str(), + &m_connection, + flag, + NULL); + + m_usingLucene = true; + VcoreLogD("Lucene index enabled"); + } else { + result = sqlite3_open_v2( + address.c_str(), + &m_connection, + flag, + NULL); + + m_usingLucene = false; + VcoreLogD("Lucene index disabled"); + } + + if (result == SQLITE_OK) { + VcoreLogD("Connected to DB"); + } else { + VcoreLogD("Failed to connect to DB!"); + ThrowMsg(Exception::ConnectionBroken, address); + } + + // Enable foreign keys + TurnOnForeignKeys(); +} + +void SqlConnection::Disconnect() +{ + if (m_connection == NULL) { + VcoreLogD("Already disconnected."); + return; + } + + VcoreLogD("Disconnecting from DB..."); + + // All stored data commands must be deleted before disconnect + AssertMsg(m_dataCommandsCount == 0, + "All stored procedures must be deleted" + " before disconnecting SqlConnection"); + + int result; + + if (m_usingLucene) { + result = db_util_close(m_connection); + } else { + result = sqlite3_close(m_connection); + } + + if (result != SQLITE_OK) { + const char *error = sqlite3_errmsg(m_connection); + VcoreLogD("SQL close failed"); + VcoreLogD(" Error: %s", error); + Throw(Exception::InternalError); + } + + m_connection = NULL; + + VcoreLogD("Disconnected from DB"); +} + +bool SqlConnection::CheckTableExist(const char *tableName) +{ + if (m_connection == NULL) { + VcoreLogD("Cannot execute command. Not connected to DB!"); + return false; + } + + DataCommandAutoPtr command = + PrepareDataCommand("select tbl_name from sqlite_master where name=?;"); + + command->BindString(1, tableName); + + if (!command->Step()) { + VcoreLogD("No matching records in table"); + return false; + } + + return command->GetColumnString(0) == tableName; +} + +SqlConnection::SqlConnection(const std::string &address, + Flag::Type flag, + Flag::Option option, + SynchronizationObject *synchronizationObject) : + m_connection(NULL), + m_usingLucene(false), + m_dataCommandsCount(0), + m_synchronizationObject(synchronizationObject) +{ + VcoreLogD("Opening database connection to: %s", address.c_str()); + + // Connect to DB + SqlConnection::Connect(address, flag, option); + + if (!m_synchronizationObject) { + VcoreLogD("No synchronization object defined"); + } +} + +SqlConnection::~SqlConnection() +{ + VcoreLogD("Closing database connection"); + + // Disconnect from DB + Try + { + SqlConnection::Disconnect(); + } + Catch(Exception::Base) + { + VcoreLogD("Failed to disconnect from database"); + } +} + +void SqlConnection::ExecCommand(const char *format, ...) +{ + if (m_connection == NULL) { + VcoreLogD("Cannot execute command. Not connected to DB!"); + return; + } + + if (format == NULL) { + VcoreLogD("Null query!"); + ThrowMsg(Exception::SyntaxError, "Null statement"); + } + + char *rawBuffer; + + va_list args; + va_start(args, format); + + if (vasprintf(&rawBuffer, format, args) == -1) { + rawBuffer = NULL; + } + + va_end(args); + + std::unique_ptr<char[],free_deleter> buffer(rawBuffer); + + if (!buffer) { + VcoreLogD("Failed to allocate statement string"); + return; + } + + VcoreLogD("Executing SQL command: %s", buffer.get()); + + // Notify all after potentially synchronized database connection access + ScopedNotifyAll notifyAll(m_synchronizationObject.get()); + + for (;;) { + char *errorBuffer; + + int ret = sqlite3_exec(m_connection, + buffer.get(), + NULL, + NULL, + &errorBuffer); + + std::string errorMsg; + + // Take allocated error buffer + if (errorBuffer != NULL) { + errorMsg = errorBuffer; + sqlite3_free(errorBuffer); + } + + if (ret == SQLITE_OK) { + return; + } + + if (ret == SQLITE_BUSY) { + VcoreLogD("Collision occurred while executing SQL command"); + + // Synchronize if synchronization object is available + if (m_synchronizationObject) { + VcoreLogD("Performing synchronization"); + m_synchronizationObject->Synchronize(); + continue; + } + + // No synchronization object defined. Fail. + } + + // Fatal error + VcoreLogD("Failed to execute SQL command. Error: %s", errorMsg.c_str()); + ThrowMsg(Exception::SyntaxError, errorMsg); + } +} + +SqlConnection::DataCommandAutoPtr SqlConnection::PrepareDataCommand( + const char *format, + ...) +{ + if (m_connection == NULL) { + VcoreLogD("Cannot execute data command. Not connected to DB!"); + return DataCommandAutoPtr(); + } + + char *rawBuffer; + + va_list args; + va_start(args, format); + + if (vasprintf(&rawBuffer, format, args) == -1) { + rawBuffer = NULL; + } + + va_end(args); + + std::unique_ptr<char[],free_deleter> buffer(rawBuffer); + + if (!buffer) { + VcoreLogD("Failed to allocate statement string"); + return DataCommandAutoPtr(); + } + + VcoreLogD("Executing SQL data command: %s", buffer.get()); + + return DataCommandAutoPtr(new DataCommand(this, buffer.get())); +} + +SqlConnection::RowID SqlConnection::GetLastInsertRowID() const +{ + return static_cast<RowID>(sqlite3_last_insert_rowid(m_connection)); +} + +void SqlConnection::TurnOnForeignKeys() +{ + ExecCommand("PRAGMA foreign_keys = ON;"); +} + +void SqlConnection::BeginTransaction() +{ + ExecCommand("BEGIN;"); +} + +void SqlConnection::RollbackTransaction() +{ + ExecCommand("ROLLBACK;"); +} + +void SqlConnection::CommitTransaction() +{ + ExecCommand("COMMIT;"); +} + +SqlConnection::SynchronizationObject * +SqlConnection::AllocDefaultSynchronizationObject() +{ + return new NaiveSynchronizationObject(); +} + +int SqlConnection::db_util_open_with_options(const char *pszFilePath, sqlite3 **ppDB, + int flags, const char *zVfs) +{ + int mode; + + if((pszFilePath == NULL) || (ppDB == NULL)) { + VcoreLogW("sqlite3 handle null error"); + return SQLITE_ERROR; + } + + mode = R_OK; + + if((geteuid() != 0) && (access(pszFilePath, mode))) { + if(errno == EACCES) { + VcoreLogD("file access permission error"); + return SQLITE_PERM; + } + } + + /* Open DB */ + int rc = sqlite3_open_v2(pszFilePath, ppDB, flags, zVfs); + if (SQLITE_OK != rc) { + VcoreLogE("sqlite3_open_v2 error(%d)",rc); + return rc; + } + + //rc = __db_util_open(*ppDB); + + return rc; +} + + +int SqlConnection::db_util_close(sqlite3 *pDB) +{ + char *pszErrorMsg = NULL; + + /* Close DB */ + int rc = sqlite3_close(pDB); + if (SQLITE_OK != rc) { + VcoreLogW("Fail to change journal mode: %s\n", pszErrorMsg); + sqlite3_free(pszErrorMsg); + return rc; + } + + return SQLITE_OK; +} + +} // namespace DB +} // namespace VcoreDPL diff --git a/vcore/src/dpl/db/src/thread_database_support.cpp b/vcore/src/dpl/db/src/thread_database_support.cpp new file mode 100644 index 0000000..101640f --- /dev/null +++ b/vcore/src/dpl/db/src/thread_database_support.cpp @@ -0,0 +1,23 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file thread_database_support.cpp + * @author Przemyslaw Dobrowolski (p.dobrowolsk) + * @version 1.0 + * @brief This file contains the definition of thread database support + */ +#include <stddef.h> +#include <dpl/db/thread_database_support.h>
\ No newline at end of file diff --git a/vcore/src/dpl/log/include/dpl/log/abstract_log_provider.h b/vcore/src/dpl/log/include/dpl/log/abstract_log_provider.h new file mode 100644 index 0000000..9061156 --- /dev/null +++ b/vcore/src/dpl/log/include/dpl/log/abstract_log_provider.h @@ -0,0 +1,59 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file abstract_log_provider.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of abstract log provider + */ +#ifndef DPL_ABSTRACT_LOG_PROVIDER_H +#define DPL_ABSTRACT_LOG_PROVIDER_H + +namespace VcoreDPL { +namespace Log { +class AbstractLogProvider +{ + public: + virtual ~AbstractLogProvider() {} + + virtual void Debug(const char *message, + const char *fileName, + int line, + const char *function) = 0; + virtual void Info(const char *message, + const char *fileName, + int line, + const char *function) = 0; + virtual void Warning(const char *message, + const char *fileName, + int line, + const char *function) = 0; + virtual void Error(const char *message, + const char *fileName, + int line, + const char *function) = 0; + virtual void Pedantic(const char *message, + const char *fileName, + int line, + const char *function) = 0; + + protected: + static const char *LocateSourceFileName(const char *filename); +}; +} +} // namespace VcoreDPL + +#endif // DPL_ABSTRACT_LOG_PROVIDER_H diff --git a/vcore/src/dpl/log/include/dpl/log/dlog_log_provider.h b/vcore/src/dpl/log/include/dpl/log/dlog_log_provider.h new file mode 100644 index 0000000..263d1e3 --- /dev/null +++ b/vcore/src/dpl/log/include/dpl/log/dlog_log_provider.h @@ -0,0 +1,73 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file dlog_log_provider.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of DLOG log provider + */ +#ifndef DPL_DLOG_LOG_PROVIDER_H +#define DPL_DLOG_LOG_PROVIDER_H + +#include <dpl/log/abstract_log_provider.h> +#include <dpl/scoped_free.h> +#include <string> + +namespace VcoreDPL { +namespace Log { +class DLOGLogProvider : + public AbstractLogProvider +{ + private: + VcoreDPL::ScopedFree<char> m_tag; + + static std::string FormatMessage(const char *message, + const char *filename, + int line, + const char *function); + + public: + DLOGLogProvider(); + virtual ~DLOGLogProvider(); + + virtual void Debug(const char *message, + const char *fileName, + int line, + const char *function); + virtual void Info(const char *message, + const char *fileName, + int line, + const char *function); + virtual void Warning(const char *message, + const char *fileName, + int line, + const char *function); + virtual void Error(const char *message, + const char *fileName, + int line, + const char *function); + virtual void Pedantic(const char *message, + const char *fileName, + int line, + const char *function); + + // Set global Tag according to DLOG + void SetTag(const char *tag); +}; +} +} // namespace VcoreDPL + +#endif // DPL_DLOG_LOG_PROVIDER_H diff --git a/vcore/src/dpl/log/include/dpl/log/log.h b/vcore/src/dpl/log/include/dpl/log/log.h new file mode 100644 index 0000000..43f4844 --- /dev/null +++ b/vcore/src/dpl/log/include/dpl/log/log.h @@ -0,0 +1,171 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file log.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of log system + */ +#ifndef DPL_LOG_H +#define DPL_LOG_H + +#include <dpl/singleton.h> +#include <dpl/noncopyable.h> +#include <dpl/log/abstract_log_provider.h> +#include <dpl/log/dlog_log_provider.h> +#include <dpl/log/old_style_log_provider.h> +#include <sstream> +#include <list> + +namespace VcoreDPL { +namespace Log { +/** + * DPL log system + * + * To switch logs into old style, export + * DPL_USE_OLD_STYLE_LOGS before application start + */ +class LogSystem : + private Noncopyable +{ + private: + typedef std::list<AbstractLogProvider *> AbstractLogProviderPtrList; + AbstractLogProviderPtrList m_providers; + + DLOGLogProvider *m_dlogProvider; + OldStyleLogProvider *m_oldStyleProvider; + + bool m_isLoggingEnabled; + + public: + bool IsLoggingEnabled() const; + LogSystem(); + virtual ~LogSystem(); + + /** + * Log debug message + */ + void Debug(const char *message, + const char *filename, + int line, + const char *function); + + /** + * Log info message + */ + void Info(const char *message, + const char *filename, + int line, + const char *function); + + /** + * Log warning message + */ + void Warning(const char *message, + const char *filename, + int line, + const char *function); + + /** + * Log error message + */ + void Error(const char *message, + const char *filename, + int line, + const char *function); + + /** + * Log pedantic message + */ + void Pedantic(const char *message, + const char *filename, + int line, + const char *function); + + /** + * Set default's DLOG provider Tag + */ + void SetTag(const char *tag); + + /** + * Add abstract provider to providers list + * + * @notice Ownership is transfered to LogSystem and deleted upon exit + */ + void AddProvider(AbstractLogProvider *provider); + + /** + * Remove abstract provider from providers list + */ + void RemoveProvider(AbstractLogProvider *provider); +}; + +/* + * Replacement low overhead null logging class + */ +class NullStream +{ + public: + NullStream() {} + + template <typename T> + NullStream& operator<<(const T&) + { + return *this; + } +}; + +/** + * Log system singleton + */ +typedef Singleton<LogSystem> LogSystemSingleton; +} +} // namespace VcoreDPL + +// +// Log support +// +// + +#ifdef DPL_LOGS_ENABLED + #define DPL_MACRO_FOR_LOGGING(message, function) \ + do \ + { \ + if (VcoreDPL::Log::LogSystemSingleton::Instance().IsLoggingEnabled()) \ + { \ + std::ostringstream platformLog; \ + platformLog << message; \ + VcoreDPL::Log::LogSystemSingleton::Instance().function( \ + platformLog.str().c_str(), \ + __FILE__, __LINE__, __FUNCTION__); \ + } \ + } while (0) +#else +/* avoid warnings about unused variables */ + #define DPL_MACRO_FOR_LOGGING(message, function) \ + do { \ + VcoreDPL::Log::NullStream ns; \ + ns << message; \ + } while (0) +#endif + +#define LogDebug(message) DPL_MACRO_FOR_LOGGING(message, Debug) +#define LogInfo(message) DPL_MACRO_FOR_LOGGING(message, Info) +#define LogWarning(message) DPL_MACRO_FOR_LOGGING(message, Warning) +#define LogError(message) DPL_MACRO_FOR_LOGGING(message, Error) +#define LogPedantic(message) DPL_MACRO_FOR_LOGGING(message, Pedantic) + +#endif // DPL_LOG_H diff --git a/vcore/src/dpl/log/include/dpl/log/old_style_log_provider.h b/vcore/src/dpl/log/include/dpl/log/old_style_log_provider.h new file mode 100644 index 0000000..fc14c7f --- /dev/null +++ b/vcore/src/dpl/log/include/dpl/log/old_style_log_provider.h @@ -0,0 +1,84 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file old_style_log_provider.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of old style log provider + */ +#ifndef DPL_OLD_STYLE_LOG_PROVIDER_H +#define DPL_OLD_STYLE_LOG_PROVIDER_H + +#include <dpl/log/abstract_log_provider.h> +#include <string> + +namespace VcoreDPL { +namespace Log { +class OldStyleLogProvider : + public AbstractLogProvider +{ + private: + bool m_showDebug; + bool m_showInfo; + bool m_showWarning; + bool m_showError; + bool m_showPedantic; + bool m_printStdErr; + + static std::string FormatMessage(const char *message, + const char *filename, + int line, + const char *function); + + public: + OldStyleLogProvider(bool showDebug, + bool showInfo, + bool showWarning, + bool showError, + bool showPedantic); + OldStyleLogProvider(bool showDebug, + bool showInfo, + bool showWarning, + bool showError, + bool showPedantic, + bool printStdErr); + virtual ~OldStyleLogProvider() {} + + virtual void Debug(const char *message, + const char *fileName, + int line, + const char *function); + virtual void Info(const char *message, + const char *fileName, + int line, + const char *function); + virtual void Warning(const char *message, + const char *fileName, + int line, + const char *function); + virtual void Error(const char *message, + const char *fileName, + int line, + const char *function); + virtual void Pedantic(const char *message, + const char *fileName, + int line, + const char *function); +}; +} +} // namespace VcoreDPL + +#endif // DPL_OLD_STYLE_LOG_PROVIDER_H diff --git a/vcore/src/dpl/log/include/dpl/log/vcore_log.h b/vcore/src/dpl/log/include/dpl/log/vcore_log.h new file mode 100644 index 0000000..01116bf --- /dev/null +++ b/vcore/src/dpl/log/include/dpl/log/vcore_log.h @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef VCORE_LOG_H +#define VCORE_LOG_H + +#ifdef LOG_TAG +#undef LOG_TAG +#endif +#define LOG_TAG "CERT_SVC_VCORE" + +#include <dlog.h> + +#define COLOR_ERROR "\033[38;5;160;1m" // bold red +#define COLOR_WARNING "\033[38;5;202;1m" // bold orange +#define COLOR_INFO "\033[38;5;243;1m" // bold light gray +#define COLOR_DEBUG "\033[38;5;243;0m" // normal light gray +#define COLOR_END "\033[0m" + +#define INTERNAL_SECURE_LOG __extension__ SECURE_SLOG +#define VCORE_LOG(priority, color, format, ...) \ +do { \ + INTERNAL_SECURE_LOG(priority, LOG_TAG, color format "%s", __VA_ARGS__); \ +} while(0) + + +/* + * Please use following macros + */ +#define VcoreLogD(...) VCORE_LOG(LOG_DEBUG, COLOR_DEBUG, __VA_ARGS__, COLOR_END) +#define VcoreLogI(...) VCORE_LOG(LOG_INFO, COLOR_INFO, __VA_ARGS__, COLOR_END) +#define VcoreLogW(...) VCORE_LOG(LOG_WARN, COLOR_WARNING, __VA_ARGS__, COLOR_END) +#define VcoreLogE(...) VCORE_LOG(LOG_ERROR, COLOR_ERROR, __VA_ARGS__, COLOR_END) + +#endif diff --git a/vcore/src/dpl/log/include/dpl/log/wrt_log.h b/vcore/src/dpl/log/include/dpl/log/wrt_log.h new file mode 100644 index 0000000..b0a3d2e --- /dev/null +++ b/vcore/src/dpl/log/include/dpl/log/wrt_log.h @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef VCORE_WRT_LOG_H +#define VCORE_WRT_LOG_H + +#ifdef LOG_TAG +#undef LOG_TAG +#endif +#define LOG_TAG "CERT_SVC_VCORE" + +#include <dlog.h> + +#define COLOR_ERROR "\033[38;5;160;1m" // bold red +#define COLOR_WARNING "\033[38;5;202;1m" // bold orange +#define COLOR_INFO "\033[38;5;243;1m" // bold light gray +#define COLOR_DEBUG "\033[38;5;243;0m" // normal light gray +#define COLOR_END "\033[0m" + +#define INTERNAL_SECURE_LOG __extension__ SECURE_SLOG +#define WRT_LOG(priority, color, format, ...) \ +do { \ + INTERNAL_SECURE_LOG(priority, LOG_TAG, color format "%s", __VA_ARGS__); \ +} while(0) + + +/* + * Please use following macros + */ +#define WrtLogD(...) WRT_LOG(LOG_DEBUG, COLOR_DEBUG, __VA_ARGS__, COLOR_END) +#define WrtLogI(...) WRT_LOG(LOG_INFO, COLOR_INFO, __VA_ARGS__, COLOR_END) +#define WrtLogW(...) WRT_LOG(LOG_WARN, COLOR_WARNING, __VA_ARGS__, COLOR_END) +#define WrtLogE(...) WRT_LOG(LOG_ERROR, COLOR_ERROR, __VA_ARGS__, COLOR_END) + +#endif diff --git a/vcore/src/dpl/log/src/abstract_log_provider.cpp b/vcore/src/dpl/log/src/abstract_log_provider.cpp new file mode 100644 index 0000000..05a80f7 --- /dev/null +++ b/vcore/src/dpl/log/src/abstract_log_provider.cpp @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file abstract_log_provider.cpp + * @author Pawel Sikorski (p.sikorski@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of abstract log provider + */ +#include <stddef.h> +#include <dpl/log/abstract_log_provider.h> +#include <cstring> + +namespace VcoreDPL { +namespace Log { +const char *AbstractLogProvider::LocateSourceFileName(const char *filename) +{ + const char *ptr = strrchr(filename, '/'); + return ptr != NULL ? ptr + 1 : filename; +} +} +} diff --git a/vcore/src/dpl/log/src/dlog_log_provider.cpp b/vcore/src/dpl/log/src/dlog_log_provider.cpp new file mode 100644 index 0000000..8958fe0 --- /dev/null +++ b/vcore/src/dpl/log/src/dlog_log_provider.cpp @@ -0,0 +1,117 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file dlog_log_provider.cpp + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of DLOG log provider + */ +#include <stddef.h> +#include <dpl/log/dlog_log_provider.h> +#include <cstring> +#include <sstream> +#include <dlog.h> + +#ifdef SECURE_LOG + #define INTERNAL_DLP_LOG_ SECURE_LOG +#else + #define INTERNAL_DLP_LOG_ LOG +#endif + +/* + * The __extension__ keyword in the following define is required because + * macros used here from dlog.h use non-standard extension that cause + * gcc to show unwanted warnings when compiling with -pedantic switch. + */ +#define INTERNAL_DLP_LOG __extension__ INTERNAL_DLP_LOG_ + +namespace VcoreDPL { +namespace Log { +std::string DLOGLogProvider::FormatMessage(const char *message, + const char *filename, + int line, + const char *function) +{ + std::ostringstream val; + + val << std::string("[") << + LocateSourceFileName(filename) << std::string(":") << line << + std::string("] ") << function << std::string("(): ") << message; + + return val.str(); +} + +DLOGLogProvider::DLOGLogProvider() +{} + +DLOGLogProvider::~DLOGLogProvider() +{} + +void DLOGLogProvider::SetTag(const char *tag) +{ + m_tag.Reset(strdup(tag)); +} + +void DLOGLogProvider::Debug(const char *message, + const char *filename, + int line, + const char *function) +{ + INTERNAL_DLP_LOG(LOG_DEBUG, m_tag.Get(), "%s", + FormatMessage(message, filename, line, function).c_str()); +} + +void DLOGLogProvider::Info(const char *message, + const char *filename, + int line, + const char *function) +{ + INTERNAL_DLP_LOG(LOG_INFO, m_tag.Get(), "%s", + FormatMessage(message, filename, line, function).c_str()); +} + +void DLOGLogProvider::Warning(const char *message, + const char *filename, + int line, + const char *function) +{ + INTERNAL_DLP_LOG(LOG_WARN, m_tag.Get(), "%s", + FormatMessage(message, filename, line, function).c_str()); +} + +void DLOGLogProvider::Error(const char *message, + const char *filename, + int line, + const char *function) +{ + INTERNAL_DLP_LOG(LOG_ERROR, m_tag.Get(), "%s", + FormatMessage(message, filename, line, function).c_str()); +} + +void DLOGLogProvider::Pedantic(const char *message, + const char *filename, + int line, + const char *function) +{ + INTERNAL_DLP_LOG(LOG_DEBUG, "DPL", "%s", + FormatMessage(message, filename, line, function).c_str()); +} +} +} // namespace VcoreDPL + +#undef INTERNAL_DLP_LOG +#undef INTERNAL_DLP_LOG_ + diff --git a/vcore/src/dpl/log/src/log.cpp b/vcore/src/dpl/log/src/log.cpp new file mode 100644 index 0000000..283b849 --- /dev/null +++ b/vcore/src/dpl/log/src/log.cpp @@ -0,0 +1,222 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file log.cpp + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of log system + */ +#include <stddef.h> +#include <dpl/log/log.h> +#include <dpl/singleton_impl.h> + +IMPLEMENT_SINGLETON(VcoreDPL::Log::LogSystem) + +namespace VcoreDPL { +namespace Log { +namespace // anonymous +{ +const char *OLD_STYLE_LOGS_ENV_NAME = "DPL_USE_OLD_STYLE_LOGS"; +const char *OLD_STYLE_PEDANTIC_LOGS_ENV_NAME = + "DPL_USE_OLD_STYLE_PEDANTIC_LOGS"; +const char *OLD_STYLE_LOGS_MASK_ENV_NAME = "DPL_USE_OLD_STYLE_LOGS_MASK"; +const char *DPL_LOG_OFF = "DPL_LOG_OFF"; +} // namespace anonymous + +bool LogSystem::IsLoggingEnabled() const +{ + return m_isLoggingEnabled; +} + +LogSystem::LogSystem() : + m_dlogProvider(NULL), + m_oldStyleProvider(NULL), + m_isLoggingEnabled(!getenv(DPL_LOG_OFF)) +{ + bool oldStyleLogs = false; + bool oldStyleDebugLogs = true; + bool oldStyleInfoLogs = true; + bool oldStyleWarningLogs = true; + bool oldStyleErrorLogs = true; + bool oldStylePedanticLogs = false; + + // Check environment settings about pedantic logs + const char *value = getenv(OLD_STYLE_LOGS_ENV_NAME); + + if (value != NULL && !strcmp(value, "1")) { + oldStyleLogs = true; + } + + value = getenv(OLD_STYLE_PEDANTIC_LOGS_ENV_NAME); + + if (value != NULL && !strcmp(value, "1")) { + oldStylePedanticLogs = true; + } + + value = getenv(OLD_STYLE_LOGS_MASK_ENV_NAME); + + if (value != NULL) { + size_t len = strlen(value); + + if (len >= 1) { + if (value[0] == '0') { + oldStyleDebugLogs = false; + } else if (value[0] == '1') { + oldStyleDebugLogs = true; + } + } + + if (len >= 2) { + if (value[1] == '0') { + oldStyleInfoLogs = false; + } else if (value[1] == '1') { + oldStyleInfoLogs = true; + } + } + + if (len >= 3) { + if (value[2] == '0') { + oldStyleWarningLogs = false; + } else if (value[2] == '1') { + oldStyleWarningLogs = true; + } + } + + if (len >= 4) { + if (value[3] == '0') { + oldStyleErrorLogs = false; + } else if (value[3] == '1') { + oldStyleErrorLogs = true; + } + } + } + + // Setup default DLOG and old style logging + if (oldStyleLogs) { + // Old style + m_oldStyleProvider = new OldStyleLogProvider(oldStyleDebugLogs, + oldStyleInfoLogs, + oldStyleWarningLogs, + oldStyleErrorLogs, + oldStylePedanticLogs); + AddProvider(m_oldStyleProvider); + } else { + // DLOG + m_dlogProvider = new DLOGLogProvider(); + AddProvider(m_dlogProvider); + } +} + +LogSystem::~LogSystem() +{ + // Delete all providers + for (AbstractLogProviderPtrList::iterator iterator = m_providers.begin(); + iterator != m_providers.end(); + ++iterator) + { + delete *iterator; + } + + m_providers.clear(); + + // And even default providers + m_dlogProvider = NULL; + m_oldStyleProvider = NULL; +} + +void LogSystem::SetTag(const char* tag) +{ + if (m_dlogProvider != NULL) { + m_dlogProvider->SetTag(tag); + } +} + +void LogSystem::AddProvider(AbstractLogProvider *provider) +{ + m_providers.push_back(provider); +} + +void LogSystem::RemoveProvider(AbstractLogProvider *provider) +{ + m_providers.remove(provider); +} + +void LogSystem::Debug(const char *message, + const char *filename, + int line, + const char *function) +{ + for (AbstractLogProviderPtrList::iterator iterator = m_providers.begin(); + iterator != m_providers.end(); + ++iterator) + { + (*iterator)->Debug(message, filename, line, function); + } +} + +void LogSystem::Info(const char *message, + const char *filename, + int line, + const char *function) +{ + for (AbstractLogProviderPtrList::iterator iterator = m_providers.begin(); + iterator != m_providers.end(); + ++iterator) + { + (*iterator)->Info(message, filename, line, function); + } +} + +void LogSystem::Warning(const char *message, + const char *filename, + int line, + const char *function) +{ + for (AbstractLogProviderPtrList::iterator iterator = m_providers.begin(); + iterator != m_providers.end(); + ++iterator) + { + (*iterator)->Warning(message, filename, line, function); + } +} + +void LogSystem::Error(const char *message, + const char *filename, + int line, + const char *function) +{ + for (AbstractLogProviderPtrList::iterator iterator = m_providers.begin(); + iterator != m_providers.end(); + ++iterator) + { + (*iterator)->Error(message, filename, line, function); + } +} + +void LogSystem::Pedantic(const char *message, + const char *filename, + int line, + const char *function) +{ + for (AbstractLogProviderPtrList::iterator iterator = m_providers.begin(); + iterator != m_providers.end(); + ++iterator) + { + (*iterator)->Pedantic(message, filename, line, function); + } +} +} +} // namespace VcoreDPL diff --git a/vcore/src/dpl/log/src/old_style_log_provider.cpp b/vcore/src/dpl/log/src/old_style_log_provider.cpp new file mode 100644 index 0000000..d13c66e --- /dev/null +++ b/vcore/src/dpl/log/src/old_style_log_provider.cpp @@ -0,0 +1,200 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file old_style_log_provider.cpp + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of old style log provider + */ +#include <stddef.h> +#include <dpl/log/old_style_log_provider.h> +#include <dpl/colors.h> +#include <cstdio> +#include <cstring> +#include <sstream> +#include <sys/time.h> +#include <unistd.h> + +namespace VcoreDPL { +namespace Log { +namespace // anonymous +{ +using namespace VcoreDPL::Colors::Text; +const char *DEBUG_BEGIN = GREEN_BEGIN; +const char *DEBUG_END = GREEN_END; +const char *INFO_BEGIN = CYAN_BEGIN; +const char *INFO_END = CYAN_END; +const char *ERROR_BEGIN = RED_BEGIN; +const char *ERROR_END = RED_END; +const char *WARNING_BEGIN = BOLD_GOLD_BEGIN; +const char *WARNING_END = BOLD_GOLD_END; +const char *PEDANTIC_BEGIN = PURPLE_BEGIN; +const char *PEDANTIC_END = PURPLE_END; + +std::string GetFormattedTime() +{ + timeval tv; + tm localNowTime; + + gettimeofday(&tv, NULL); + localtime_r(&tv.tv_sec, &localNowTime); + + char format[64]; + snprintf(format, + sizeof(format), + "%02i:%02i:%02i.%03i", + localNowTime.tm_hour, + localNowTime.tm_min, + localNowTime.tm_sec, + static_cast<int>(tv.tv_usec / 1000)); + return format; +} +} // namespace anonymous + +std::string OldStyleLogProvider::FormatMessage(const char *message, + const char *filename, + int line, + const char *function) +{ + std::ostringstream val; + + val << std::string("[") << GetFormattedTime() << std::string("] [") << + static_cast<unsigned long>(pthread_self()) << "/" << + static_cast<int>(getpid()) << std::string("] [") << + LocateSourceFileName(filename) << std::string(":") << line << + std::string("] ") << function << std::string("(): ") << message; + + return val.str(); +} + +OldStyleLogProvider::OldStyleLogProvider(bool showDebug, + bool showInfo, + bool showWarning, + bool showError, + bool showPedantic) : + m_showDebug(showDebug), + m_showInfo(showInfo), + m_showWarning(showWarning), + m_showError(showError), + m_showPedantic(showPedantic), + m_printStdErr(false) +{} + +OldStyleLogProvider::OldStyleLogProvider(bool showDebug, + bool showInfo, + bool showWarning, + bool showError, + bool showPedantic, + bool printStdErr) : + m_showDebug(showDebug), + m_showInfo(showInfo), + m_showWarning(showWarning), + m_showError(showError), + m_showPedantic(showPedantic), + m_printStdErr(printStdErr) +{} + +void OldStyleLogProvider::Debug(const char *message, + const char *filename, + int line, + const char *function) +{ + if (m_showDebug) { + if (m_printStdErr) { + fprintf(stderr, "%s%s%s\n", DEBUG_BEGIN, + FormatMessage(message, filename, line, + function).c_str(), DEBUG_END); + } else { + fprintf(stdout, "%s%s%s\n", DEBUG_BEGIN, + FormatMessage(message, filename, line, + function).c_str(), DEBUG_END); + } + } +} + +void OldStyleLogProvider::Info(const char *message, + const char *filename, + int line, + const char *function) +{ + if (m_showInfo) { + if (m_printStdErr) { + fprintf(stderr, "%s%s%s\n", INFO_BEGIN, + FormatMessage(message, filename, line, + function).c_str(), INFO_END); + } else { + fprintf(stdout, "%s%s%s\n", INFO_BEGIN, + FormatMessage(message, filename, line, + function).c_str(), INFO_END); + } + } +} + +void OldStyleLogProvider::Warning(const char *message, + const char *filename, + int line, + const char *function) +{ + if (m_showWarning) { + if (m_printStdErr) { + fprintf(stderr, "%s%s%s\n", WARNING_BEGIN, + FormatMessage(message, filename, line, + function).c_str(), WARNING_END); + } else { + fprintf(stdout, "%s%s%s\n", WARNING_BEGIN, + FormatMessage(message, filename, line, + function).c_str(), WARNING_END); + } + } +} + +void OldStyleLogProvider::Error(const char *message, + const char *filename, + int line, + const char *function) +{ + if (m_showError) { + if (m_printStdErr) { + fprintf(stderr, "%s%s%s\n", ERROR_BEGIN, + FormatMessage(message, filename, line, + function).c_str(), ERROR_END); + } else { + fprintf(stdout, "%s%s%s\n", ERROR_BEGIN, + FormatMessage(message, filename, line, + function).c_str(), ERROR_END); + } + } +} + +void OldStyleLogProvider::Pedantic(const char *message, + const char *filename, + int line, + const char *function) +{ + if (m_showPedantic) { + if (m_printStdErr) { + fprintf(stderr, "%s%s%s\n", PEDANTIC_BEGIN, + FormatMessage(message, filename, line, + function).c_str(), PEDANTIC_END); + } else { + fprintf(stdout, "%s%s%s\n", PEDANTIC_BEGIN, + FormatMessage(message, filename, line, + function).c_str(), PEDANTIC_END); + } + } +} +} +} // namespace VcoreDPL diff --git a/vcore/src/dpl/test/include/dpl/test/abstract_input_parser.h b/vcore/src/dpl/test/include/dpl/test/abstract_input_parser.h new file mode 100644 index 0000000..a7043ea --- /dev/null +++ b/vcore/src/dpl/test/include/dpl/test/abstract_input_parser.h @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file abstract_input_parser.h + * @author Tomasz Iwanek (t.iwanek@samsung.com) + * @brief Simple parser abstraction to be included into reader + */ + +#ifndef ABSTRACT_INPUT_PARSER_H +#define ABSTRACT_INPUT_PARSER_H + +#include <dpl/exception.h> + +#include <memory> + +namespace VcoreDPL { + +/** + * Abstract class of parser that produces some higher level abstraction + * basing on incoming tokens + */ +template<class Result, class Token> class AbstractInputParser +{ +public: + class Exception + { + public: + DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, ParserError) + }; + + typedef Result ResultType; + typedef Token TokenType; + + virtual ~AbstractInputParser() {} + + virtual void ConsumeToken(std::unique_ptr<Token> && token) = 0; + virtual bool IsStateValid() = 0; + virtual Result GetResult() const = 0; +}; + +} + +#endif diff --git a/vcore/src/dpl/test/include/dpl/test/abstract_input_reader.h b/vcore/src/dpl/test/include/dpl/test/abstract_input_reader.h new file mode 100644 index 0000000..cf7bd7b --- /dev/null +++ b/vcore/src/dpl/test/include/dpl/test/abstract_input_reader.h @@ -0,0 +1,109 @@ +/* + * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file abstract_input_reader.h + * @author Tomasz Iwanek (t.iwanek@samsung.com) + * @brief Simple output reader template + * + * This generic skeleton for parser which assume being composed from abstract two logical components: + * + * - parser, + * - tokenizer/lexer, + * which implements token flow logic. Logic of components may be arbitrary. See depending change for uses. + * + * Components are created at start time of reader (constructor which moves arguments). + * Virtuality (abstract base classes) are for enforcing same token type. + * I assumed it's more clear than writen static asserts in code enforcing this. + */ + +#ifndef ABSTRACT_INPUT_READER_H +#define ABSTRACT_INPUT_READER_H + +#include <memory> + +#include <dpl/test/abstract_input_tokenizer.h> +#include <dpl/test/abstract_input_parser.h> +#include <dpl/abstract_input.h> + +namespace VcoreDPL { + +/** + * Base reader class that can be used with any AbstractInput instance + * + * This class is encapsulation class for tokenizer and reader subelements + * and contains basic calculation pattern + * + * There a waste in form of virtuality for parser and tokenizer + * -> this for forcing same tokenT type in both components + */ +template<class ResultT, class TokenT> class AbstractInputReader +{ +public: + typedef ResultT TokenType; + typedef TokenT ResultType; + typedef AbstractInputParser<ResultT, TokenT> ParserBase; + typedef AbstractInputTokenizer<TokenT> TokenizerBase; + + class Exception + { + public: + typedef typename TokenizerBase::Exception::TokenizerError TokenizerError; + typedef typename ParserBase::Exception::ParserError ParserError; + }; + + AbstractInputReader(std::shared_ptr<AbstractInput> ia, + std::unique_ptr<ParserBase> && parser, + std::unique_ptr<TokenizerBase> && tokenizer) + : m_parser(std::move(parser)), m_tokenizer(std::move(tokenizer)) + { + m_tokenizer->Reset(ia); + } + + virtual ~AbstractInputReader() {} + + ResultT ReadInput() + { + typedef typename Exception::TokenizerError TokenizerError; + typedef typename Exception::ParserError ParserError; + + while(true) + { + std::unique_ptr<TokenT> token = m_tokenizer->GetNextToken(); + if(!token) + { + if(!m_tokenizer->IsStateValid()) + { + ThrowMsg(TokenizerError, "Tokenizer error"); + } + if(!m_parser->IsStateValid()) + { + ThrowMsg(ParserError, "Parser error"); + } + + return m_parser->GetResult(); + } + m_parser->ConsumeToken(std::move(token)); + } + } + +protected: + std::unique_ptr<ParserBase> m_parser; + std::unique_ptr<TokenizerBase> m_tokenizer; +}; + +} + +#endif diff --git a/vcore/src/dpl/test/include/dpl/test/abstract_input_tokenizer.h b/vcore/src/dpl/test/include/dpl/test/abstract_input_tokenizer.h new file mode 100644 index 0000000..03e00a9 --- /dev/null +++ b/vcore/src/dpl/test/include/dpl/test/abstract_input_tokenizer.h @@ -0,0 +1,85 @@ +/* + * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file abstract_input_tokenizer.h + * @author Tomasz Iwanek (t.iwanek@samsung.com) + * @brief Simple tokenizer abstraction + */ + +#ifndef ABSTRACT_INPUT_TOKENIZER_H +#define ABSTRACT_INPUT_TOKENIZER_H + +#include <memory> +#include <string> + +#include <dpl/abstract_input.h> +#include <dpl/exception.h> + +namespace VcoreDPL { + +/** + * Tokenizer abstract base class + * + * This class is supposed to accept AbstractInput in constructor + * and produce tokens until end of source. If parsing ends in invalid state + * then IsStateValid() should return false + */ +template<class Token> class AbstractInputTokenizer +{ +public: + class Exception + { + public: + DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, TokenizerError) + }; + + typedef Token TokenType; + + AbstractInputTokenizer() {} + virtual ~AbstractInputTokenizer() {} + + /** + * @brief Reset resets data source + * @param wia AbstractWaitableInputAdapter instance + */ + virtual void Reset(std::shared_ptr<AbstractInput> wia) + { + m_input = wia; + } + + /** + * @brief GetNextToken + * + * Parses next token. + * Returns pointer to token + * @throw TokenizerError in condition of input source error + * If returned empty pointer IsStateValid() == true -> end of input + * IsStateValid() == false -> error + * + * @param token token to be set + * @return + */ + virtual std::unique_ptr<Token> GetNextToken() = 0; + virtual bool IsStateValid() = 0; + +protected: + std::shared_ptr<AbstractInput> m_input; +}; + +} + +#endif diff --git a/vcore/src/dpl/test/include/dpl/test/process_pipe.h b/vcore/src/dpl/test/include/dpl/test/process_pipe.h new file mode 100644 index 0000000..bfc124b --- /dev/null +++ b/vcore/src/dpl/test/include/dpl/test/process_pipe.h @@ -0,0 +1,62 @@ +/* + * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file process_pipe.h + * @author Tomasz Iwanek (t.iwanek@samsung.com) + * @version 1.0 + * @brief This file is the implementation pipe from process + */ +#ifndef PROCESS_PIPE_H +#define PROCESS_PIPE_H + +#include <dpl/file_input.h> +#include <dpl/exception.h> + +#include <cstdio> + +namespace VcoreDPL { + +class ProcessPipe : public FileInput +{ +public: + class Exception + { + public: + DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, DoubleOpen) + }; + + enum class PipeErrorPolicy + { + NONE, + OFF, + PIPE + }; + + explicit ProcessPipe(PipeErrorPolicy err = PipeErrorPolicy::NONE); + virtual ~ProcessPipe(); + + void Open(const std::string &command); + void Close(); + +private: + FILE * m_file; + PipeErrorPolicy m_errPolicy; +}; + +} + +#endif // PROCESS_PIPE_H diff --git a/vcore/src/dpl/test/include/dpl/test/test_results_collector.h b/vcore/src/dpl/test/include/dpl/test/test_results_collector.h new file mode 100644 index 0000000..5d86ef6 --- /dev/null +++ b/vcore/src/dpl/test/include/dpl/test/test_results_collector.h @@ -0,0 +1,96 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file test_results_collector.h + * @author Lukasz Wrzosek (l.wrzosek@samsung.com) + * @version 1.0 + * @brief Header file with declaration of TestResultsCollectorBase + */ + +#ifndef DPL_TEST_RESULTS_COLLECTOR_H +#define DPL_TEST_RESULTS_COLLECTOR_H + +#include <dpl/noncopyable.h> +#include <dpl/availability.h> +#include <vector> +#include <list> +#include <map> +#include <string> +#include <memory> + +namespace VcoreDPL { +namespace Test { +class TestResultsCollectorBase; +typedef std::shared_ptr<TestResultsCollectorBase> +TestResultsCollectorBasePtr; + +class TestResultsCollectorBase : + private VcoreDPL::Noncopyable +{ + public: + typedef TestResultsCollectorBase* (*CollectorConstructorFunc)(); + typedef std::list<std::string> TestCaseIdList; + struct FailStatus + { + enum Type + { + NONE, + FAILED, + IGNORED, + INTERNAL + }; + }; + + virtual ~TestResultsCollectorBase() {} + + virtual bool Configure() + { + return true; + } + virtual void Start(int count) { DPL_UNUSED_PARAM(count); } + virtual void Finish() { } + virtual void CollectCurrentTestGroupName(const std::string& /*groupName*/) + {} + + virtual void CollectTestsCasesList(const TestCaseIdList& /*list*/) {} + virtual void CollectResult(const std::string& id, + const std::string& description, + const FailStatus::Type status = FailStatus::NONE, + const std::string& reason = "") = 0; + virtual std::string CollectorSpecificHelp() const + { + return ""; + } + virtual bool ParseCollectorSpecificArg (const std::string& /*arg*/) + { + return false; + } + + static TestResultsCollectorBase* Create(const std::string& name); + static void RegisterCollectorConstructor( + const std::string& name, + CollectorConstructorFunc + constructor); + static std::vector<std::string> GetCollectorsNames(); + + private: + typedef std::map<std::string, CollectorConstructorFunc> ConstructorsMap; + static ConstructorsMap m_constructorsMap; +}; +} +} + +#endif /* DPL_TEST_RESULTS_COLLECTOR_H */ diff --git a/vcore/src/dpl/test/include/dpl/test/test_runner.h b/vcore/src/dpl/test/include/dpl/test/test_runner.h new file mode 100644 index 0000000..3b980e1 --- /dev/null +++ b/vcore/src/dpl/test/include/dpl/test/test_runner.h @@ -0,0 +1,231 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file test_runner.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @author Lukasz Wrzosek (l.wrzosek@samsung.com) + * @version 1.0 + * @brief This file is the header file of test runner + */ +#ifndef DPL_TEST_RUNNER_H +#define DPL_TEST_RUNNER_H + +#include <dpl/singleton.h> +#include <dpl/availability.h> +#include <dpl/test/test_results_collector.h> + +#include <atomic> +#include <sstream> +#include <string> +#include <vector> +#include <list> +#include <set> +#include <map> + +namespace VcoreDPL { +namespace Test { +class TestRunner +{ + typedef std::map<std::string, TestResultsCollectorBasePtr> + TestResultsCollectors; + TestResultsCollectors m_collectors; + + std::string m_startTestId; + bool m_runIgnored; + + public: + TestRunner() + : m_runIgnored(false) + , m_allowChildLogs(false) + , m_terminate(false) + , m_totalAssertions(0) + {} + + typedef void (*TestCase)(); + + private: + struct TestCaseStruct + { + std::string name; + TestCase proc; + + bool operator <(const TestCaseStruct &other) const + { + return name < other.name; + } + + bool operator ==(const TestCaseStruct &other) const + { + return name == other.name; + } + + TestCaseStruct(const std::string &n, TestCase p) : + name(n), + proc(p) + {} + }; + + typedef std::list<TestCaseStruct> TestCaseStructList; + typedef std::map<std::string, TestCaseStructList> TestCaseGroupMap; + TestCaseGroupMap m_testGroups; + + typedef std::set<std::string> SelectedTestNameSet; + SelectedTestNameSet m_selectedTestNamesSet; + typedef std::set<std::string> SelectedTestGroupSet; + SelectedTestGroupSet m_selectedTestGroupSet; + std::string m_currentGroup; + + // Terminate without any logs. + // Some test requires to call fork function. + // Child process must not produce any logs and should die quietly. + bool m_allowChildLogs; + bool m_terminate; + + std::atomic<int> m_totalAssertions; + + void Banner(); + void InvalidArgs(const std::string& message = "Invalid arguments!"); + void Usage(); + + bool filterGroupsByXmls(const std::vector<std::string> & files); + bool filterByXML(std::map<std::string, bool> & casesMap); + void normalizeXMLTag(std::string& str, const std::string& testcase); + + enum Status { FAILED, IGNORED, PASS }; + + Status RunTestCase(const TestCaseStruct& testCase); + + void RunTests(); + + void CollectResult(const std::string& id, + const std::string& description, + const TestResultsCollectorBase::FailStatus::Type status + = TestResultsCollectorBase::FailStatus::NONE, + const std::string& reason = std::string()); + + public: + class TestFailed + { + private: + std::string m_message; + + public: + TestFailed() + {} + + //! \brief Failed test message creator + //! + //! \param[in] aTest string for tested expression + //! \param[in] aFile source file name + //! \param[in] aLine source file line + //! \param[in] aMessage error message + TestFailed(const char* aTest, + const char* aFile, + int aLine, + const std::string &aMessage); + + TestFailed(const std::string &message); + + std::string GetMessage() const + { + return m_message; + } + }; + + class Ignored + { + private: + std::string m_message; + + public: + Ignored() + {} + + Ignored(const std::string &message) : + m_message(message) + {} + + std::string GetMessage() const + { + return m_message; + } + }; + + void MarkAssertion(); + + void RegisterTest(const char *testName, TestCase proc); + void InitGroup(const char* name); + + int ExecTestRunner(int argc, char *argv[]); + typedef std::vector<std::string> ArgsList; + int ExecTestRunner(const ArgsList& args); + bool getRunIgnored() const; + // The runner will terminate as soon as possible (after current test). + void Terminate(); + bool GetAllowChildLogs(); +}; + +typedef VcoreDPL::Singleton<TestRunner> TestRunnerSingleton; +} +} // namespace VcoreDPL + +#define RUNNER_TEST_GROUP_INIT(GroupName) \ + static int Static##GroupName##Init() \ + { \ + VcoreDPL::Test::TestRunnerSingleton::Instance().InitGroup(#GroupName); \ + return 0; \ + } \ + const int DPL_UNUSED Static##GroupName##InitVar = \ + Static##GroupName##Init(); + +#define RUNNER_TEST(Proc) \ + void Proc(); \ + static int Static##Proc##Init() \ + { \ + VcoreDPL::Test::TestRunnerSingleton::Instance().RegisterTest(#Proc, &Proc);\ + return 0; \ + } \ + const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \ + void Proc() + +#define RUNNER_ASSERT_MSG(test, message) \ + do \ + { \ + VcoreDPL::Test::TestRunnerSingleton::Instance().MarkAssertion(); \ + \ + if (!(test)) \ + { \ + std::ostringstream assertMsg; \ + assertMsg << message; \ + throw VcoreDPL::Test::TestRunner::TestFailed(#test, \ + __FILE__, \ + __LINE__, \ + assertMsg.str()); \ + } \ + } while (0) + +#define RUNNER_ASSERT(test) RUNNER_ASSERT_MSG(test, "") + +#define RUNNER_FAIL RUNNER_ASSERT(false) + +#define RUNNER_IGNORED_MSG(message) \ + do { \ + std::ostringstream assertMsg; \ + assertMsg << message; \ + throw VcoreDPL::Test::TestRunner::Ignored( assertMsg.str() ); \ + } while (0) + +#endif // DPL_TEST_RUNNER_H diff --git a/vcore/src/dpl/test/include/dpl/test/test_runner_child.h b/vcore/src/dpl/test/include/dpl/test/test_runner_child.h new file mode 100644 index 0000000..86bf17e --- /dev/null +++ b/vcore/src/dpl/test/include/dpl/test/test_runner_child.h @@ -0,0 +1,91 @@ +/* + * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file test_runner_child.h + * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + * @brief This file is the header file of test runner + */ +#ifndef DPL_TEST_RUNNER_CHILD_H +#define DPL_TEST_RUNNER_CHILD_H + +#include <dpl/test/test_runner.h> + +namespace VcoreDPL { +namespace Test { + +class PipeWrapper : VcoreDPL::Noncopyable +{ + public: + enum Usage { + READONLY, + WRITEONLY + }; + + enum Status { + SUCCESS, + TIMEOUT, + ERROR + }; + + PipeWrapper(); + + bool isReady(); + + void setUsage(Usage usage); + + virtual ~PipeWrapper(); + + Status send(int code, std::string &message); + + Status receive(int &code, std::string &data, time_t deadline); + + void closeAll(); + + protected: + + std::string toBinaryString(int data); + + void closeHelp(int desc); + + Status writeHelp(const void *buffer, int size); + + Status readHelp(void *buf, int size, time_t deadline); + + static const int PIPE_CLOSED = -1; + + int m_pipefd[2]; +}; + +void RunChildProc(TestRunner::TestCase procChild); +} // namespace Test +} // namespace VcoreDPL + +#define RUNNER_CHILD_TEST(Proc) \ + void Proc(); \ + void Proc##Child(); \ + static int Static##Proc##Init() \ + { \ + VcoreDPL::Test::TestRunnerSingleton::Instance().RegisterTest(#Proc, &Proc); \ + return 0; \ + } \ + const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \ + void Proc(){ \ + VcoreDPL::Test::RunChildProc(&Proc##Child); \ + } \ + void Proc##Child() + +#endif // DPL_TEST_RUNNER_CHILD_H diff --git a/vcore/src/dpl/test/include/dpl/test/test_runner_multiprocess.h b/vcore/src/dpl/test/include/dpl/test/test_runner_multiprocess.h new file mode 100644 index 0000000..3fbf6f7 --- /dev/null +++ b/vcore/src/dpl/test/include/dpl/test/test_runner_multiprocess.h @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file test_runner_multiprocess.h + * @author Marcin Niesluchowski (m.niesluchow@samsung.com) + * @version 1.0 + * @brief This file is the header file of multiprocess test runner + */ +#ifndef DPL_TEST_RUNNER_MULTIPROCESS_H +#define DPL_TEST_RUNNER_MULTIPROCESS_H + +#include <dpl/test/test_runner_child.h> + +namespace VcoreDPL { +namespace Test { + +class SimplePipeWrapper : + public PipeWrapper +{ + public: + SimplePipeWrapper(); + + virtual ~SimplePipeWrapper(); + + Status send(std::string &message); + Status receive(std::string &data, bool &empty, time_t deadline); +}; + +void RunMultiProc(TestRunner::TestCase procMulti); +} // namespace Test +} // namespace VcoreDPL + +#define RUNNER_MULTIPROCESS_TEST(Proc) \ + void Proc(); \ + void Proc##Multi(); \ + static int Static##Proc##Init() \ + { \ + VcoreDPL::Test::TestRunnerSingleton::Instance().RegisterTest(#Proc, &Proc); \ + return 0; \ + } \ + const int DPL_UNUSED Static##Proc##InitVar = Static##Proc##Init(); \ + void Proc(){ \ + VcoreDPL::Test::RunMultiProc(&Proc##Multi); \ + } \ + void Proc##Multi() + +#endif // DPL_TEST_RUNNER_MULTIPROCESS_H diff --git a/vcore/src/dpl/test/include/dpl/test/value_separated_parser.h b/vcore/src/dpl/test/include/dpl/test/value_separated_parser.h new file mode 100644 index 0000000..d679610 --- /dev/null +++ b/vcore/src/dpl/test/include/dpl/test/value_separated_parser.h @@ -0,0 +1,94 @@ +/* + * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file value_separated_parser.h + * @author Tomasz Iwanek (t.iwanek@samsung.com) + * @brief Parser for some value seperated files/data + */ + +#ifndef VALUE_SEPARATED_PARSER_H +#define VALUE_SEPARATED_PARSER_H + +#include<string> +#include<vector> +#include<memory> + +#include<dpl/test/value_separated_tokens.h> +#include<dpl/test/abstract_input_parser.h> + +namespace VcoreDPL { + +typedef std::vector<std::string> VSLine; +typedef std::vector<VSLine> VSResult; +typedef std::shared_ptr<VSResult> VSResultPtr; + +/** + * Value Seperated parser + * + * Requires following policy class: + * + * template<VSResultPtr> + * struct CSVParserPolicy + * { + * static bool SkipLine(VSLine & ); + * static bool Validate(VSResultPtr& result); + * }; + */ +template<class ParserPolicy> +class VSParser : public AbstractInputParser<VSResultPtr, VSToken> +{ +public: + VSParser() : m_switchLine(true), m_result(new VSResult()) {} + + void ConsumeToken(std::unique_ptr<VSToken> && token) + { + if(m_switchLine) + { + m_result->push_back(VSLine()); + m_switchLine = false; + } + if(token->isNewLine()) + { + if(ParserPolicy::SkipLine(*m_result->rbegin())) + { + m_result->pop_back(); + } + m_switchLine = true; + } + else + { + m_result->rbegin()->push_back(token->cell()); + } + } + + bool IsStateValid() + { + return ParserPolicy::Validate(m_result); + } + + VSResultPtr GetResult() const + { + return m_result; + } + +private: + bool m_switchLine; + VSResultPtr m_result; +}; + +} + +#endif diff --git a/vcore/src/dpl/test/include/dpl/test/value_separated_policies.h b/vcore/src/dpl/test/include/dpl/test/value_separated_policies.h new file mode 100644 index 0000000..7c758a0 --- /dev/null +++ b/vcore/src/dpl/test/include/dpl/test/value_separated_policies.h @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file value_separated_policies.h + * @author Tomasz Iwanek (t.iwanek@samsung.com) + * @brief Example policy classes for some value seperated files/data + */ + +#ifndef VALUE_SEPARATED_POLICIES_H +#define VALUE_SEPARATED_POLICIES_H + +#include<string> +#include<vector> +#include<memory> + +namespace VcoreDPL { + +struct CSVTokenizerPolicy +{ + static std::string GetSeperators(); //cells in line are separated by given characters + static bool SkipEmpty(); //if cell is empty, shoudl I skip? + static void PrepareValue(std::string &); //transform each value + static bool TryAgainAtEnd(int); //read is nonblocking so dat may not be yet available, should I retry? +}; + +struct CSVParserPolicy +{ + static bool SkipLine(const std::vector<std::string> & ); //should I skip whole readline? + static bool Validate(std::shared_ptr<std::vector<std::vector<std::string> > > & result); //validate and adjust output data +}; + +} + +#endif diff --git a/vcore/src/dpl/test/include/dpl/test/value_separated_reader.h b/vcore/src/dpl/test/include/dpl/test/value_separated_reader.h new file mode 100644 index 0000000..a85eb1e --- /dev/null +++ b/vcore/src/dpl/test/include/dpl/test/value_separated_reader.h @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file value_separated_reader.h + * @author Tomasz Iwanek (t.iwanek@samsung.com) + * @brief Reader for some value seperated files/data + * + * This is parser for files containing lines with values seperated with custom charaters. + * Purpose of this is to parse output similar to csv and hide (no need for rewriting) + * buffers, reads, code errors. Result is two dimensional array. + * + * Reader is designed as class configured with policies classes: + * http://en.wikipedia.org/wiki/Policy-based_design + */ + +#ifndef VALUE_SEPARATED_READER_H +#define VALUE_SEPARATED_READER_H + +#include<dpl/test/abstract_input_reader.h> +#include<dpl/test/value_separated_tokenizer.h> +#include<dpl/test/value_separated_parser.h> +#include<dpl/test/value_separated_tokens.h> +#include<dpl/test/value_separated_policies.h> + +namespace VcoreDPL { + +/** + * Reader for input with values separated with defined characters + * + * Usage: + * - define both policies classes for defining and customize exact behaviour of reader + * - make typedef for VSReader template instance with your policies + * + */ +template<class ParserPolicy, class TokenizerPolicy> +class VSReader : public AbstractInputReader<VSResultPtr, VSToken> +{ +public: + VSReader(std::shared_ptr<AbstractInput> wia) + : AbstractInputReader<VSResultPtr, VSToken>(wia, + std::unique_ptr<ParserBase>(new VSParser<ParserPolicy>()), + std::unique_ptr<TokenizerBase>(new VSTokenizer<TokenizerPolicy>())) + {} +}; + +typedef VSReader<CSVParserPolicy, CSVTokenizerPolicy> CSVReader; + +} + +#endif diff --git a/vcore/src/dpl/test/include/dpl/test/value_separated_tokenizer.h b/vcore/src/dpl/test/include/dpl/test/value_separated_tokenizer.h new file mode 100644 index 0000000..d45823f --- /dev/null +++ b/vcore/src/dpl/test/include/dpl/test/value_separated_tokenizer.h @@ -0,0 +1,149 @@ +/* + * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file value_separated_tokenizer.h + * @author Tomasz Iwanek (t.iwanek@samsung.com) + * @brief Tokenizer for some value seperated files/data + */ + +#ifndef VALUE_SEPARATED_TOKENIZER_H +#define VALUE_SEPARATED_TOKENIZER_H + +#include<dpl/test/abstract_input_tokenizer.h> +#include<dpl/test/value_separated_tokens.h> +#include<dpl/binary_queue.h> + + +namespace VcoreDPL { + +/** + * Value Sperated tokenizer + * + * Requires following policy class: + * + * struct TokenizerPolicy + * { + * static std::string GetSeperators(); + * static bool SkipEmpty(); + * static void PrepareValue(std::string & value); + * }; + */ +template<class TokenizerPolicy> +class VSTokenizer : public AbstractInputTokenizer<VSToken> +{ +public: + VSTokenizer() {} + + void Reset(std::shared_ptr<AbstractInput> ia) + { + AbstractInputTokenizer<VSToken>::Reset(ia); + m_queue.Clear(); + m_finished = false; + m_newline = false; + } + + std::unique_ptr<VSToken> GetNextToken() + { + std::unique_ptr<VSToken> token; + std::string data; + char byte; + int tryNumber = 0; + + while(true) + { + //check if newline was approched + if(m_newline) + { + token.reset(new VSToken()); + m_newline = false; + return token; + } + + //read next data + if(m_queue.Empty()) + { + if(m_finished) + { + return token; + } + else + { + auto baptr = m_input->Read(4096); + if(baptr.get() == 0) + { + ThrowMsg(Exception::TokenizerError, "Input read failed"); + } + if(baptr->Empty()) + { + if(TokenizerPolicy::TryAgainAtEnd(tryNumber)) + { + ++tryNumber; + continue; + } + m_finished = true; + return token; + } + m_queue.AppendMoveFrom(*baptr); + } + } + + //process + m_queue.FlattenConsume(&byte, 1); //queue uses pointer to consume bytes, this do not causes reallocations + if(byte == '\n') + { + m_newline = true; + if(!data.empty() || !TokenizerPolicy::SkipEmpty()) + { + ProduceString(token, data); + return token; + } + } + else if(TokenizerPolicy::GetSeperators().find(byte) != std::string::npos) + { + if(!data.empty() || !TokenizerPolicy::SkipEmpty()) + { + ProduceString(token, data); + return token; + } + } + else + { + data += byte; + } + } + } + + bool IsStateValid() + { + if(!m_queue.Empty() && m_finished) return false; + return true; + } + +protected: + void ProduceString(std::unique_ptr<VSToken> & token, std::string & data) + { + TokenizerPolicy::PrepareValue(data); + token.reset(new VSToken(data)); + } + + BinaryQueue m_queue; + bool m_finished; + bool m_newline; +}; + +} + +#endif diff --git a/vcore/src/dpl/test/include/dpl/test/value_separated_tokens.h b/vcore/src/dpl/test/include/dpl/test/value_separated_tokens.h new file mode 100644 index 0000000..f0e9938 --- /dev/null +++ b/vcore/src/dpl/test/include/dpl/test/value_separated_tokens.h @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file value_separated_tokens.h + * @author Tomasz Iwanek (t.iwanek@samsung.com) + * @brief Token class for some value seperated files/data + */ + +#ifndef VALUE_SEPARATED_TOKENS_H +#define VALUE_SEPARATED_TOKENS_H + +#include<string> + +namespace VcoreDPL { + +class VSToken +{ +public: + VSToken(const std::string & c); + VSToken(); //newline token - no new class to simplify + const std::string & cell() const; + + bool isNewLine(); +private: + bool m_newline; + std::string m_cell; +}; + +} + +#endif diff --git a/vcore/src/dpl/test/src/process_pipe.cpp b/vcore/src/dpl/test/src/process_pipe.cpp new file mode 100644 index 0000000..11023f7 --- /dev/null +++ b/vcore/src/dpl/test/src/process_pipe.cpp @@ -0,0 +1,83 @@ +/* + * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file process_pipe.cpp + * @author Tomasz Iwanek (t.iwanek@samsung.com) + * @version 1.0 + * @brief This file is the implementation pipe from process + */ + +#include<dpl/test/process_pipe.h> +#include<dpl/log/vcore_log.h> + +namespace VcoreDPL { + +ProcessPipe::ProcessPipe(PipeErrorPolicy err) : m_file(NULL), m_errPolicy(err) +{ +} + +ProcessPipe::~ProcessPipe() +{ +} + +void ProcessPipe::Open(const std::string & command) +{ + if(m_file != NULL) + { + ThrowMsg(Exception::DoubleOpen, "Trying to open pipe second time. Close it first"); + } + + std::string stdErrRedirection; + switch(m_errPolicy) + { + case PipeErrorPolicy::NONE: break; + case PipeErrorPolicy::OFF: stdErrRedirection = " 2>/dev/null"; break; + case PipeErrorPolicy::PIPE: stdErrRedirection = " 2>&1"; break; + default: break; + } + + std::string fcommand = command + stdErrRedirection; + FILE * file = popen(fcommand.c_str(), "r"); + + // Throw an exception if an error occurred + if (file == NULL) { + ThrowMsg(FileInput::Exception::OpenFailed, fcommand); + } + + // Save new descriptor + m_file = file; + m_fd = fileno(m_file); + + VcoreLogD("Opened pipe: %s", fcommand.c_str()); +} + +void ProcessPipe::Close() +{ + if (m_fd == -1) { + return; + } + + if (pclose(m_file) == -1) { + Throw(FileInput::Exception::CloseFailed); + } + + m_fd = -1; + m_file = NULL; + + VcoreLogD("Closed pipe"); +} + +} diff --git a/vcore/src/dpl/test/src/test_results_collector.cpp b/vcore/src/dpl/test/src/test_results_collector.cpp new file mode 100644 index 0000000..e64da8a --- /dev/null +++ b/vcore/src/dpl/test/src/test_results_collector.cpp @@ -0,0 +1,984 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file test_results_collector.h + * @author Lukasz Wrzosek (l.wrzosek@samsung.com) + * @version 1.0 + * @brief Implementation file some concrete TestResulstsCollector + */ +#include <cstddef> +#include <dpl/test/test_results_collector.h> +#include <dpl/colors.h> +#include <dpl/assert.h> +#include <dpl/foreach.h> +#include <dpl/scoped_fclose.h> +#include <dpl/exception.h> +#include <dpl/errno_string.h> +#include <dpl/lexical_cast.h> +#include <dpl/availability.h> + +#include <string> +#include <string.h> +#include <cstdio> +#include <fstream> +#include <sstream> +#include <cstdlib> + +#define GREEN_RESULT_OK "[%s%s%s]\n", BOLD_GREEN_BEGIN, " OK ", \ + BOLD_GREEN_END + +namespace VcoreDPL { +namespace Test { +namespace { +const char *DEFAULT_HTML_FILE_NAME = "index.html"; +const char *DEFAULT_TAP_FILE_NAME = "results.tap"; +const char *DEFAULT_XML_FILE_NAME = "results.xml"; + +bool ParseCollectorFileArg(const std::string &arg, std::string &filename) +{ + const std::string argname = "--file="; + if (arg.find(argname) == 0 ) { + filename = arg.substr(argname.size()); + return true; + } + return false; +} + +class Statistic +{ + public: + Statistic() : + m_failed(0), + m_ignored(0), + m_passed(0), + m_count(0) + {} + + void AddTest(TestResultsCollectorBase::FailStatus::Type type) + { + ++m_count; + switch (type) { + case TestResultsCollectorBase::FailStatus::INTERNAL: + case TestResultsCollectorBase::FailStatus::FAILED: ++m_failed; + break; + case TestResultsCollectorBase::FailStatus::IGNORED: ++m_ignored; + break; + case TestResultsCollectorBase::FailStatus::NONE: ++m_passed; + break; + default: + Assert(false && "Bad FailStatus"); + } + } + + std::size_t GetTotal() const + { + return m_count; + } + std::size_t GetPassed() const + { + return m_passed; + } + std::size_t GetSuccesed() const + { + return m_passed; + } + std::size_t GetFailed() const + { + return m_failed; + } + std::size_t GetIgnored() const + { + return m_ignored; + } + float GetPassedOrIgnoredPercend() const + { + float passIgnoredPercent = + 100.0f * (static_cast<float>(m_passed) + + static_cast<float>(m_ignored)) + / static_cast<float>(m_count); + return passIgnoredPercent; + } + + private: + std::size_t m_failed; + std::size_t m_ignored; + std::size_t m_passed; + std::size_t m_count; +}; + +class ConsoleCollector : + public TestResultsCollectorBase +{ + public: + static TestResultsCollectorBase* Constructor(); + + private: + ConsoleCollector() {} + + virtual void CollectCurrentTestGroupName(const std::string& name) + { + printf("Starting group %s\n", name.c_str()); + m_currentGroup = name; + } + + virtual void Finish() + { + using namespace VcoreDPL::Colors::Text; + + // Show result + FOREACH(group, m_groupsStats) { + PrintStats(group->first, group->second); + } + PrintStats("All tests together", m_stats); + } + + virtual void CollectResult(const std::string& id, + const std::string& /*description*/, + const FailStatus::Type status = FailStatus::NONE, + const std::string& reason = "") + { + using namespace VcoreDPL::Colors::Text; + std::string tmp = "'" + id + "' ..."; + + printf("Running test case %-60s", tmp.c_str()); + switch (status) { + case TestResultsCollectorBase::FailStatus::NONE: + printf(GREEN_RESULT_OK); + break; + case TestResultsCollectorBase::FailStatus::FAILED: + PrintfErrorMessage(" FAILED ", reason, true); + break; + case TestResultsCollectorBase::FailStatus::IGNORED: + PrintfIgnoredMessage("Ignored ", reason, true); + break; + case TestResultsCollectorBase::FailStatus::INTERNAL: + PrintfErrorMessage("INTERNAL", reason, true); + break; + default: + Assert(false && "Bad status"); + } + m_stats.AddTest(status); + m_groupsStats[m_currentGroup].AddTest(status); + } + + void PrintfErrorMessage(const char* type, + const std::string& message, + bool verbosity) + { + using namespace VcoreDPL::Colors::Text; + if (verbosity) { + printf("[%s%s%s] %s%s%s\n", + BOLD_RED_BEGIN, + type, + BOLD_RED_END, + BOLD_YELLOW_BEGIN, + message.c_str(), + BOLD_YELLOW_END); + } else { + printf("[%s%s%s]\n", + BOLD_RED_BEGIN, + type, + BOLD_RED_END); + } + } + + void PrintfIgnoredMessage(const char* type, + const std::string& message, + bool verbosity) + { + using namespace VcoreDPL::Colors::Text; + if (verbosity) { + printf("[%s%s%s] %s%s%s\n", + CYAN_BEGIN, + type, + CYAN_END, + BOLD_GOLD_BEGIN, + message.c_str(), + BOLD_GOLD_END); + } else { + printf("[%s%s%s]\n", + CYAN_BEGIN, + type, + CYAN_END); + } + } + + void PrintStats(const std::string& title, const Statistic& stats) + { + using namespace VcoreDPL::Colors::Text; + printf("\n%sResults [%s]: %s\n", BOLD_GREEN_BEGIN, + title.c_str(), BOLD_GREEN_END); + printf("%s%s%3d%s\n", + CYAN_BEGIN, + "Total tests: ", + stats.GetTotal(), + CYAN_END); + printf(" %s%s%3d%s\n", + CYAN_BEGIN, + "Succeeded: ", + stats.GetPassed(), + CYAN_END); + printf(" %s%s%3d%s\n", + CYAN_BEGIN, + "Failed: ", + stats.GetFailed(), + CYAN_END); + printf(" %s%s%3d%s\n", + CYAN_BEGIN, + "Ignored: ", + stats.GetIgnored(), + CYAN_END); + } + + Statistic m_stats; + std::map<std::string, Statistic> m_groupsStats; + std::string m_currentGroup; +}; + +TestResultsCollectorBase* ConsoleCollector::Constructor() +{ + return new ConsoleCollector(); +} + +class HtmlCollector : + public TestResultsCollectorBase +{ + public: + static TestResultsCollectorBase* Constructor(); + + private: + HtmlCollector() : m_filename(DEFAULT_HTML_FILE_NAME) {} + + virtual void CollectCurrentTestGroupName(const std::string& name) + { + fprintf(m_fp.Get(), "<b>Starting group %s", name.c_str()); + m_currentGroup = name; + } + + virtual bool Configure() + { + m_fp.Reset(fopen(m_filename.c_str(), "w")); + if (!m_fp) + return false; + + return true; + } + virtual std::string CollectorSpecificHelp() const + { + return "--file=<filename> - name of file for output\n" + " default - index.html\n"; + } + + virtual void Start(int count) + { + DPL_UNUSED_PARAM(count); + AssertMsg(!!m_fp, "File handle must not be null"); + fprintf(m_fp.Get(), + "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0" + "Transitional//EN\" " + "\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\"" + ">\n"); + fprintf(m_fp.Get(), + "<html xmlns=\"http://www.w3.org/1999/xhtml\" " + "lang=\"en\" dir=\"ltr\">\n"); + fprintf(m_fp.Get(), "<body style=\"background-color: black;\">\n"); + fprintf(m_fp.Get(), "<pre>\n"); + fprintf(m_fp.Get(), "<font color=\"white\">\n"); + } + + virtual void Finish() + { + using namespace VcoreDPL::Colors::Html; + // Show result + FOREACH(group, m_groupsStats) { + PrintStats(group->first, group->second); + } + PrintStats("All tests together", m_stats); + fprintf(m_fp.Get(), "</font>\n"); + fprintf(m_fp.Get(), "</pre>\n"); + fprintf(m_fp.Get(), "</body>\n"); + fprintf(m_fp.Get(), "</html>\n"); + } + + virtual bool ParseCollectorSpecificArg(const std::string& arg) + { + return ParseCollectorFileArg(arg, m_filename); + } + + virtual void CollectResult(const std::string& id, + const std::string& /*description*/, + const FailStatus::Type status = FailStatus::NONE, + const std::string& reason = "") + { + using namespace VcoreDPL::Colors::Html; + std::string tmp = "'" + id + "' ..."; + + fprintf(m_fp.Get(), "Running test case %-100s", tmp.c_str()); + switch (status) { + case TestResultsCollectorBase::FailStatus::NONE: + fprintf(m_fp.Get(), GREEN_RESULT_OK); + break; + case TestResultsCollectorBase::FailStatus::FAILED: + PrintfErrorMessage(" FAILED ", reason, true); + break; + case TestResultsCollectorBase::FailStatus::IGNORED: + PrintfIgnoredMessage("Ignored ", reason, true); + break; + case TestResultsCollectorBase::FailStatus::INTERNAL: + PrintfErrorMessage("INTERNAL", reason, true); + break; + default: + Assert(false && "Bad status"); + } + m_groupsStats[m_currentGroup].AddTest(status); + m_stats.AddTest(status); + } + + void PrintfErrorMessage(const char* type, + const std::string& message, + bool verbosity) + { + using namespace VcoreDPL::Colors::Html; + if (verbosity) { + fprintf(m_fp.Get(), + "[%s%s%s] %s%s%s\n", + BOLD_RED_BEGIN, + type, + BOLD_RED_END, + BOLD_YELLOW_BEGIN, + message.c_str(), + BOLD_YELLOW_END); + } else { + fprintf(m_fp.Get(), + "[%s%s%s]\n", + BOLD_RED_BEGIN, + type, + BOLD_RED_END); + } + } + + void PrintfIgnoredMessage(const char* type, + const std::string& message, + bool verbosity) + { + using namespace VcoreDPL::Colors::Html; + + if (verbosity) { + fprintf(m_fp.Get(), + "[%s%s%s] %s%s%s\n", + CYAN_BEGIN, + type, + CYAN_END, + BOLD_GOLD_BEGIN, + message.c_str(), + BOLD_GOLD_END); + } else { + fprintf(m_fp.Get(), + "[%s%s%s]\n", + CYAN_BEGIN, + type, + CYAN_END); + } + } + + void PrintStats(const std::string& name, const Statistic& stats) + { + using namespace VcoreDPL::Colors::Html; + fprintf( + m_fp.Get(), "\n%sResults [%s]:%s\n", BOLD_GREEN_BEGIN, + name.c_str(), BOLD_GREEN_END); + fprintf( + m_fp.Get(), "%s%s%3d%s\n", CYAN_BEGIN, + "Total tests: ", stats.GetTotal(), CYAN_END); + fprintf( + m_fp.Get(), " %s%s%3d%s\n", CYAN_BEGIN, + "Succeeded: ", stats.GetPassed(), CYAN_END); + fprintf( + m_fp.Get(), " %s%s%3d%s\n", CYAN_BEGIN, + "Failed: ", stats.GetFailed(), CYAN_END); + fprintf( + m_fp.Get(), " %s%s%3d%s\n", CYAN_BEGIN, + "Ignored: ", stats.GetIgnored(), CYAN_END); + } + + std::string m_filename; + ScopedFClose m_fp; + Statistic m_stats; + std::string m_currentGroup; + std::map<std::string, Statistic> m_groupsStats; +}; + +TestResultsCollectorBase* HtmlCollector::Constructor() +{ + return new HtmlCollector(); +} + +class XmlCollector : + public TestResultsCollectorBase +{ + public: + static TestResultsCollectorBase* Constructor(); + + private: + XmlCollector() : m_filename(DEFAULT_XML_FILE_NAME) {} + + virtual void CollectCurrentTestGroupName(const std::string& name) + { + std::size_t pos = GetCurrentGroupPosition(); + if (std::string::npos != pos) { + GroupFinish(pos); + FlushOutput(); + m_stats = Statistic(); + } + + pos = m_outputBuffer.find("</testsuites>"); + if (std::string::npos == pos) { + ThrowMsg(VcoreDPL::Exception, "Could not find test suites closing tag"); + } + GroupStart(pos, name); + } + + void GroupStart(const std::size_t pos, const std::string& name) + { + std::stringstream groupHeader; + groupHeader << "\n\t<testsuite"; + groupHeader << " name=\"" << EscapeSpecialCharacters(name) << "\""; + groupHeader << R"( tests="1")"; // include SegFault + groupHeader << R"( failures="1")"; // include SegFault + groupHeader << R"( skipped="0")"; + groupHeader << ">"; + + groupHeader << "\n\t\t<testcase name=\"unknown\" status=\"FAILED\">"; + groupHeader << + "\n\t\t\t<failure type=\"FAILED\" message=\"segmentation fault\"/>"; + groupHeader << "\n\t\t</testcase>"; + + groupHeader << "\n\t</testsuite>"; + + m_outputBuffer.insert(pos - 1, groupHeader.str()); + } + + virtual bool Configure() + { + m_fp.Reset(fopen(m_filename.c_str(), "w")); + if (!m_fp) + return false; + + return true; + } + + virtual std::string CollectorSpecificHelp() const + { + return "--file=<filename> - name of file for output\n" + " default - results.xml\n"; + } + + virtual void Start(int count) + { + AssertMsg(!!m_fp, "File handle must not be null"); + m_outputBuffer.append("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n"); + m_outputBuffer.append("<testsuites "); + if(count >= 0) + { + m_outputBuffer.append("total=\""); + m_outputBuffer.append(VcoreDPL::lexical_cast<std::string>(count)); + m_outputBuffer.append("\""); + } + m_outputBuffer.append(" >\n</testsuites>"); + FlushOutput(); + } + + virtual void Finish() + { + std::size_t pos = GetCurrentGroupPosition(); + if (std::string::npos != pos) { + GroupFinish(pos); + FlushOutput(); + } + } + + virtual bool ParseCollectorSpecificArg(const std::string& arg) + { + return ParseCollectorFileArg(arg, m_filename); + } + + virtual void CollectResult(const std::string& id, + const std::string& /*description*/, + const FailStatus::Type status = FailStatus::NONE, + const std::string& reason = "") + { + m_resultBuffer.erase(); + m_resultBuffer.append("\t\t<testcase name=\""); + m_resultBuffer.append(EscapeSpecialCharacters(id)); + m_resultBuffer.append("\""); + switch (status) { + case TestResultsCollectorBase::FailStatus::NONE: + m_resultBuffer.append(" status=\"OK\"/>\n"); + break; + case TestResultsCollectorBase::FailStatus::FAILED: + m_resultBuffer.append(" status=\"FAILED\">\n"); + PrintfErrorMessage("FAILED", EscapeSpecialCharacters(reason), true); + m_resultBuffer.append("\t\t</testcase>\n"); + break; + case TestResultsCollectorBase::FailStatus::IGNORED: + m_resultBuffer.append(" status=\"Ignored\">\n"); + PrintfIgnoredMessage("Ignored", EscapeSpecialCharacters( + reason), true); + m_resultBuffer.append("\t\t</testcase>\n"); + break; + case TestResultsCollectorBase::FailStatus::INTERNAL: + m_resultBuffer.append(" status=\"FAILED\">\n"); + PrintfErrorMessage("INTERNAL", EscapeSpecialCharacters( + reason), true); + m_resultBuffer.append("\t\t</testcase>"); + break; + default: + Assert(false && "Bad status"); + } + std::size_t group_pos = GetCurrentGroupPosition(); + if (std::string::npos == group_pos) { + ThrowMsg(VcoreDPL::Exception, "No current group set"); + } + + std::size_t last_case_pos = m_outputBuffer.find( + "<testcase name=\"unknown\"", + group_pos); + if (std::string::npos == last_case_pos) { + ThrowMsg(VcoreDPL::Exception, "Could not find SegFault test case"); + } + m_outputBuffer.insert(last_case_pos - 2, m_resultBuffer); + + m_stats.AddTest(status); + + UpdateGroupHeader(group_pos, + m_stats.GetTotal() + 1, // include SegFault + m_stats.GetFailed() + 1, // include SegFault + m_stats.GetIgnored()); + FlushOutput(); + } + + std::size_t GetCurrentGroupPosition() const + { + return m_outputBuffer.rfind("<testsuite "); + } + + void UpdateGroupHeader(const std::size_t groupPosition, + const unsigned int tests, + const unsigned int failures, + const unsigned int skipped) + { + UpdateElementAttribute(groupPosition, "tests", UIntToString(tests)); + UpdateElementAttribute(groupPosition, "failures", UIntToString(failures)); + UpdateElementAttribute(groupPosition, "skipped", UIntToString(skipped)); + } + + void UpdateElementAttribute(const std::size_t elementPosition, + const std::string& name, + const std::string& value) + { + std::string pattern = name + "=\""; + + std::size_t start = m_outputBuffer.find(pattern, elementPosition); + if (std::string::npos == start) { + ThrowMsg(VcoreDPL::Exception, + "Could not find attribute " << name << " beginning"); + } + + std::size_t end = m_outputBuffer.find("\"", start + pattern.length()); + if (std::string::npos == end) { + ThrowMsg(VcoreDPL::Exception, + "Could not find attribute " << name << " end"); + } + + m_outputBuffer.replace(start + pattern.length(), + end - start - pattern.length(), + value); + } + + std::string UIntToString(const unsigned int value) + { + std::stringstream result; + result << value; + return result.str(); + } + + void GroupFinish(const std::size_t groupPosition) + { + std::size_t segFaultStart = + m_outputBuffer.find("<testcase name=\"unknown\"", groupPosition); + if (std::string::npos == segFaultStart) { + ThrowMsg(VcoreDPL::Exception, + "Could not find SegFault test case start position"); + } + segFaultStart -= 2; // to erase tabs + + std::string closeTag = "</testcase>"; + std::size_t segFaultEnd = m_outputBuffer.find(closeTag, segFaultStart); + if (std::string::npos == segFaultEnd) { + ThrowMsg(VcoreDPL::Exception, + "Could not find SegFault test case end position"); + } + segFaultEnd += closeTag.length() + 1; // to erase new line + + m_outputBuffer.erase(segFaultStart, segFaultEnd - segFaultStart); + + UpdateGroupHeader(groupPosition, + m_stats.GetTotal(), + m_stats.GetFailed(), + m_stats.GetIgnored()); + } + + void FlushOutput() + { + int fd = fileno(m_fp.Get()); + if (-1 == fd) { + int error = errno; + ThrowMsg(VcoreDPL::Exception, VcoreDPL::GetErrnoString(error)); + } + + if (-1 == TEMP_FAILURE_RETRY(ftruncate(fd, 0L))) { + int error = errno; + ThrowMsg(VcoreDPL::Exception, VcoreDPL::GetErrnoString(error)); + } + + if (-1 == TEMP_FAILURE_RETRY(fseek(m_fp.Get(), 0L, SEEK_SET))) { + int error = errno; + ThrowMsg(VcoreDPL::Exception, VcoreDPL::GetErrnoString(error)); + } + + if (m_outputBuffer.size() != + fwrite(m_outputBuffer.c_str(), 1, m_outputBuffer.size(), + m_fp.Get())) + { + int error = errno; + ThrowMsg(VcoreDPL::Exception, VcoreDPL::GetErrnoString(error)); + } + + if (-1 == TEMP_FAILURE_RETRY(fflush(m_fp.Get()))) { + int error = errno; + ThrowMsg(VcoreDPL::Exception, VcoreDPL::GetErrnoString(error)); + } + } + + void PrintfErrorMessage(const char* type, + const std::string& message, + bool verbosity) + { + if (verbosity) { + m_resultBuffer.append("\t\t\t<failure type=\""); + m_resultBuffer.append(EscapeSpecialCharacters(type)); + m_resultBuffer.append("\" message=\""); + m_resultBuffer.append(EscapeSpecialCharacters(message)); + m_resultBuffer.append("\"/>\n"); + } else { + m_resultBuffer.append("\t\t\t<failure type=\""); + m_resultBuffer.append(EscapeSpecialCharacters(type)); + m_resultBuffer.append("\"/>\n"); + } + } + + void PrintfIgnoredMessage(const char* type, + const std::string& message, + bool verbosity) + { + if (verbosity) { + m_resultBuffer.append("\t\t\t<skipped type=\""); + m_resultBuffer.append(EscapeSpecialCharacters(type)); + m_resultBuffer.append("\" message=\""); + m_resultBuffer.append(EscapeSpecialCharacters(message)); + m_resultBuffer.append("\"/>\n"); + } else { + m_resultBuffer.append("\t\t\t<skipped type=\""); + m_resultBuffer.append(EscapeSpecialCharacters(type)); + m_resultBuffer.append("\"/>\n"); + } + } + + std::string EscapeSpecialCharacters(std::string s) + { + for (unsigned int i = 0; i < s.size();) { + switch (s[i]) { + case '"': + s.erase(i, 1); + s.insert(i, """); + i += 6; + break; + + case '&': + s.erase(i, 1); + s.insert(i, "&"); + i += 5; + break; + + case '<': + s.erase(i, 1); + s.insert(i, "<"); + i += 4; + break; + + case '>': + s.erase(i, 1); + s.insert(i, ">"); + i += 4; + break; + + case '\'': + s.erase(i, 1); + s.insert(i, "'"); + i += 5; + break; + default: + ++i; + break; + } + } + return s; + } + + std::string m_filename; + ScopedFClose m_fp; + Statistic m_stats; + std::string m_outputBuffer; + std::string m_resultBuffer; +}; + +TestResultsCollectorBase* XmlCollector::Constructor() +{ + return new XmlCollector(); +} + +class CSVCollector : + public TestResultsCollectorBase +{ + public: + static TestResultsCollectorBase* Constructor(); + + private: + CSVCollector() {} + + virtual void Start(int count) + { + DPL_UNUSED_PARAM(count); + printf("GROUP;ID;RESULT;REASON\n"); + } + + virtual void CollectCurrentTestGroupName(const std::string& name) + { + m_currentGroup = name; + } + + virtual void CollectResult(const std::string& id, + const std::string& /*description*/, + const FailStatus::Type status = FailStatus::NONE, + const std::string& reason = "") + { + std::string statusMsg = ""; + switch (status) { + case TestResultsCollectorBase::FailStatus::NONE: statusMsg = "OK"; + break; + case TestResultsCollectorBase::FailStatus::FAILED: statusMsg = "FAILED"; + break; + case TestResultsCollectorBase::FailStatus::IGNORED: statusMsg = + "IGNORED"; + break; + case TestResultsCollectorBase::FailStatus::INTERNAL: statusMsg = + "FAILED"; + break; + default: + Assert(false && "Bad status"); + } + printf("%s;%s;%s;%s\n", + m_currentGroup.c_str(), + id.c_str(), + statusMsg.c_str(), + reason.c_str()); + } + + std::string m_currentGroup; +}; + +TestResultsCollectorBase* CSVCollector::Constructor() +{ + return new CSVCollector(); +} +} + +class TAPCollector : + public TestResultsCollectorBase +{ + public: + static TestResultsCollectorBase* Constructor(); + + private: + TAPCollector() : m_filename(DEFAULT_TAP_FILE_NAME) {} + + virtual bool Configure() + { + m_output.open(m_filename.c_str(), std::ios_base::trunc); + if (m_output.fail()) + return false; + + return true; + } + virtual std::string CollectorSpecificHelp() const + { + std::string retVal = "--file=<filename> - name of file for output\n" + " default - "; + retVal += DEFAULT_TAP_FILE_NAME; + retVal += "\n"; + return retVal; + } + + virtual void Start(int count) + { + DPL_UNUSED_PARAM(count); + AssertMsg(m_output.good(), "Output file must be opened."); + m_output << "TAP version 13" << std::endl; + m_testIndex = 0; + } + + virtual void Finish() + { + m_output << "1.." << m_testIndex << std::endl; + m_output << m_collectedData.rdbuf(); + m_output.close(); + } + + virtual bool ParseCollectorSpecificArg(const std::string& arg) + { + return ParseCollectorFileArg(arg, m_filename); + } + + virtual void CollectResult(const std::string& id, + const std::string& description, + const FailStatus::Type status = FailStatus::NONE, + const std::string& reason = "") + { + m_testIndex++; + switch (status) { + case TestResultsCollectorBase::FailStatus::NONE: + LogBasicTAP(true, id, description); + endTAPLine(); + break; + case TestResultsCollectorBase::FailStatus::FAILED: + LogBasicTAP(false, id, description); + endTAPLine(); + break; + case TestResultsCollectorBase::FailStatus::IGNORED: + LogBasicTAP(true, id, description); + m_collectedData << " # skip " << reason; + endTAPLine(); + break; + case TestResultsCollectorBase::FailStatus::INTERNAL: + LogBasicTAP(true, id, description); + endTAPLine(); + m_collectedData << " ---" << std::endl; + m_collectedData << " message: " << reason << std::endl; + m_collectedData << " severity: Internal" << std::endl; + m_collectedData << " ..." << std::endl; + break; + default: + Assert(false && "Bad status"); + } + } + + void LogBasicTAP(bool isOK, const std::string& id, + const std::string& description) + { + if (!isOK) { + m_collectedData << "not "; + } + m_collectedData << "ok " << m_testIndex << " [" << + id << "] " << description; + } + + void endTAPLine() + { + m_collectedData << std::endl; + } + + std::string m_filename; + std::stringstream m_collectedData; + std::ofstream m_output; + int m_testIndex; +}; + +TestResultsCollectorBase* TAPCollector::Constructor() +{ + return new TAPCollector(); +} + +void TestResultsCollectorBase::RegisterCollectorConstructor( + const std::string& name, + TestResultsCollectorBase::CollectorConstructorFunc func) +{ + Assert(m_constructorsMap.find(name) == m_constructorsMap.end()); + m_constructorsMap[name] = func; +} + +TestResultsCollectorBase* TestResultsCollectorBase::Create( + const std::string& name) +{ + ConstructorsMap::iterator found = m_constructorsMap.find(name); + if (found != m_constructorsMap.end()) { + return found->second(); + } else { + return NULL; + } +} + +std::vector<std::string> TestResultsCollectorBase::GetCollectorsNames() +{ + std::vector<std::string> list; + FOREACH(it, m_constructorsMap) + { + list.push_back(it->first); + } + return list; +} + +TestResultsCollectorBase::ConstructorsMap TestResultsCollectorBase:: + m_constructorsMap; + +namespace { +static int RegisterCollectorConstructors(); +static const int RegisterHelperVariable = RegisterCollectorConstructors(); +int RegisterCollectorConstructors() +{ + (void)RegisterHelperVariable; + + TestResultsCollectorBase::RegisterCollectorConstructor( + "text", + &ConsoleCollector::Constructor); + TestResultsCollectorBase::RegisterCollectorConstructor( + "html", + &HtmlCollector::Constructor); + TestResultsCollectorBase::RegisterCollectorConstructor( + "csv", + &CSVCollector::Constructor); + TestResultsCollectorBase::RegisterCollectorConstructor( + "tap", + &TAPCollector::Constructor); + TestResultsCollectorBase::RegisterCollectorConstructor( + "xml", + &XmlCollector::Constructor); + + return 0; +} +} +} +} +#undef GREEN_RESULT_OK diff --git a/vcore/src/dpl/test/src/test_runner.cpp b/vcore/src/dpl/test/src/test_runner.cpp new file mode 100644 index 0000000..5002bfd --- /dev/null +++ b/vcore/src/dpl/test/src/test_runner.cpp @@ -0,0 +1,696 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file test_runner.cpp + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @author Lukasz Wrzosek (l.wrzosek@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of test runner + */ +#include <stddef.h> +#include <dpl/test/test_runner.h> +#include <dpl/test/test_results_collector.h> +#include <dpl/exception.h> +#include <dpl/free_deleter.h> +#include <memory> +#include <dpl/foreach.h> +#include <dpl/colors.h> +#include <pcrecpp.h> +#include <algorithm> +#include <cstdio> +#include <memory.h> +#include <libgen.h> +#include <cstring> +#include <cstdlib> + +#include <libxml/xpath.h> +#include <libxml/xpathInternals.h> +#include <libxml/parser.h> +#include <libxml/tree.h> + +#include <dpl/singleton_impl.h> +IMPLEMENT_SINGLETON(VcoreDPL::Test::TestRunner) + +namespace { + +std::string getXMLNode(xmlNodePtr node) +{ + std::string ret; + xmlChar * value = xmlNodeGetContent(node); + if (value != NULL) { + ret = std::string(reinterpret_cast<char*>(value)); + xmlFree(value); + } + return ret; +} + +} + + +namespace VcoreDPL { +namespace Test { +namespace // anonymous +{ +std::string BaseName(std::string aPath) +{ + std::unique_ptr<char[],free_deleter> path(strdup(aPath.c_str())); + if (NULL == path.get()) { + throw std::bad_alloc(); + } + char* baseName = basename(path.get()); + std::string retValue = baseName; + return retValue; +} +} // namespace anonymous + +//! \brief Failed test message creator +//! +//! \param[in] aTest string for tested expression +//! \param[in] aFile source file name +//! \param[in] aLine source file line +//! \param[in] aMessage error message +TestRunner::TestFailed::TestFailed(const char* aTest, + const char* aFile, + int aLine, + const std::string &aMessage) +{ + std::ostringstream assertMsg; + assertMsg << "[" << BaseName(aFile) << ":" << aLine + << "] Assertion failed (" + << aTest << ") " << aMessage; + m_message = assertMsg.str(); +} + +TestRunner::TestFailed::TestFailed(const std::string &message) +{ + m_message = message; +} + +void TestRunner::RegisterTest(const char *testName, TestCase proc) +{ + m_testGroups[m_currentGroup].push_back(TestCaseStruct(testName, proc)); +} + +void TestRunner::InitGroup(const char* name) +{ + m_currentGroup = name; +} + +void TestRunner::normalizeXMLTag(std::string& str, const std::string& testcase) +{ + //Add testcase if missing + std::string::size_type pos = str.find(testcase); + if(pos != 0) + { + str = testcase + "_" + str; + } + + //dpl test runner cannot have '-' character in name so it have to be replaced + // for TCT case to make comparision works + std::replace(str.begin(), str.end(), '-', '_'); +} + +bool TestRunner::filterGroupsByXmls(const std::vector<std::string> & files) +{ + DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, XMLError) + + const std::string idPath = "/test_definition/suite/set/testcase/@id"; + + bool success = true; + std::map<std::string, bool> casesMap; + + std::string testsuite; + if(!m_testGroups.empty()) + { + for(TestCaseGroupMap::const_iterator cit = m_testGroups.begin(); cit != m_testGroups.end(); ++cit) + { + if(!cit->second.empty()) + { + for(TestCaseStructList::const_iterator cj = cit->second.begin(); cj != cit->second.end(); ++cj) + { + std::string name = cj->name; + std::string::size_type st = name.find('_'); + if(st != std::string::npos) + { + name = name.substr(0, st); + testsuite = name; + break; + } + } + if(!testsuite.empty()) break; + } + } + } + + xmlInitParser(); + LIBXML_TEST_VERSION + xmlXPathInit(); + + Try + { + FOREACH(file, files) + { + xmlDocPtr doc; + xmlXPathContextPtr xpathCtx; + + doc = xmlReadFile(file->c_str(), NULL, 0); + if (doc == NULL) { + ThrowMsg(XMLError, "File Problem"); + } else { + //context + xpathCtx = xmlXPathNewContext(doc); + if (xpathCtx == NULL) { + ThrowMsg(XMLError, + "Error: unable to create new XPath context\n"); + } + xpathCtx->node = xmlDocGetRootElement(doc); + } + + std::string result; + xmlXPathObjectPtr xpathObject; + //get requested node's values + xpathObject = xmlXPathEvalExpression(BAD_CAST idPath.c_str(), xpathCtx); + if (xpathObject == NULL) + { + ThrowMsg(XMLError, "XPath evaluation failure: " << idPath); + } + xmlNodeSetPtr nodes = xpathObject->nodesetval; + unsigned size = (nodes) ? nodes->nodeNr : 0; + for(unsigned i = 0; i < size; ++i) + { + if (nodes->nodeTab[i]->type == XML_ATTRIBUTE_NODE) { + xmlNodePtr curNode = nodes->nodeTab[i]; + result = getXMLNode(curNode); + normalizeXMLTag(result, testsuite); + casesMap.insert(make_pair(result, false)); + } + } + //Cleanup of XPath data + xmlXPathFreeObject(xpathObject); + xmlXPathFreeContext(xpathCtx); + xmlFreeDoc(doc); + } + } + Catch(XMLError) + { + success = false; + } + xmlCleanupParser(); + + if(!filterByXML(casesMap)) + { + success = false; + } + + return success; +} + +bool TestRunner::filterByXML(std::map<std::string, bool> & casesMap) +{ + FOREACH(group, m_testGroups) { + TestCaseStructList newList; + FOREACH(iterator, group->second) + { + if (casesMap.find(iterator->name) != casesMap.end()) { + casesMap[iterator->name] = true; + newList.push_back(*iterator); + } + } + group->second = newList; + } + FOREACH(cs, casesMap) + { + if(cs->second == false) + { + return false; + } + } + return true; +} + +TestRunner::Status TestRunner::RunTestCase(const TestCaseStruct& testCase) +{ + try { + testCase.proc(); + } catch (const TestFailed &e) { + // Simple test failure + CollectResult(testCase.name, + "", + TestResultsCollectorBase::FailStatus::FAILED, + e.GetMessage()); + return FAILED; + } catch (const Ignored &e) { + if (m_runIgnored) { + // Simple test have to be implemented + CollectResult(testCase.name, + "", + TestResultsCollectorBase::FailStatus::IGNORED, + e.GetMessage()); + } + + return IGNORED; + } catch (const VcoreDPL::Exception &e) { + // DPL exception failure + CollectResult(testCase.name, + "", + TestResultsCollectorBase::FailStatus::INTERNAL, + "DPL exception:" + e.GetMessage() + "\n" + e.DumpToString()); + + return FAILED; + } catch (const std::exception &) { + // std exception failure + CollectResult(testCase.name, + "", + TestResultsCollectorBase::FailStatus::INTERNAL, + "std exception"); + + return FAILED; + } catch (...) { + // Unknown exception failure + CollectResult(testCase.name, + "", + TestResultsCollectorBase::FailStatus::INTERNAL, + "unknown exception"); + + return FAILED; + } + + CollectResult(testCase.name, + "", + TestResultsCollectorBase::FailStatus::NONE); + + // Everything OK + return PASS; +} + +void TestRunner::RunTests() +{ + using namespace VcoreDPL::Colors::Text; + + Banner(); + + unsigned count = 0; + FOREACH(group, m_testGroups) { + count += group->second.size(); + } + + std::for_each(m_collectors.begin(), + m_collectors.end(), + [count] (const TestResultsCollectors::value_type & collector) + { + collector.second->Start(count); + }); + + fprintf(stderr, "%sFound %d testcases...%s\n", GREEN_BEGIN, count, GREEN_END); + fprintf(stderr, "%s%s%s\n", GREEN_BEGIN, "Running tests...", GREEN_END); + FOREACH(group, m_testGroups) { + TestCaseStructList list = group->second; + if (!list.empty()) { + std::for_each( + m_collectors.begin(), + m_collectors.end(), + [&group](const TestResultsCollectors::value_type & collector) + { + collector.second-> + CollectCurrentTestGroupName(group->first); + }); + list.sort(); + + for (TestCaseStructList::const_iterator iterator = list.begin(); + iterator != list.end(); + ++iterator) + { + TestCaseStruct test = *iterator; + if (m_startTestId == test.name) { + m_startTestId = ""; + } + + if (m_startTestId.empty()) { + RunTestCase(test); + } + if (m_terminate == true) { + // Terminate quietly without any logs + return; + } + } + } + } + + std::for_each(m_collectors.begin(), + m_collectors.end(), + [] (const TestResultsCollectors::value_type & collector) + { + collector.second->Finish(); + }); + + // Finished + fprintf(stderr, "%s%s%s\n\n", GREEN_BEGIN, "Finished", GREEN_END); +} + +void TestRunner::CollectResult( + const std::string& id, + const std::string& description, + const TestResultsCollectorBase::FailStatus::Type status, + const std::string& reason) +{ + std::for_each(m_collectors.begin(), + m_collectors.end(), + [&](const TestResultsCollectors::value_type & collector) + { + collector.second->CollectResult(id, + description, + status, + reason); + }); +} + +void TestRunner::Banner() +{ + using namespace VcoreDPL::Colors::Text; + fprintf(stderr, + "%s%s%s\n", + BOLD_GREEN_BEGIN, + "DPL tests runner", + BOLD_GREEN_END); + fprintf(stderr, + "%s%s%s%s\n\n", + GREEN_BEGIN, + "Build: ", + __TIMESTAMP__, + GREEN_END); +} + +void TestRunner::InvalidArgs(const std::string& message) +{ + using namespace VcoreDPL::Colors::Text; + fprintf(stderr, + "%s%s%s\n", + BOLD_RED_BEGIN, + message.c_str(), + BOLD_RED_END); +} + +void TestRunner::Usage() +{ + fprintf(stderr, "Usage: runner [options]\n\n"); + fprintf(stderr, "Output type:\n"); + fprintf(stderr, " --output=<output type> --output=<output type> ...\n"); + fprintf(stderr, "\n possible output types:\n"); + FOREACH(type, TestResultsCollectorBase::GetCollectorsNames()) { + fprintf(stderr, " --output=%s\n", type->c_str()); + } + fprintf(stderr, "\n example:\n"); + fprintf(stderr, + " test-binary --output=text --output=xml --file=output.xml\n\n"); + fprintf(stderr, "Other parameters:\n"); + fprintf(stderr, + " --regexp='regexp'\t Only selected tests" + " which names match regexp run\n\n"); + fprintf(stderr, " --start=<test id>\tStart from concrete test id"); + fprintf(stderr, " --group=<group name>\t Run tests only from one group\n"); + fprintf(stderr, " --runignored\t Run also ignored tests\n"); + fprintf(stderr, " --list\t Show a list of Test IDs\n"); + fprintf(stderr, " --listgroups\t Show a list of Test Group names \n"); + fprintf(stderr, " --only-from-xml=<xml file>\t Run only testcases specified in XML file \n" + " XML name is taken from attribute id=\"part1_part2\" as whole.\n" + " If part1 is not found (no _) then it is implicitily " + "set according to suite part1 from binary tests\n"); + fprintf( + stderr, + " --listingroup=<group name>\t Show a list of Test IDS in one group\n"); + fprintf(stderr, " --allowchildlogs\t Allow to print logs from child process on screen.\n"); + fprintf(stderr, " When active child process will be able to print logs on stdout and stderr.\n"); + fprintf(stderr, " Both descriptors will be closed after test.\n"); + fprintf(stderr, " --help\t This help\n\n"); + std::for_each(m_collectors.begin(), + m_collectors.end(), + [] (const TestResultsCollectors::value_type & collector) + { + fprintf(stderr, + "Output %s has specific args:\n", + collector.first.c_str()); + fprintf(stderr, + "%s\n", + collector.second-> + CollectorSpecificHelp().c_str()); + }); + fprintf(stderr, "For bug reporting, please write to:\n"); + fprintf(stderr, "<p.dobrowolsk@samsung.com>\n"); +} + +int TestRunner::ExecTestRunner(int argc, char *argv[]) +{ + std::vector<std::string> args; + for (int i = 0; i < argc; ++i) { + args.push_back(argv[i]); + } + return ExecTestRunner(args); +} + +void TestRunner::MarkAssertion() +{ + ++m_totalAssertions; +} + +int TestRunner::ExecTestRunner(const ArgsList& value) +{ + m_runIgnored = false; + ArgsList args = value; + // Parse command line + if (args.size() == 1) { + InvalidArgs(); + Usage(); + return -1; + } + + args.erase(args.begin()); + + bool showHelp = false; + bool justList = false; + std::vector<std::string> xmlFiles; + + TestResultsCollectorBasePtr currentCollector; + + // Parse each argument + FOREACH(it, args) + { + std::string arg = *it; + const std::string regexp = "--regexp="; + const std::string output = "--output="; + const std::string groupId = "--group="; + const std::string runIgnored = "--runignored"; + const std::string listCmd = "--list"; + const std::string startCmd = "--start="; + const std::string listGroupsCmd = "--listgroups"; + const std::string listInGroup = "--listingroup="; + const std::string allowChildLogs = "--allowchildlogs"; + const std::string onlyFromXML = "--only-from-xml="; + + if (currentCollector) { + if (currentCollector->ParseCollectorSpecificArg(arg)) { + continue; + } + } + + if (arg.find(startCmd) == 0) { + arg.erase(0, startCmd.length()); + FOREACH(group, m_testGroups) { + FOREACH(tc, group->second) { + if (tc->name == arg) { + m_startTestId = arg; + break; + } + } + if (!m_startTestId.empty()) { + break; + } + } + if (!m_startTestId.empty()) { + continue; + } + InvalidArgs(); + fprintf(stderr, "Start test id has not been found\n"); + Usage(); + return 0; + } else if (arg.find(groupId) == 0) { + arg.erase(0, groupId.length()); + TestCaseGroupMap::iterator found = m_testGroups.find(arg); + if (found != m_testGroups.end()) { + std::string name = found->first; + TestCaseStructList newList = found->second; + m_testGroups.clear(); + m_testGroups[name] = newList; + } else { + fprintf(stderr, "Group %s not found\n", arg.c_str()); + InvalidArgs(); + Usage(); + return -1; + } + } else if (arg == runIgnored) { + m_runIgnored = true; + } else if (arg == listCmd) { + justList = true; + } else if (arg == listGroupsCmd) { + FOREACH(group, m_testGroups) { + printf("GR:%s\n", group->first.c_str()); + } + return 0; + } else if (arg.find(listInGroup) == 0) { + arg.erase(0, listInGroup.length()); + FOREACH(test, m_testGroups[arg]) { + printf("ID:%s\n", test->name.c_str()); + } + return 0; + } else if (arg.find(allowChildLogs) == 0) { + arg.erase(0, allowChildLogs.length()); + m_allowChildLogs = true; + } else if (arg == "--help") { + showHelp = true; + } else if (arg.find(output) == 0) { + arg.erase(0, output.length()); + if (m_collectors.find(arg) != m_collectors.end()) { + InvalidArgs( + "Multiple outputs of the same type are not supported!"); + Usage(); + return -1; + } + currentCollector.reset(TestResultsCollectorBase::Create(arg)); + if (!currentCollector) { + InvalidArgs("Unsupported output type!"); + Usage(); + return -1; + } + m_collectors[arg] = currentCollector; + } else if (arg.find(regexp) == 0) { + arg.erase(0, regexp.length()); + if (arg.length() == 0) { + InvalidArgs(); + Usage(); + return -1; + } + + if (arg[0] == '\'' && arg[arg.length() - 1] == '\'') { + arg.erase(0); + arg.erase(arg.length() - 1); + } + + if (arg.length() == 0) { + InvalidArgs(); + Usage(); + return -1; + } + + pcrecpp::RE re(arg.c_str()); + FOREACH(group, m_testGroups) { + TestCaseStructList newList; + FOREACH(iterator, group->second) + { + if (re.PartialMatch(iterator->name)) { + newList.push_back(*iterator); + } + } + group->second = newList; + } + } else if(arg.find(onlyFromXML) == 0) { + arg.erase(0, onlyFromXML.length()); + if (arg.length() == 0) { + InvalidArgs(); + Usage(); + return -1; + } + + if (arg[0] == '\'' && arg[arg.length() - 1] == '\'') { + arg.erase(0); + arg.erase(arg.length() - 1); + } + + if (arg.length() == 0) { + InvalidArgs(); + Usage(); + return -1; + } + + xmlFiles.push_back(arg); + } else { + InvalidArgs(); + Usage(); + return -1; + } + } + + if(!xmlFiles.empty()) + { + if(!filterGroupsByXmls(xmlFiles)) + { + fprintf(stderr, "XML file is not correct\n"); + return 0; + } + } + + if(justList) + { + FOREACH(group, m_testGroups) { + FOREACH(test, group->second) { + printf("ID:%s:%s\n", group->first.c_str(), test->name.c_str()); + } + } + return 0; + } + + currentCollector.reset(); + + // Show help + if (showHelp) { + Usage(); + return 0; + } + + if (m_collectors.empty()) { + TestResultsCollectorBasePtr collector( + TestResultsCollectorBase::Create("text")); + m_collectors["text"] = collector; + } + + for (auto it = m_collectors.begin(); it != m_collectors.end(); ++it) { + if (!it->second->Configure()) { + fprintf(stderr, "Could not configure selected output"); + return 0; + } + } + + // Run tests + RunTests(); + + return 0; +} + +bool TestRunner::getRunIgnored() const +{ + return m_runIgnored; +} + +void TestRunner::Terminate() +{ + m_terminate = true; +} + +bool TestRunner::GetAllowChildLogs() +{ + return m_allowChildLogs; +} + +} +} // namespace VcoreDPL diff --git a/vcore/src/dpl/test/src/test_runner_child.cpp b/vcore/src/dpl/test/src/test_runner_child.cpp new file mode 100644 index 0000000..0ebe86c --- /dev/null +++ b/vcore/src/dpl/test/src/test_runner_child.cpp @@ -0,0 +1,325 @@ +/* + * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file test_runner_child.cpp + * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of test runner + */ +#include <stddef.h> +#include <dpl/test/test_runner.h> +#include <dpl/test/test_runner_child.h> +#include <dpl/test/test_results_collector.h> +#include <dpl/binary_queue.h> +#include <dpl/exception.h> +#include <dpl/scoped_free.h> +#include <dpl/foreach.h> +#include <dpl/colors.h> +#include <pcrecpp.h> +#include <algorithm> +#include <cstdio> +#include <memory.h> +#include <libgen.h> +#include <cstring> +#include <cstdlib> +#include <ctime> +#include <unistd.h> +#include <poll.h> +#include <fcntl.h> +#include <sys/types.h> +#include <sys/wait.h> +#include <sys/stat.h> + +namespace { +const int CHILD_TEST_FAIL = 0; +const int CHILD_TEST_PASS = 1; +const int CHILD_TEST_IGNORED = 2; + +int closeOutput() { + int devnull; + int retcode = -1; + if (-1 == (devnull = TEMP_FAILURE_RETRY(open("/dev/null", O_WRONLY)))) + return -1; + + // replace stdout with /dev/null + if (-1 == TEMP_FAILURE_RETRY(dup2(devnull, STDOUT_FILENO))) + goto end; + + // replace stderr with /dev/null + if (-1 == TEMP_FAILURE_RETRY(dup2(devnull, STDERR_FILENO))) + goto end; + + retcode = 0; + +end: + close(devnull); + return retcode; +} + +} // namespace anonymous + +namespace VcoreDPL { +namespace Test { + +PipeWrapper::PipeWrapper() +{ + if (-1 == pipe(m_pipefd)) { + m_pipefd[0] = PIPE_CLOSED; + m_pipefd[1] = PIPE_CLOSED; + } +} + +PipeWrapper::~PipeWrapper() +{ + closeHelp(0); + closeHelp(1); +} + +bool PipeWrapper::isReady() +{ + return m_pipefd[0] != PIPE_CLOSED || m_pipefd[1] != PIPE_CLOSED; +} + +void PipeWrapper::setUsage(Usage usage) +{ + if (usage == READONLY) { + closeHelp(1); + } + if (usage == WRITEONLY) { + closeHelp(0); + } +} + +PipeWrapper::Status PipeWrapper::send(int code, std::string &message) +{ + if (m_pipefd[1] == PIPE_CLOSED) { + return ERROR; + } + + std::ostringstream output; + output << toBinaryString(code); + output << toBinaryString(static_cast<int>(message.size())); + output << message; + + std::string binary = output.str(); + int size = binary.size(); + + if ((writeHelp(&size, + sizeof(int)) == ERROR) || + (writeHelp(binary.c_str(), size) == ERROR)) + { + return ERROR; + } + return SUCCESS; +} + +PipeWrapper::Status PipeWrapper::receive(int &code, std::string &data, time_t deadline) +{ + if (m_pipefd[0] == PIPE_CLOSED) { + return ERROR; + } + + int size; + Status ret; + + if ((ret = readHelp(&size, sizeof(int), deadline)) != SUCCESS) { + return ret; + } + + std::vector<char> buffer; + buffer.resize(size); + + if ((ret = readHelp(&buffer[0], size, deadline)) != SUCCESS) { + return ret; + } + + try { + VcoreDPL::BinaryQueue queue; + queue.AppendCopy(&buffer[0], size); + + queue.FlattenConsume(&code, sizeof(int)); + queue.FlattenConsume(&size, sizeof(int)); + + buffer.resize(size); + + queue.FlattenConsume(&buffer[0], size); + data.assign(buffer.begin(), buffer.end()); + } catch (VcoreDPL::BinaryQueue::Exception::Base &e) { + return ERROR; + } + return SUCCESS; +} + +void PipeWrapper::closeAll() +{ + closeHelp(0); + closeHelp(1); +} + +std::string PipeWrapper::toBinaryString(int data) +{ + char buffer[sizeof(int)]; + memcpy(buffer, &data, sizeof(int)); + return std::string(buffer, buffer + sizeof(int)); +} + +void PipeWrapper::closeHelp(int desc) +{ + if (m_pipefd[desc] != PIPE_CLOSED) { + TEMP_FAILURE_RETRY(close(m_pipefd[desc])); + m_pipefd[desc] = PIPE_CLOSED; + } +} + +PipeWrapper::Status PipeWrapper::writeHelp(const void *buffer, int size) +{ + int ready = 0; + const char *p = static_cast<const char *>(buffer); + while (ready != size) { + int ret = write(m_pipefd[1], &p[ready], size - ready); + + if (ret == -1 && (errno == EAGAIN || errno == EINTR)) { + continue; + } + + if (ret == -1) { + closeHelp(1); + return ERROR; + } + + ready += ret; + } + return SUCCESS; +} + +PipeWrapper::Status PipeWrapper::readHelp(void *buf, int size, time_t deadline) +{ + int ready = 0; + char *buffer = static_cast<char*>(buf); + while (ready != size) { + time_t wait = deadline - time(0); + wait = wait < 1 ? 1 : wait; + pollfd fds = { m_pipefd[0], POLLIN, 0 }; + + int pollReturn = poll(&fds, 1, wait * 1000); + + if (pollReturn == 0) { + return TIMEOUT; // Timeout + } + + if (pollReturn < -1) { + return ERROR; + } + + int ret = read(m_pipefd[0], &buffer[ready], size - ready); + + if (ret == -1 && (errno == EAGAIN || errno == EINTR)) { + continue; + } + + if (ret == -1 || ret == 0) { + closeHelp(0); + return ERROR; + } + + ready += ret; + } + return SUCCESS; +} + +void RunChildProc(TestRunner::TestCase procChild) +{ + PipeWrapper pipe; + if (!pipe.isReady()) { + throw TestRunner::TestFailed("Pipe creation failed"); + } + + pid_t pid = fork(); + + if (pid == -1) { + throw TestRunner::TestFailed("Child creation failed"); + } + + if (pid != 0) { + // parent code + pipe.setUsage(PipeWrapper::READONLY); + + int code; + std::string message; + + int pipeReturn = pipe.receive(code, message, time(0) + 10); + + if (pipeReturn != PipeWrapper::SUCCESS) { // Timeout or reading error + pipe.closeAll(); + kill(pid, SIGKILL); + } + + int status; + waitpid(pid, &status, 0); + + if (pipeReturn == PipeWrapper::TIMEOUT) { + throw TestRunner::TestFailed("Timeout"); + } + + if (pipeReturn == PipeWrapper::ERROR) { + throw TestRunner::TestFailed("Reading pipe error"); + } + + if (code == CHILD_TEST_FAIL) { + throw TestRunner::TestFailed(message); + } else if (code == CHILD_TEST_IGNORED) { + throw TestRunner::Ignored(message); + } + } else { + // child code + + // End Runner after current test + TestRunnerSingleton::Instance().Terminate(); + + int code = CHILD_TEST_PASS; + std::string msg; + + bool allowLogs = TestRunnerSingleton::Instance().GetAllowChildLogs(); + + close(STDIN_FILENO); + if (!allowLogs) { + closeOutput(); // if fails nothing we can do + } + + pipe.setUsage(PipeWrapper::WRITEONLY); + + try { + procChild(); + } catch (const VcoreDPL::Test::TestRunner::TestFailed &e) { + msg = e.GetMessage(); + code = CHILD_TEST_FAIL; + } catch (const VcoreDPL::Test::TestRunner::Ignored &e) { + msg = e.GetMessage(); + code = CHILD_TEST_IGNORED; + } catch (...) { // catch all exception generated by "user" code + msg = "unhandled exeception"; + code = CHILD_TEST_FAIL; + } + + if (allowLogs) { + closeOutput(); + } + + pipe.send(code, msg); + } +} +} // namespace Test +} // namespace VcoreDPL diff --git a/vcore/src/dpl/test/src/test_runner_multiprocess.cpp b/vcore/src/dpl/test/src/test_runner_multiprocess.cpp new file mode 100644 index 0000000..f377b1e --- /dev/null +++ b/vcore/src/dpl/test/src/test_runner_multiprocess.cpp @@ -0,0 +1,274 @@ +/* + * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file test_runner_multiprocess.cpp + * @author Marcin Niesluchowski (m.niesluchow@samsung.com) + * @version 1.0 + * @brief This file is the implementation file of multiprocess test runner + */ + +#include <sys/file.h> +#include <dpl/test/test_runner.h> +#include <dpl/test/test_runner_child.h> +#include <dpl/test/test_runner_multiprocess.h> +#include <poll.h> +#include <limits.h> +#include <sys/wait.h> +#include <unistd.h> + +namespace { + +const int MULTI_TEST_ERROR = -1; +const int MULTI_TEST_PASS = 0; +const int MULTI_TEST_FAILED = 1; +const int MULTI_TEST_IGNORED = 2; +const int MULTI_TEST_INTERNAL = 3; + +} + +namespace VcoreDPL { +namespace Test { + +SimplePipeWrapper::SimplePipeWrapper() +: PipeWrapper() +{ + +} + +SimplePipeWrapper::~SimplePipeWrapper() +{ + +} + +PipeWrapper::Status SimplePipeWrapper::send(std::string &message) +{ + if (m_pipefd[1] == PIPE_CLOSED) { + return ERROR; + } + + if (message.size() > PIPE_BUF-1) { + return ERROR; + } + + char buffer[PIPE_BUF] = { 0 }; + + + for(unsigned int i = 0; i < message.size(); ++i) { + buffer[i] = message[i]; + } + + return writeHelp(buffer, PIPE_BUF); +} + +PipeWrapper::Status SimplePipeWrapper::receive(std::string &data, bool &empty, time_t deadline) +{ + if (m_pipefd[0] == PIPE_CLOSED) { + return ERROR; + } + + empty = false; + + data.resize(PIPE_BUF); + + char buffer[PIPE_BUF] = { 0 }; + + int ready = 0; + while (ready != PIPE_BUF) { + time_t wait = deadline - time(0); + wait = wait < 1 ? 1 : wait; + pollfd fds = { m_pipefd[0], POLLIN, 0 }; + + int pollReturn = poll(&fds, 1, wait * 1000); + + if (pollReturn == 0) { + return TIMEOUT; // Timeout + } + + if (pollReturn < -1) { + return ERROR; + } + int ret = read(m_pipefd[0], &buffer[ready], PIPE_BUF - ready); + if (ret == -1 && (errno == EAGAIN || errno == EINTR)) { + continue; + } + + if (ret == -1) { + closeHelp(0); + return ERROR; + } + if (ret == 0) { + empty = true; + break; + } + + ready += ret; + } + + + for(unsigned int i = 0; i < PIPE_BUF; ++i){ + if(buffer[i] == 0) { + data.resize(i); + return SUCCESS; + } + data[i] = buffer[i]; + } + + return ERROR; +} + +void RunMultiProc(TestRunner::TestCase procMulti) +{ + SimplePipeWrapper pipe; + int code = MULTI_TEST_PASS; + std::string msg = ""; + int pipeReturn; + + int waitStatus; + + pid_t top_pid = getpid(); + + if (!pipe.isReady()) { + throw TestRunner::TestFailed("Pipe creation failed"); + } + // pipe + + try { + procMulti(); + } catch (const TestRunner::TestFailed &e) { + code = MULTI_TEST_FAILED; + msg = e.GetMessage(); + } catch (const TestRunner::Ignored &e) { + code = MULTI_TEST_IGNORED; + msg = e.GetMessage(); + } catch (const VcoreDPL::Exception &e) { + code = MULTI_TEST_INTERNAL; + msg = "DPL exception:" + e.GetMessage(); + } catch (const std::exception &) { + code = MULTI_TEST_INTERNAL; + msg = "std exception"; + } catch (...) { + // Unknown exception failure + code = MULTI_TEST_INTERNAL; + msg = "unknown exception"; + } + + while (true) { + pid_t child_pid = wait(&waitStatus); + if (child_pid == -1) { + if (errno == ECHILD) { + if (top_pid == getpid()) { + std::string recMsg=""; + + pipe.setUsage(PipeWrapper::READONLY); + + bool empty=false; + while(true) { + pipeReturn = pipe.receive(recMsg, empty, time(0) + 10); + + if (empty) { + break; + } + if (pipeReturn == PipeWrapper::ERROR) { + pipe.closeAll(); + throw TestRunner::TestFailed("Reading pipe error"); + } else if (pipeReturn == PipeWrapper::TIMEOUT) { + pipe.closeAll(); + throw TestRunner::TestFailed("Timeout error"); + } + msg = msg + "\n" + recMsg; + } + pipe.closeAll(); + + switch(code) { + case MULTI_TEST_PASS: + return; + case MULTI_TEST_FAILED: + throw TestRunner::TestFailed(msg); + case MULTI_TEST_IGNORED: + throw TestRunner::Ignored(msg); + case MULTI_TEST_INTERNAL: + throw TestRunner::TestFailed(msg); + default: + throw TestRunner::TestFailed(msg); + } + } else { + pipe.setUsage(PipeWrapper::WRITEONLY); + + pipeReturn = pipe.send(msg); + + if (pipeReturn == PipeWrapper::ERROR) { + pipe.closeAll(); + code = MULTI_TEST_ERROR; + } + + exit(code); + } + } + } else if (WIFEXITED(waitStatus)) { + if ((signed char)WEXITSTATUS(waitStatus) == MULTI_TEST_FAILED) { + switch (code) { + case MULTI_TEST_PASS: + code = MULTI_TEST_FAILED; + break; + case MULTI_TEST_FAILED: + break; + case MULTI_TEST_IGNORED: + code = MULTI_TEST_FAILED; + break; + case MULTI_TEST_INTERNAL: + break; + default: + break; + } + } else if ((signed char)WEXITSTATUS(waitStatus) == MULTI_TEST_IGNORED) { + switch (code) { + case MULTI_TEST_PASS: + code = MULTI_TEST_IGNORED; + break; + case MULTI_TEST_FAILED: + break; + case MULTI_TEST_IGNORED: + break; + case MULTI_TEST_INTERNAL: + break; + default: + break; + } + } else if ((signed char)WEXITSTATUS(waitStatus) == MULTI_TEST_INTERNAL) { + switch (code) { + case MULTI_TEST_PASS: + code = MULTI_TEST_INTERNAL; + break; + case MULTI_TEST_FAILED: + code = MULTI_TEST_INTERNAL; + break; + case MULTI_TEST_IGNORED: + code = MULTI_TEST_INTERNAL; + break; + case MULTI_TEST_INTERNAL: + break; + default: + break; + } + } else if ((signed char)WEXITSTATUS(waitStatus) != MULTI_TEST_PASS) { + code = MULTI_TEST_ERROR; + msg = "PROCESS BAD CODE RETURN"; + } + } + } +} +} // namespace Test +} // namespace VcoreDPL diff --git a/vcore/src/dpl/test/src/value_separated_policies.cpp b/vcore/src/dpl/test/src/value_separated_policies.cpp new file mode 100644 index 0000000..4fc282a --- /dev/null +++ b/vcore/src/dpl/test/src/value_separated_policies.cpp @@ -0,0 +1,65 @@ +/* + * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file value_separated_policies.cpp + * @author Tomasz Iwanek (t.iwanek@samsung.com) + * @brief ... + */ + +#include<dpl/test/value_separated_policies.h> +#include<dpl/foreach.h> + +namespace VcoreDPL { + +std::string CSVTokenizerPolicy::GetSeperators() +{ + return ","; +} + +bool CSVTokenizerPolicy::SkipEmpty() +{ + return false; +} + +void CSVTokenizerPolicy::PrepareValue(std::string &) +{ +} + +bool CSVTokenizerPolicy::TryAgainAtEnd(int) +{ + return false; +} + +bool CSVParserPolicy::SkipLine(const std::vector<std::string> & ) +{ + return false; +} + +bool CSVParserPolicy::Validate(std::shared_ptr<std::vector<std::vector<std::string> > > & result) +{ + int num = -1; + FOREACH(r, *result) + { + int size = r->size(); + if(num != -1 && num != size) + return false; + + num = size; + } + return true; +} + +} diff --git a/vcore/src/dpl/test/src/value_separated_tokens.cpp b/vcore/src/dpl/test/src/value_separated_tokens.cpp new file mode 100644 index 0000000..03e4a45 --- /dev/null +++ b/vcore/src/dpl/test/src/value_separated_tokens.cpp @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file value_separated_tokens.cpp + * @author Tomasz Iwanek (t.iwanek@samsung.com) + * @brief ... + */ + +#include <dpl/test/value_separated_tokens.h> + +namespace VcoreDPL { + +VSToken::VSToken(const std::string & c) : m_newline(false), m_cell(c) +{ +} + +VSToken::VSToken() : m_newline(true) +{ +} + +const std::string & VSToken::cell() const +{ + return m_cell; +} + +bool VSToken::isNewLine() +{ + return m_newline; +} + +} diff --git a/vcore/src/server/include/cert-server-logic.h b/vcore/src/server/include/cert-server-logic.h new file mode 100644 index 0000000..a9960a5 --- /dev/null +++ b/vcore/src/server/include/cert-server-logic.h @@ -0,0 +1,50 @@ +/** + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file cert_svc_server_main.h + * @author Madhan A K (madhan.ak@samsung.com) + * @version 1.0 + * @brief cert-server routines. + */ + +#ifndef CERT_SVC_SERVER_MAIN_H_ +#define CERT_SVC_SERVER_MAIN_H_ + +#include <db-util.h> + +int getCertificateDetailFromStore(sqlite3 *db_handle, int storeType, int certType, const char* pGname, char* pCertBuffer, size_t *certLength); + +int getCertificateDetailFromSystemStore(sqlite3 *db_handle, const char* pGname, char* pCertBuffer, size_t *certLength); + +int deleteCertificateFromStore(sqlite3 *db_handle, int storeType, const char* pGname); + +int getCertificateStatusFromStore(sqlite3 *db_handle, int storeType, const char* pGname, int *status); + +int setCertificateStatusToStore(sqlite3 *db_handle, int storeType, int is_root_app, const char* pGname, int status); + +int checkAliasExistsInStore(sqlite3 *db_handle, int storeType, const char* alias, int *status); + +int installCertificateToStore(sqlite3 *db_handle, int storeType, const char* pGname, const char *common_name, const char *private_key_gname, const char *associated_gname, const char *pCertBuffer, size_t certLength, int certType); + +int getCertificateListFromStore(sqlite3 *db_handle, int reqType, int storeType, int is_root_app, char **ppCertListBuffer, size_t *bufferLen, int *certCount); + +int getCertificateAliasFromStore(sqlite3 *db_handle, int storeType, const char* pGname, char* alias); + +int loadCertificatesFromStore(sqlite3 *db_handle, int storeType, const char* pGname, char **ppCertBlockBuffer, size_t *bufferLen, int *certBlockCount); + +int update_ca_certificate_file(sqlite3 *db_handle, char *certBuffer, size_t certLength); + +#endif diff --git a/vcore/src/server/src/cert-server-logic.c b/vcore/src/server/src/cert-server-logic.c new file mode 100644 index 0000000..f23f42b --- /dev/null +++ b/vcore/src/server/src/cert-server-logic.c @@ -0,0 +1,1604 @@ +/** + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file cert-server-logic.c + * @author Madhan A K (madhan.ak@samsung.com) + * Kyungwook Tak (k.tak@samsung.com) + * @version 1.0 + * @brief cert-server logic. + */ +#include <unistd.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <errno.h> +#include <string.h> +#include <glib.h> +#include <dirent.h> +#include <sys/smack.h> +#include <sys/socket.h> + +#include <ckmc/ckmc-manager.h> +#include <ckmc/ckmc-error.h> + +#include <cert-service.h> +#include <cert-service-debug.h> +#include <cert-svc/cerror.h> +#include <cert-svc/ccert.h> +#include <cert-svc-client.h> + +#include <cert-server-logic.h> + +char *add_shared_owner_prefix(const char *name) +{ + size_t alias_len = strlen(name) + strlen(ckmc_label_shared_owner) + strlen(ckmc_label_name_separator); + char *ckm_alias = (char *)malloc(alias_len + 1); + if (!ckm_alias) { + SLOGE("Failed to allocate memory"); + return NULL; + } + memset(ckm_alias, 0, alias_len + 1); + strncat(ckm_alias, ckmc_label_shared_owner, alias_len + 1); + strncat(ckm_alias, ckmc_label_name_separator, alias_len + 1 - strlen(ckmc_label_shared_owner)); + strncat(ckm_alias, name, alias_len + 1 - strlen(ckmc_label_shared_owner) + strlen(ckmc_label_name_separator)); + + return ckm_alias; +} + +int ckmc_remove_alias_with_shared_owner_prefix(const char *name, int *result) +{ + char *ckm_alias = add_shared_owner_prefix(name); + if (!ckm_alias) { + SLOGE("Failed to allocate memory"); + return CERTSVC_BAD_ALLOC; + } + + *result = ckmc_remove_alias(ckm_alias); + + free(ckm_alias); + + return CERTSVC_SUCCESS; +} + +char *get_complete_path(const char *str1, const char *str2) +{ + char *result = NULL; + int as_result; + + if (!str1 || !str2) + return NULL; + + if (str1[strlen(str1) - 1] != '/') + as_result = asprintf(&result, "%s/%s", str1, str2); + else + as_result = asprintf(&result, "%s%s", str1, str2); + + if (as_result >= CERTSVC_SUCCESS) + return result; + else + return NULL; +} + +/* TODO: root ssl file system refactor */ +int add_file_to_dir(const char* dir, const char* pGname, const char* pData, size_t dataLen) +{ + char *systemFile = get_complete_path(dir, pGname); + if (!systemFile) { + SLOGE("Failed to get system file path."); + return CERTSVC_FAIL; + } + + char realFile[FILENAME_MAX] = {0}; + if (!realpath(systemFile, realFile)) { + SLOGE("Failed to get realpath. systemFile[%s]", systemFile); + return CERTSVC_FAIL; + } + + FILE *stream = fopen(realFile, "ab"); + if (!stream) { + SLOGE("Fail to open file [%s]", realFile); + return CERTSVC_FAIL; + } + + if (fwrite(pData, sizeof(char), dataLen, stream) != dataLen) { + SLOGE("Fail to write file in system store."); + fclose(stream); + return CERTSVC_FAIL; + } + + fclose(stream); + return CERTSVC_SUCCESS; +} + +int add_file_to_system_cert_dir(const char* pGname, const char* pData, size_t dataLen) +{ + return add_file_to_dir(SYSTEM_CERT_DIR, pGname, pData, dataLen); +} + +/* TODO: root ssl file system refactor */ +int del_file_from_dir(const char* dir, const char *pGname) +{ + const char *systemFile = get_complete_path(dir, pGname); + if (!systemFile) { + SLOGE("Failed to construct source file path."); + return CERTSVC_FAIL; + } + + char realFile[FILENAME_MAX] = {0}; + if (!realpath(systemFile, realFile)) { + SLOGE("Failed to get realpath. systemFile[%s]", systemFile); + return CERTSVC_FAIL; + } + + /* instead of removing the file, the file is trimmed to zero size */ + FILE *stream = fopen(realFile, "wb"); + if (!stream) { + SLOGE("Failed to open the file for writing, [%s].", realFile); + return CERTSVC_FAIL; + } + + fclose(stream); + return CERTSVC_SUCCESS; +} + +int del_file_from_system_cert_dir(const char *pGname) +{ + return del_file_from_dir(SYSTEM_CERT_DIR, pGname); +} + +int execute_insert_update_query(sqlite3 *db_handle, char *query) +{ + if (!db_handle) { + SLOGE("Database not initialised."); + return CERTSVC_WRONG_ARGUMENT; + } + + if (!query) { + SLOGE("Query is NULL."); + return CERTSVC_WRONG_ARGUMENT; + } + + /* Begin transaction */ + int result = sqlite3_exec(db_handle, "BEGIN EXCLUSIVE", NULL, NULL, NULL); + if (result != SQLITE_OK) { + SLOGE("Failed to begin transaction."); + return CERTSVC_FAIL; + } + + /* Executing command */ + result = sqlite3_exec(db_handle, query, NULL, NULL, NULL); + if (result != SQLITE_OK) { + SLOGE("Failed to execute query (%s).", query); + return CERTSVC_FAIL; + } + + /* Committing the transaction */ + result = sqlite3_exec(db_handle, "COMMIT", NULL, NULL, NULL); + if (result) { + SLOGE("Failed to commit transaction. Roll back now."); + result = sqlite3_exec(db_handle, "ROLLBACK", NULL, NULL, NULL); + if (result != SQLITE_OK) + SLOGE("Failed to commit transaction. Roll back now."); + + return CERTSVC_FAIL; + } + + SLOGD("Transaction Commit and End."); + + return CERTSVC_SUCCESS; +} + +int execute_select_query(sqlite3 *db_handle, char *query, sqlite3_stmt **stmt) +{ + if (!db_handle || !query) + return CERTSVC_WRONG_ARGUMENT; + + sqlite3_stmt *stmts = NULL; + if (sqlite3_prepare_v2(db_handle, query, strlen(query), &stmts, NULL) != SQLITE_OK) { + SLOGE("sqlite3_prepare_v2 failed [%s].", query); + return CERTSVC_FAIL; + } + + *stmt = stmts; + return CERTSVC_SUCCESS; +} + +int write_to_file(const char *fileName, const char *mode_of_writing, const char *certBuffer, size_t certLength) +{ + int result = CERTSVC_SUCCESS; + FILE *fp_write = NULL; + + if (!certBuffer || certLength <= 0) { + SLOGE("Input buffer is NULL."); + return CERTSVC_WRONG_ARGUMENT; + } + + if (!(fp_write = fopen(fileName, mode_of_writing))) { + SLOGE("Failed to open the file for writing, [%s].", fileName); + return CERTSVC_FAIL; + } + + /* if mode of writing is to append, then goto end of file */ + if (strcmp(mode_of_writing,"ab") == 0) + fseek(fp_write, 0L, SEEK_END); + + if (fwrite(certBuffer, sizeof(char), certLength, fp_write) != certLength) { + SLOGE("Fail to write into file."); + result = CERTSVC_FAIL; + goto error; + } + + /* adding empty line at the end */ + fwrite("\n",sizeof(char), 1, fp_write); + +error: + if (fp_write) + fclose(fp_write); + + return result; +} + +int write_to_ca_cert_crt_file(const char *mode_of_writing, const char *certBuffer, size_t certLength) +{ + return write_to_file(CERTSVC_CRT_FILE_PATH, mode_of_writing, certBuffer, certLength); +} + +int saveCertificateToStore( + const char *pGname, + const char *pData, + size_t dataLen) +{ + if (!pGname || !pData || dataLen < 1) { + SLOGE("Invalid input parameter passed."); + return CERTSVC_WRONG_ARGUMENT; + } + + ckmc_policy_s cert_policy; + cert_policy.password = NULL; + cert_policy.extractable = true; + + ckmc_raw_buffer_s cert_data; + cert_data.data = (unsigned char *)pData; + cert_data.size = dataLen; + + char *ckm_alias = add_shared_owner_prefix(pGname); + if (!ckm_alias) { + SLOGE("Failed to make alias. memory allocation error."); + return CERTSVC_BAD_ALLOC; + } + + int result = ckmc_save_data(ckm_alias, cert_data, cert_policy); + free(ckm_alias); + + if (result != CKMC_ERROR_NONE) { + SLOGE("Failed to save trusted data. ckm errcode[%d]", result); + return CERTSVC_FAIL; + } + + return CERTSVC_SUCCESS; +} + +int saveCertificateToSystemStore( + const char *pGname, + const char *pData, + size_t dataLen) +{ + if (!pGname || !pData || dataLen < 1) { + SLOGE("Invalid input parameter passed."); + return CERTSVC_WRONG_ARGUMENT; + } + + int result = add_file_to_system_cert_dir(pGname, pData, dataLen); + if (result != CERTSVC_SUCCESS) + SLOGE("Failed to store the certificate in store."); + + return result; +} + +int get_certificate_buffer_from_store( + sqlite3 *db_handle, + CertStoreType storeType, + const char *pGname, + char **certBuffer, + size_t *certSize) +{ + int result = CERTSVC_SUCCESS; + int records = 0; + char *tempBuffer = NULL; + char *query = NULL; + sqlite3_stmt *stmt = NULL; + + if (!pGname) { + SLOGE("Invalid input parameter passed."); + return CERTSVC_WRONG_ARGUMENT; + } + + if (storeType != SYSTEM_STORE) + query = sqlite3_mprintf("select * from %Q where gname=%Q and enabled=%d and is_root_app_enabled=%d", \ + ((storeType == WIFI_STORE)? "wifi" : (storeType == VPN_STORE)? "vpn" : \ + (storeType == EMAIL_STORE)? "email" : "ssl"), pGname, ENABLED, ENABLED); + else + query = sqlite3_mprintf("select certificate from ssl where gname=%Q and enabled=%d and is_root_app_enabled=%d", \ + pGname, ENABLED, ENABLED); + + result = execute_select_query(db_handle, query, &stmt); + if (result != CERTSVC_SUCCESS) { + SLOGE("Querying database failed."); + result = CERTSVC_FAIL; + goto error; + } + + records = sqlite3_step(stmt); + if (records != SQLITE_ROW || records == SQLITE_DONE) { + SLOGE("No valid records found for given gname [%s].",pGname); + result = CERTSVC_FAIL; + goto error; + } + + tempBuffer = (char *)malloc(sizeof(char) * VCORE_MAX_RECV_DATA_SIZE); + if (!tempBuffer) { + SLOGE("Fail to allocate memory"); + result = CERTSVC_FAIL; + goto error; + } + + memset(tempBuffer, 0x00, VCORE_MAX_RECV_DATA_SIZE); + + if (storeType == SYSTEM_STORE) + result = getCertificateDetailFromSystemStore(db_handle, pGname, tempBuffer, certSize); + else + result = getCertificateDetailFromStore(db_handle, storeType, PEM_CRT, pGname, tempBuffer, certSize); + + if (result != CERTSVC_SUCCESS) { + SLOGE("Failed to set request data."); + result = CERTSVC_WRONG_ARGUMENT; + goto error; + } + + *certBuffer = tempBuffer; + +error: + if (result != CERTSVC_SUCCESS) + free(tempBuffer); + + if (query) + sqlite3_free(query); + + if (stmt) + sqlite3_finalize(stmt); + + return result; +} + +int update_ca_certificate_file(sqlite3 *db_handle, char *certBuffer, size_t certLength) +{ + int result = CERTSVC_SUCCESS; + int records = 0; + int count = 0; + int counter = 0; + char *pValue = NULL; + char *query = NULL; + const char *text; + sqlite3_stmt *stmt = NULL; + + int storeType[4] = {SYSTEM_STORE, WIFI_STORE, VPN_STORE, EMAIL_STORE}; + + /* During install of a root certificate, the root certificate gets appended at + * the end to optimise the write operation onto ca-certificate.crt file. */ + if (certBuffer && certLength > 0) { + result = write_to_ca_cert_crt_file("ab", certBuffer, certLength); + if (result != CERTSVC_SUCCESS) { + SLOGE("Failed to write to file."); + result = CERTSVC_FAIL; + } + goto error_and_exit; + } + + while (count < 4) { + /* get the ssl certificate from database */ + if (count == 0) + query = sqlite3_mprintf("select certificate from ssl where enabled=%d and is_root_app_enabled=%d", ENABLED, ENABLED); + else if (count > 0 && count < 4) + /* gets all the gname which is marked as root certificate and enabled = TRUE */ + query = sqlite3_mprintf("select gname from %Q where is_root_cert=%d and enabled=%d and is_root_app_enabled=%d", \ + ((count == 1)?"wifi":(count == 2)?"vpn":"email"), ENABLED, ENABLED, ENABLED); + + result = execute_select_query(db_handle, query, &stmt); + if (result != CERTSVC_SUCCESS) { + SLOGE("Querying database failed."); + goto next; + } + + /* update the ca-certificate.crt file */ + while (1) { + records = sqlite3_step(stmt); + if (records != SQLITE_ROW || records == SQLITE_DONE) { + result = CERTSVC_SUCCESS; + break; + } + + if (records == SQLITE_ROW) { + certLength = 0; + certBuffer = NULL; + pValue = NULL; + + if (count == 0) { + /* gets the certificate from database for system store */ + text = (const char *)sqlite3_column_text(stmt, 0); + if (text) { + certLength = strlen(text); + certBuffer = strndup(text, certLength); + } + } else { + /* gets the certificate from key-manager for other stores */ + text = (const char *)sqlite3_column_text(stmt, 0); + if (text) + pValue = strndup(text, strlen(text)); + + result = get_certificate_buffer_from_store(db_handle, storeType[count], pValue, &certBuffer, &certLength); + if (result != CERTSVC_SUCCESS) { + SLOGE("Failed to get certificate buffer from key-manager."); + goto error_and_exit; + } + } + + if (certBuffer) { + if (counter++ == 0) + result = write_to_ca_cert_crt_file("wb", certBuffer, certLength); + else + result = write_to_ca_cert_crt_file("ab", certBuffer, certLength); + + if (result != CERTSVC_SUCCESS) { + SLOGE("Failed to write to file."); + result = CERTSVC_FAIL; + goto error_and_exit; + } + } + } + } +next: + count++; + if (query) { + sqlite3_free(query); + query = NULL; + } + } + SLOGD("Successfully updated ca-certificate.crt file."); + +error_and_exit: + if (query) + sqlite3_free(query); + + if (stmt) + sqlite3_finalize(stmt); + + return result; +} + +int enable_disable_cert_status( + sqlite3 *db_handle, + CertStoreType storeType, + int is_root_app, + const char *pGname, + CertStatus status) +{ + int ckmc_result = CKMC_ERROR_UNKNOWN; + int result = CERTSVC_SUCCESS; + int records = 0; + size_t certSize = 0; + size_t certLength = 0; + char *certBuffer = NULL; + char *query = NULL; + const char *text = NULL; + sqlite3_stmt *stmt = NULL; + + if (status != DISABLED && status != ENABLED) { + SLOGE("Invalid cert status"); + return CERTSVC_INVALID_STATUS; + } + + query = sqlite3_mprintf("select * from %Q where gname=%Q", ((storeType == WIFI_STORE)? "wifi" : \ + (storeType == VPN_STORE)? "vpn" : (storeType == EMAIL_STORE)? "email" : "ssl"), pGname); + if (!query) { + SLOGE("Failed to generate query"); + return CERTSVC_BAD_ALLOC; + } + + result = execute_select_query(db_handle, query, &stmt); + sqlite3_free(query); + + if (result != CERTSVC_SUCCESS || !stmt) { + SLOGE("Querying database failed."); + return CERTSVC_FAIL; + } + + records = sqlite3_step(stmt); + sqlite3_finalize(stmt); + stmt = NULL; + + if (records != SQLITE_ROW) { + SLOGE("No valid records found."); + return CERTSVC_FAIL; + } + + if (status == DISABLED) { + /* check certificate presence in disabled_certs table before inserting */ + query = sqlite3_mprintf("select * from disabled_certs where gname=%Q", pGname); + if (!query) { + SLOGE("Failed to generate query"); + return CERTSVC_BAD_ALLOC; + } + + result = execute_select_query(db_handle, query, &stmt); + sqlite3_free(query); + query = NULL; + + if (result != CERTSVC_SUCCESS) { + SLOGE("Querying database failed."); + return CERTSVC_FAIL; + } + + records = sqlite3_step(stmt); + sqlite3_finalize(stmt); + stmt = NULL; + + if (records == SQLITE_ROW) { + SLOGE("Selected certificate identifier is already disabled.", pGname); + return CERTSVC_FAIL; + } + + /* get certificate from keymanager*/ + result = get_certificate_buffer_from_store(db_handle, storeType, pGname, &certBuffer, &certSize); + if (result != CERTSVC_SUCCESS) { + SLOGE("Failed to get certificate buffer. result[%d]", result); + return result; + } + + /* inserting the disabled certificate to disabled_certs table */ + query = sqlite3_mprintf("insert into disabled_certs (gname, certificate) values (%Q, %Q)", pGname, certBuffer); + free(certBuffer); + + if (!query) { + SLOGE("Failed to generate query"); + return CERTSVC_BAD_ALLOC; + } + + result = execute_insert_update_query(db_handle, query); + sqlite3_free(query); + + if (result != CERTSVC_SUCCESS) { + SLOGE("Insert to database failed."); + return result; + } + + if (storeType != SYSTEM_STORE) { + result = ckmc_remove_alias_with_shared_owner_prefix(pGname, &ckmc_result); + + if (result != CERTSVC_SUCCESS || ckmc_result != CKMC_ERROR_NONE) { + SLOGE("Failed to delete certificate from key-manager. ckmc_result[%d]", ckmc_result); + return CERTSVC_FAIL; + } + + } else { + result = del_file_from_system_cert_dir(pGname); + if (result != CERTSVC_SUCCESS) { + SLOGE("Error in del_file_from_system_cert_dir. ret[%d]", result); + return result; + } + } + } else { /* moving the certificate to enabled state */ + query = sqlite3_mprintf("select certificate from disabled_certs where gname=%Q", pGname); + if (!query) { + SLOGE("Failed to generate query"); + return CERTSVC_BAD_ALLOC; + } + + result = execute_select_query(db_handle, query, &stmt); + sqlite3_free(query); + + if (result != CERTSVC_SUCCESS) { + SLOGE("Querying database failed."); + return CERTSVC_FAIL; + } + + records = sqlite3_step(stmt); + if (records == SQLITE_ROW) { + text = (const char *)sqlite3_column_text(stmt, 0); + + if (!text) { + SLOGE("Invalid column text"); + sqlite3_finalize(stmt); + return CERTSVC_FAIL; + } + + certBuffer = strndup(text, strlen(text)); + + sqlite3_finalize(stmt); + + if (!certBuffer) { + SLOGE("Failed to allocate memory"); + return CERTSVC_BAD_ALLOC; + } + + certLength = strlen(certBuffer); + + if (storeType == SYSTEM_STORE) + result = saveCertificateToSystemStore(pGname, certBuffer, certLength); + else + result = saveCertificateToStore(pGname, certBuffer, certLength); + + free(certBuffer); + + if (result != CERTSVC_SUCCESS) { + SLOGE("Failed to save certificate to key-manager. ret[%d]", result); + return result; + } + + query = sqlite3_mprintf("delete from disabled_certs where gname=%Q", pGname); + if (!query) { + SLOGE("Failed to generate query"); + return CERTSVC_BAD_ALLOC; + } + + result = execute_insert_update_query(db_handle, query); + sqlite3_free(query); + + if (result != CERTSVC_SUCCESS) { + SLOGE("Unable to delete certificate entry from database. ret[%d]", result); + return result; + } + } + } + + if (is_root_app == ENABLED) + query = sqlite3_mprintf("update %Q set is_root_app_enabled=%d , enabled=%d where gname=%Q", ((storeType == WIFI_STORE)? "wifi" : \ + (storeType == VPN_STORE)? "vpn" : (storeType == EMAIL_STORE)? "email" : "ssl"), status, status, pGname); + else + query = sqlite3_mprintf("update %Q set enabled=%d where gname=%Q", ((storeType == WIFI_STORE)? "wifi" : \ + (storeType == VPN_STORE)? "vpn" : (storeType == EMAIL_STORE)? "email" : "ssl"), status, pGname); + + if (!query) { + SLOGE("Failed to generate query"); + return CERTSVC_BAD_ALLOC; + } + + result = execute_insert_update_query(db_handle, query); + sqlite3_free(query); + + if (result != CERTSVC_SUCCESS) { + SLOGE("Update failed. ret[%d]", result); + return result; + } + + return result; +} + +int setCertificateStatusToStore( + sqlite3 *db_handle, + int storeType, + int is_root_app, + const char *pGname, + int status) +{ + if (!pGname) { + SLOGE("Invalid input parameter passed."); + return CERTSVC_WRONG_ARGUMENT; + } + + int result = enable_disable_cert_status(db_handle, storeType, is_root_app, pGname, status); + if (result != CERTSVC_SUCCESS) { + SLOGE("Failed to disable certificate."); + return result; + } + + SLOGD("Successfully updated the certificate status from %s to %s.", + (status == DISABLED) ? "ENABLED" : "DISABLED", (status == DISABLED) ? "DISABLED" : "ENABLED"); + return CERTSVC_SUCCESS; +} + +int getCertificateStatusFromStore( + sqlite3 *db_handle, + int storeType, + const char* pGname, + int *status) +{ + if (!pGname) { + SLOGE("Invalid input parameter passed."); + return CERTSVC_WRONG_ARGUMENT; + } + + char *query = sqlite3_mprintf("select gname, common_name, enabled from %Q where gname=%Q",\ + ((storeType == WIFI_STORE)? "wifi" : (storeType == VPN_STORE)? "vpn" : \ + (storeType == EMAIL_STORE)? "email" : "ssl"), pGname); + if (!query) { + SLOGE("Failed to generate query"); + return CERTSVC_BAD_ALLOC; + } + + sqlite3_stmt *stmt = NULL; + int result = execute_select_query(db_handle, query, &stmt); + sqlite3_free(query); + + if (result != CERTSVC_SUCCESS || !stmt) { + SLOGE("Querying database failed."); + *status = DISABLED; + return CERTSVC_FAIL; + } + + result = sqlite3_step(stmt); + if (result != SQLITE_ROW || result == SQLITE_DONE) { + SLOGE("No valid records found."); + *status = DISABLED; + sqlite3_finalize(stmt); + return CERTSVC_FAIL; + } + + *status = sqlite3_column_int(stmt, 2); + + sqlite3_finalize(stmt); + + return CERTSVC_SUCCESS; +} + +int check_alias_exist_in_database( + sqlite3 *db_handle, + CertStoreType storeType, + const char *alias, + int *status) +{ + sqlite3_stmt *stmt = NULL; + + if (!alias || !status) { + SLOGE("Invalid input parameter passed."); + return CERTSVC_WRONG_ARGUMENT; + } + + char *query = sqlite3_mprintf("select * from %Q where common_name=%Q", ((storeType == WIFI_STORE)? "wifi" : \ + (storeType == VPN_STORE)? "vpn" : "email"),alias); + + if (!query) { + SLOGE("Failed to generate query"); + return CERTSVC_BAD_ALLOC; + } + + int result = execute_select_query(db_handle, query, &stmt); + sqlite3_free(query); + + if (result != CERTSVC_SUCCESS || !stmt) { + SLOGE("Querying database failed."); + return CERTSVC_FAIL; + } + + result = sqlite3_step(stmt); + sqlite3_finalize(stmt); + + if (result != SQLITE_ROW) { + SLOGD("No records found with the alias passed (%s).", alias); + *status = CERTSVC_TRUE; + } else { + SLOGD("Records found with the alias passed (%s).", alias); + *status = CERTSVC_FALSE; + } + + return CERTSVC_SUCCESS; +} + +int installCertificateToStore( + sqlite3 *db_handle, + int storeType, + const char *pGname, + const char *common_name, + const char *private_key_gname, + const char *associated_gname, + const char *dataBlock, + size_t dataBlockLen, + int certType) +{ + if ((!pGname) + || (certType == P12_END_USER && !common_name && !private_key_gname) + || (certType != P12_END_USER && !common_name && !associated_gname)) { + SLOGE("Invalid input parameter passed."); + return CERTSVC_WRONG_ARGUMENT; + } + + if (storeType != SYSTEM_STORE + && saveCertificateToStore( + pGname, + dataBlock, + dataBlockLen) != CERTSVC_SUCCESS) { + SLOGE("FAIL to save certificate to key-manager."); + return CERTSVC_FAIL; + } + + if (certType == P12_PKEY) { + SLOGD("Don't save private key in store"); + return CERTSVC_SUCCESS; + } + + char *query = NULL; + if (certType == P12_END_USER && private_key_gname) { + query = sqlite3_mprintf("insert into %Q (gname, common_name, private_key_gname, associated_gname, enabled, is_root_app_enabled) "\ + "values (%Q, %Q, %Q, %Q, %d, %d)",((storeType == WIFI_STORE)? "wifi" : \ + (storeType == VPN_STORE)? "vpn" : "email"), pGname, common_name, private_key_gname, pGname, ENABLED, ENABLED); + } else if (certType == PEM_CRT || certType == P12_TRUSTED) { + query = sqlite3_mprintf("insert into %Q (gname, common_name, is_root_cert, associated_gname, enabled, is_root_app_enabled) values "\ + "(%Q, %Q, %d, %Q, %d, %d)", ((storeType == WIFI_STORE)? "wifi" : \ + (storeType == VPN_STORE)? "vpn" : "email"), pGname, common_name, ENABLED, associated_gname, ENABLED, ENABLED); + } else if (certType == P12_INTERMEDIATE) { + query = sqlite3_mprintf("insert into %Q (gname, common_name, associated_gname, enabled, is_root_app_enabled) values (%Q, %Q, %Q, %d, %d)", \ + ((storeType == WIFI_STORE)? "wifi" : (storeType == VPN_STORE)? "vpn" : "email"), + pGname, common_name, associated_gname, ENABLED, ENABLED); + } + + if (!query) { + SLOGE("Failed to generate query"); + return CERTSVC_BAD_ALLOC; + } + + int result = execute_insert_update_query(db_handle, query); + sqlite3_free(query); + + if (result != CERTSVC_SUCCESS) { + SLOGE("Insert to database failed."); + return CERTSVC_FAIL; + } + + return CERTSVC_SUCCESS; +} + +int checkAliasExistsInStore( + sqlite3 *db_handle, + int storeType, + const char* alias, + int *status) +{ + if (!alias) { + SLOGE("Invalid input parameter passed."); + return CERTSVC_WRONG_ARGUMENT; + } + + *status = CERTSVC_FAIL; + int result = check_alias_exist_in_database(db_handle, storeType, alias, status); + if (result != CERTSVC_SUCCESS) { + SLOGE("Failed to check_alias_exist_in_database. err[%d]", result); + return CERTSVC_FAIL; + } + + if (*status == CERTSVC_TRUE) { + SLOGD("Alias (%s) does not exist in %s store.", + alias, + (storeType == VPN_STORE) ? "VPN" : + (storeType == WIFI_STORE) ? "WIFI" : "EMAIL"); + } else { + SLOGD("Alias (%s) exist in %s store.", + alias, + (storeType == VPN_STORE) ? "VPN" : + (storeType == WIFI_STORE) ? "WIFI" : "EMAIL"); + } + + return CERTSVC_SUCCESS; +} + +int getCertificateDetailFromStore( + sqlite3 *db_handle, + int storeType, + int certType, + const char *pGname, + char *pOutData, + size_t *size) +{ + int result = CERTSVC_SUCCESS; + int records = 0; + char *query = NULL; + const char *text = NULL; + sqlite3_stmt *stmt = NULL; + ckmc_raw_buffer_s *cert_data = NULL; + + if (!pGname || !pOutData) { + SLOGE("Invalid input parameter passed."); + return CERTSVC_WRONG_ARGUMENT; + } + + /* start constructing query */ + if (certType == P12_PKEY) { + /* From the given certificate identifier, get the associated_gname for the certificate. + * Then query the database for records matching the associated_gname to get the private key */ + query = sqlite3_mprintf("select associated_gname from %Q where gname=%Q", \ + ((storeType == WIFI_STORE)? "wifi" : (storeType == VPN_STORE)? "vpn" : "email"), pGname); + if (!query) { + SLOGE("Failed to generate query"); + return CERTSVC_BAD_ALLOC; + } + + result = execute_select_query(db_handle, query, &stmt); + sqlite3_free(query); + + if (result != CERTSVC_SUCCESS) { + SLOGE("Querying database failed."); + return result; + } + + records = sqlite3_step(stmt); + if (records != SQLITE_ROW) { + SLOGE("No valid records found."); + sqlite3_finalize(stmt); + return CERTSVC_FAIL; + } + + text = (const char *)sqlite3_column_text(stmt, 0); + + if (!text) { + SLOGE("No valid column text"); + sqlite3_finalize(stmt); + return CERTSVC_FAIL; + } + + query = sqlite3_mprintf("select private_key_gname from %Q where gname=%Q and enabled=%d and is_root_app_enabled=%d", \ + ((storeType == WIFI_STORE)? "wifi" : (storeType == VPN_STORE)? "vpn" : "email"), text, ENABLED, ENABLED); + + sqlite3_finalize(stmt); + } else if (storeType != SYSTEM_STORE) { + query = sqlite3_mprintf("select * from %Q where gname=%Q and enabled=%d and is_root_app_enabled=%d", \ + ((storeType == WIFI_STORE)? "wifi" : (storeType == VPN_STORE)? "vpn" : \ + (storeType == EMAIL_STORE)? "email" : "ssl"), pGname, ENABLED, ENABLED); + } + + if (!query) { + SLOGE("Failed to generate query"); + return CERTSVC_BAD_ALLOC; + } + + result = execute_select_query(db_handle, query, &stmt); + sqlite3_free(query); + + if (result != CERTSVC_SUCCESS) { + SLOGE("Querying database failed."); + return result; + } + + records = sqlite3_step(stmt); + if (records != SQLITE_ROW) { + SLOGE("No valid records found."); + sqlite3_finalize(stmt); + return CERTSVC_FAIL; + } + + if (certType == P12_PKEY) { + if (!(text = (const char *)sqlite3_column_text(stmt, 0))) { + SLOGE("No valid column text"); + sqlite3_finalize(stmt); + return CERTSVC_FAIL; + } + + pGname = text; + } + + char *ckm_alias = add_shared_owner_prefix(pGname); + if (!ckm_alias) { + SLOGE("Failed to make alias. memory allocation error."); + return CERTSVC_BAD_ALLOC; + } + + result = ckmc_get_data(ckm_alias, NULL, &cert_data); + free(ckm_alias); + + sqlite3_finalize(stmt); + + if (result != CKMC_ERROR_NONE) { + SLOGE("Failed to get certificate from key-manager. ckm ret[%d]", result); + *size = CERTSVC_FAIL; + return CERTSVC_FAIL; + } + + memcpy(pOutData, cert_data->data, cert_data->size); + pOutData[cert_data->size] = 0; + *size = cert_data->size; + + ckmc_buffer_free(cert_data); + + return CERTSVC_SUCCESS; +} + +int getCertificateDetailFromSystemStore( + sqlite3 *db_handle, + const char *pGname, + char *pOutData, + size_t *size) +{ + int result = CERTSVC_SUCCESS; + int records = 0; + size_t certLength = 0; + char *query = NULL; + const char *text = NULL; + sqlite3_stmt *stmt = NULL; + + if (!pGname) { + SLOGE("Invalid input parameter passed."); + return CERTSVC_WRONG_ARGUMENT; + } + + query = sqlite3_mprintf("select certificate from ssl where gname=%Q and is_root_app_enabled=%d", \ + pGname, ENABLED, ENABLED); + if (!query) { + SLOGE("Query is NULL."); + return CERTSVC_FAIL; + } + + result = execute_select_query(db_handle, query, &stmt); + sqlite3_free(query); + + if (result != CERTSVC_SUCCESS) { + SLOGE("Querying database failed."); + return result; + } + + records = sqlite3_step(stmt); + if (records != SQLITE_ROW) { + SLOGE("No valid records found for passed gname [%s].", pGname); + sqlite3_finalize(stmt); + return CERTSVC_FAIL; + } + + text = (const char *)sqlite3_column_text(stmt, 0); + + if (!text) { + SLOGE("Fail to sqlite3_column_text"); + sqlite3_finalize(stmt); + return CERTSVC_FAIL; + } + + certLength = strlen(text); + if (certLength >= 4096) { + sqlite3_finalize(stmt); + SLOGE("certificate is too long"); + return CERTSVC_FAIL; + } + + memcpy(pOutData, text, certLength); + pOutData[certLength] = 0; + *size = certLength; + + sqlite3_finalize(stmt); + return CERTSVC_SUCCESS; +} + +int deleteCertificateFromStore(sqlite3 *db_handle, int storeType, const char* pGname) { + + int result = CERTSVC_SUCCESS; + int ckmc_result = CKMC_ERROR_UNKNOWN; + int records = 0; + char *query = NULL; + char *private_key_name = NULL; + sqlite3_stmt *stmt = NULL; + + if (!pGname) { + SLOGE("Invalid input parameter passed."); + return CERTSVC_WRONG_ARGUMENT; + } + + if (storeType != SYSTEM_STORE) { + /* start constructing query */ + query = sqlite3_mprintf("select private_key_gname from %Q where gname=%Q", ((storeType == WIFI_STORE)? "wifi" :\ + (storeType == VPN_STORE)? "vpn" : "email"), pGname); + + result = execute_select_query(db_handle, query, &stmt); + if (result != CERTSVC_SUCCESS) { + SLOGE("Querying database failed."); + result = CERTSVC_FAIL; + goto error; + } + + records = sqlite3_step(stmt); + if ((records != SQLITE_ROW) || (records == SQLITE_DONE)) { + SLOGE("No valid records found for passed gname [%s].",pGname); + result = CERTSVC_FAIL; + goto error; + } + + /* if a cert is having private-key in it, the private key should + * be deleted first from key-manager, then the actual cert */ + if (sqlite3_column_text(stmt, 0) != NULL) { + private_key_name = strdup((const char *)sqlite3_column_text(stmt, 0)); + result = ckmc_remove_alias_with_shared_owner_prefix(private_key_name, &ckmc_result); + if (result != CERTSVC_SUCCESS || ckmc_result != CKMC_ERROR_NONE) { + SLOGE("Failed to delete certificate from key-manager. ckmc_result[%d]", ckmc_result); + result = CERTSVC_FAIL; + goto error; + } + } + + /* removing the actual cert */ + result = ckmc_remove_alias_with_shared_owner_prefix(pGname, &ckmc_result); + if (result != CERTSVC_SUCCESS || ckmc_result != CKMC_ERROR_NONE) { + query = sqlite3_mprintf("delete from disabled_certs where gname=%Q", pGname); + result = execute_insert_update_query(db_handle, query); + if (result != CERTSVC_SUCCESS) { + SLOGE("Unable to delete certificate entry from database."); + result = CERTSVC_FAIL; + goto error; + } + } + + if (query) { + sqlite3_free(query); + query = NULL; + } + + if (stmt) { + sqlite3_finalize(stmt); + stmt = NULL; + } + + query = sqlite3_mprintf("delete from %Q where gname=%Q", ((storeType == WIFI_STORE)? "wifi" : \ + (storeType == VPN_STORE)? "vpn" : "email"), pGname); + + result = execute_insert_update_query(db_handle, query); + if (result != CERTSVC_SUCCESS) { + SLOGE("Unable to delete certificate entry from database."); + result = CERTSVC_FAIL; + goto error; + } + } else { + SLOGE("Invalid store type passed."); + result = CERTSVC_INVALID_STORE_TYPE; + } + SLOGD("Success in deleting the certificate from store."); + +error: + if (query) + sqlite3_free(query); + + if (stmt) + sqlite3_finalize(stmt); + + free(private_key_name); + return result; +} + + +int getCertificateListFromStore( + sqlite3 *db_handle, + int reqType, + int storeType, + int is_root_app, + char **certListBuffer, + size_t *bufferLen, + int *certCount) +{ + int result = CERTSVC_SUCCESS; + CertSvcStoreCertList *rootCertHead = NULL; + CertSvcStoreCertList *tmpNode = NULL; + CertSvcStoreCertList *currentNode = NULL; + sqlite3_stmt *stmt = NULL; + char *query = NULL; + int loopCount = 0; + int records = 0; + int count = 0; + int i = 0; + + + while (1) { + /* Iteration only possible from VPN_STORE till SYSTEM_STORE */ + if (loopCount == (MAX_STORE_ENUMS - 1)) + break; + + /* Check if the passed store type matches with any of the in-built store type */ + if ((1 << loopCount) & storeType) { + /* if a store type matches, put that value as storetype argument in the below function */ + CertStoreType tempStore = (CertStoreType) (1 << loopCount); + SLOGD("Processing storetype [%s]", (tempStore == WIFI_STORE)? "WIFI" : (tempStore == VPN_STORE)? "VPN" : \ + (tempStore == EMAIL_STORE)? "EMAIL" : "SYSTEM"); + + if (reqType == CERTSVC_GET_ROOT_CERTIFICATE_LIST) { + // For get_root_certificate_list_from_store + if (storeType == SYSTEM_STORE) { + query = sqlite3_mprintf("select gname, common_name, enabled from %Q where enabled=%d "\ + "and is_root_app_enabled=%d and order by common_name asc", "ssl", ENABLED, ENABLED); + } else { + query = sqlite3_mprintf("select gname, common_name, enabled from %Q where "\ + "is_root_cert IS NOT NULL and is_root_app_enabled=%d and enabled=%d", \ + (storeType== WIFI_STORE)? "wifi" : (storeType == VPN_STORE)? "vpn" : \ + (storeType == EMAIL_STORE)? "email" : "ssl", ENABLED, ENABLED); + } + } else if (reqType == CERTSVC_GET_USER_CERTIFICATE_LIST) { + // For get_end_user_certificate_list_from_store + if (storeType == SYSTEM_STORE) { + SLOGE("Invalid store type passed."); + return CERTSVC_WRONG_ARGUMENT; + } else { + query = sqlite3_mprintf("select gname, common_name, enabled from %Q where "\ + "private_key_gname IS NOT NULL and is_root_app_enabled=%d and enabled=%d", \ + (storeType== WIFI_STORE)? "wifi" : (storeType == VPN_STORE)? "vpn" : \ + (storeType == EMAIL_STORE)? "email" : "ssl", ENABLED, ENABLED); + } + } else { + // For get_certificate_list_from_store + if (is_root_app != ENABLED) { + /* Gets only the list of certificates where is_root_app = 1 (which are enabled by the master application) */ + if (tempStore == SYSTEM_STORE) { + query = sqlite3_mprintf("select gname, common_name, enabled from %Q where "\ + "is_root_app_enabled=%d order by common_name asc", \ + (tempStore== WIFI_STORE)? "wifi" : (tempStore == VPN_STORE)? "vpn" : \ + (tempStore == EMAIL_STORE)? "email" : "ssl", ENABLED, ENABLED); + } else { + query = sqlite3_mprintf("select gname, common_name, enabled from %Q where is_root_app_enabled=%d", \ + (tempStore== WIFI_STORE)? "wifi" : (tempStore == VPN_STORE)? "vpn" : \ + (tempStore == EMAIL_STORE)? "email" : "ssl", ENABLED, ENABLED); + } + } else { + /* Gets all the certificates from store without any restrictions */ + if (tempStore == SYSTEM_STORE) { + query = sqlite3_mprintf("select gname, common_name, enabled from %Q order by common_name asc", \ + (tempStore== WIFI_STORE)? "wifi" : (tempStore == VPN_STORE)? "vpn" : \ + (tempStore == EMAIL_STORE)? "email" : "ssl", ENABLED); + } else { + query = sqlite3_mprintf("select gname, common_name, enabled from %Q", \ + (tempStore== WIFI_STORE)? "wifi" : (tempStore == VPN_STORE)? "vpn" : \ + (tempStore == EMAIL_STORE)? "email" : "ssl", ENABLED); + } + } + } + + result = execute_select_query(db_handle, query, &stmt); + if (result != CERTSVC_SUCCESS) { + SLOGE("Querying database failed."); + result = CERTSVC_FAIL; + goto error; + } + + while (1) { + records = sqlite3_step(stmt); + if (records != SQLITE_ROW || records == SQLITE_DONE) { + if (count < 0) { + SLOGE("No records found"); + result = CERTSVC_SUCCESS; + goto error; + } else { + break; + } + } + + if (records == SQLITE_ROW) { + tmpNode = (CertSvcStoreCertList *)malloc(sizeof(CertSvcStoreCertList)); + if (!tmpNode) { + SLOGE("Failed to allocate memory."); + result = CERTSVC_BAD_ALLOC; + goto error; + } else { + tmpNode->next = NULL; + const char *textGname = (const char *)sqlite3_column_text(stmt, 0); + const char *textAlias = (const char *)sqlite3_column_text(stmt, 1); + if (!textGname || !textAlias) { + SLOGE("Failed to read texts from records"); + free(tmpNode); + result = CERTSVC_FAIL; + goto error; + } + + int gnameLen = strlen(textGname); + int aliasLen = strlen(textAlias); + + tmpNode->gname = (char *)malloc(sizeof(char) * (gnameLen + 1)); + tmpNode->title = (char *)malloc(sizeof(char) * (aliasLen + 1)); + if (!tmpNode->title || !tmpNode->gname) { + free(tmpNode->gname); + free(tmpNode->title); + free(tmpNode); + SLOGE("Failed to allocate memory"); + result = CERTSVC_BAD_ALLOC; + goto error; + } + + memset(tmpNode->gname, 0x00, gnameLen + 1); + memset(tmpNode->title, 0x00, aliasLen + 1); + + memcpy(tmpNode->gname, textGname, gnameLen); + memcpy(tmpNode->title, textAlias, aliasLen); + + tmpNode->status = (int)sqlite3_column_int(stmt, 2); /* for status */ + tmpNode->storeType = tempStore; + } + + /* When multiple stores are passed, we need to ensure that the rootcerthead is + assigned to currentNode once, else previous store data gets overwritten */ + if (count == 0) { + rootCertHead = tmpNode; + currentNode = rootCertHead; + tmpNode = NULL; + } else { + currentNode->next = tmpNode; + currentNode = tmpNode; + tmpNode = NULL; + } + count++; + } + } + + if (count <=0 ) { + SLOGD("No entries found in database."); + result = CERTSVC_SUCCESS; + } + + if (query) { + sqlite3_free(query); + query = NULL; + } + + if (stmt) { + sqlite3_finalize(stmt); + stmt = NULL; + } + } + loopCount++; + } + + *certCount = count; + VcoreCertResponseData *respCertData = (VcoreCertResponseData *)malloc(count * sizeof(VcoreCertResponseData)); + if (!respCertData) { + SLOGE("Failed to allocate memory"); + result = CERTSVC_BAD_ALLOC; + goto error; + } + if (count > 0) + memset(respCertData, 0x00, count * sizeof(VcoreCertResponseData)); + VcoreCertResponseData* currRespCertData = NULL; + + currentNode = rootCertHead; + for (i = 0; i < count; i++) { + tmpNode = currentNode->next; + + currRespCertData = respCertData + i; + if (strlen(currentNode->gname) > sizeof(currRespCertData->gname) + || strlen(currentNode->title) > sizeof(currRespCertData->title)) { + SLOGE("String is too long. [%s], [%s]", currentNode->gname, currentNode->title); + result = CERTSVC_FAIL; + *certListBuffer = NULL; + free(respCertData); + goto error; + } + strncpy(currRespCertData->gname, currentNode->gname, strlen(currentNode->gname)); + strncpy(currRespCertData->title, currentNode->title, strlen(currentNode->title)); + currRespCertData->status = currentNode->status; + currRespCertData->storeType = currentNode->storeType; + //SLOGD("get cert list: %d th cert: gname=%s, title=%s, status=%d, storeType=%d", i, currRespCertData->gname, currRespCertData->title, currRespCertData->status, currRespCertData->storeType); + + currentNode = tmpNode; + } + + *certListBuffer = (char *) respCertData; + *bufferLen = count * sizeof(VcoreCertResponseData); + + SLOGD("Success to create certificate list. cert_count=%d", count); + result= CERTSVC_SUCCESS; +error: + if (query) + sqlite3_free(query); + + if (stmt) + sqlite3_finalize(stmt); + + if (rootCertHead) { + currentNode = rootCertHead; + while (currentNode) { + tmpNode = currentNode->next; + free(currentNode->title); + free(currentNode->gname); + free(currentNode); + currentNode=tmpNode; + } + rootCertHead = NULL; + } + + return result; +} + +int getCertificateAliasFromStore(sqlite3 *db_handle, int storeType, const char* gname, char* alias) +{ + int result = CERTSVC_SUCCESS; + int records = 0; + sqlite3_stmt *stmt = NULL; + char *query = NULL; + const char *text = NULL; + + query = sqlite3_mprintf("select common_name from %Q where gname=%Q", ((storeType==WIFI_STORE)? "wifi" : \ + (storeType==VPN_STORE)? "vpn" : "email"), gname); + + result = execute_select_query(db_handle, query, &stmt); + if (result != CERTSVC_SUCCESS) { + SLOGE("Querying database failed."); + result = CERTSVC_FAIL; + goto error; + } + + records = sqlite3_step(stmt); + if (records != SQLITE_ROW || records == SQLITE_DONE) { + SLOGE("No valid records found for gname passed [%s].",gname); + result = CERTSVC_FAIL; + goto error; + } + + if (!(text = (const char *)sqlite3_column_text(stmt, 0))) { + SLOGE("No column text in returned records"); + result = CERTSVC_FAIL; + goto error; + } + + strncpy(alias, text, strlen(text)); + + if (strlen(alias) == 0) { + SLOGE("Unable to get the alias name for the gname passed."); + result = CERTSVC_FAIL; + goto error; + } + + result = CERTSVC_SUCCESS; + + SLOGD("success : getCertificateAliasFromStore"); +error: + if (query) + sqlite3_free(query); + + if (stmt) + sqlite3_finalize(stmt); + + return result; +} + +int loadCertificatesFromStore( + sqlite3 *db_handle, + int storeType, + const char* gname, + char **ppCertBlockBuffer, + size_t *bufferLen, + int *certBlockCount) +{ + int result = CERTSVC_SUCCESS; + int count = 0; + int records = 0; + sqlite3_stmt *stmt = NULL; + char *query = NULL; + char **certs = NULL; + const char *tmpText = NULL; + int i = 0; + + query = sqlite3_mprintf("select associated_gname from %Q where gname=%Q", ((storeType==WIFI_STORE)? "wifi" : \ + (storeType==VPN_STORE)? "vpn" : "email"), gname); + + result = execute_select_query(db_handle, query, &stmt); + if (result != CERTSVC_SUCCESS) { + SLOGE("Querying database failed."); + result = CERTSVC_FAIL; + goto error; + } + + records = sqlite3_step(stmt); + if (records != SQLITE_ROW || records == SQLITE_DONE) { + SLOGE("No valid records found for gname passed [%s].",gname); + result = CERTSVC_FAIL; + goto error; + } + + + if (records == SQLITE_ROW) { + if (query) + sqlite3_free(query); + + const char *columnText = (const char *)sqlite3_column_text(stmt, 0); + if (!columnText) { + SLOGE("Failed to sqlite3_column_text"); + result = CERTSVC_FAIL; + goto error; + } + + query = sqlite3_mprintf("select gname from %Q where associated_gname=%Q and enabled=%d and is_root_app_enabled=%d", \ + ((storeType==WIFI_STORE)? "wifi" : (storeType==VPN_STORE)? "vpn" : "email"), \ + columnText, ENABLED, ENABLED); + + if (stmt) + sqlite3_finalize(stmt); + + result = execute_select_query(db_handle, query, &stmt); + if (result != CERTSVC_SUCCESS) { + SLOGE("Querying database failed."); + result = CERTSVC_FAIL; + goto error; + } + + while (1) { + records = sqlite3_step(stmt); + if (records != SQLITE_ROW || records == SQLITE_DONE) + break; + + if (count == 0) { + certs = (char**) malloc(4 * sizeof(char *)); + if (!certs) { + SLOGE("Failed to allocate memory"); + result = CERTSVC_BAD_ALLOC; + goto error; + } + memset(certs, 0x00, 4 * sizeof(char *)); + } + + if (records == SQLITE_ROW) { + tmpText = (const char *)sqlite3_column_text(stmt, 0); + if (!tmpText) { + SLOGE("Failed to sqlite3_column_text."); + result = CERTSVC_FAIL; + goto error; + } + + if (!((certs)[count] = strdup(tmpText))) { + SLOGE("Failed to allocate memory"); + result = CERTSVC_BAD_ALLOC; + goto error; + } + } + + count++; + } + + if (count == 0) { + SLOGE("No valid records found for the gname passed [%s].",gname); + return CERTSVC_FAIL; + } + } + + *certBlockCount = count; + *bufferLen = count * sizeof(ResponseCertBlock); + ResponseCertBlock *certBlockList = (ResponseCertBlock *) malloc(*bufferLen); + if (!certBlockList) { + SLOGE("Failed to allocate memory for ResponseCertBlock"); + result = CERTSVC_BAD_ALLOC; + goto error; + } + + if (count > 0) + memset(certBlockList, 0x00, *bufferLen); + + ResponseCertBlock *currentBlock = NULL; + for (i = 0; i < count; i++) { + currentBlock = certBlockList + i; + if (sizeof(currentBlock->dataBlock) < strlen(certs[i])) { + SLOGE("src is longer than dst. src[%s] dst size[%d]", certs[i], sizeof(currentBlock->dataBlock)); + free(certBlockList); + result = CERTSVC_FAIL; + goto error; + } + strncpy(currentBlock->dataBlock, certs[i], strlen(certs[i])); + currentBlock->dataBlockLen = strlen(certs[i]); + } + *ppCertBlockBuffer = (char *)certBlockList; + + result = CERTSVC_SUCCESS; + + SLOGD("success: loadCertificatesFromStore. CERT_COUNT=%d", count); + +error: + if (query) + sqlite3_free(query); + + if (stmt) + sqlite3_finalize(stmt); + + if (certs) { + for(i = 0; i < count; i++) + free(certs[i]); + + free(certs); + } + + return result; +} diff --git a/vcore/src/server/src/cert-server-main.c b/vcore/src/server/src/cert-server-main.c new file mode 100644 index 0000000..7624a50 --- /dev/null +++ b/vcore/src/server/src/cert-server-main.c @@ -0,0 +1,479 @@ +/** + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file cert-server-main.c + * @author Madhan A K (madhan.ak@samsung.com) + * Kyungwook Tak (k.tak@samsung.com) + * @version 1.0 + * @brief cert-svc server. + */ + +#include <signal.h> +#include <unistd.h> +#include <errno.h> +#include <sys/un.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/socket.h> +#include <sys/time.h> +#include <sys/select.h> +#include <systemd/sd-daemon.h> + +#include <cert-service-debug.h> +#include <cert-svc/cerror.h> +#include <cert-svc/ccert.h> +#include <cert-svc-client.h> + +#include <cert-server-logic.h> + +sqlite3 *cert_store_db = NULL; + +int open_db(sqlite3 **db_handle, const char *db_path) { + + int result = CERTSVC_FAIL; + sqlite3 *handle; + + if (access(db_path, F_OK) == 0) { + result = db_util_open(db_path, &handle, 0); + if (result != SQLITE_OK) { + SLOGE("connect db [%s] failed!", db_path); + return CERTSVC_FAIL; + } + *db_handle = handle; + return CERTSVC_SUCCESS; + } + SLOGD("%s DB does not exists. Creating one!!", db_path); + + result = db_util_open(db_path, &handle, 0); + if (result != SQLITE_OK) { + SLOGE("connect to db [%s] failed!.", db_path); + return CERTSVC_FAIL; + } + *db_handle = handle; + return CERTSVC_SUCCESS; +} + +int evaluate_query(sqlite3 *db_handle, char *query) { + + int result = CERTSVC_SUCCESS; + sqlite3_stmt* p_statement; + + if (!db_handle) { + SLOGE("Database not initialised."); + return CERTSVC_WRONG_ARGUMENT; + } + + if (!query) { + SLOGE("Query is NULL."); + return CERTSVC_WRONG_ARGUMENT; + } + + result = sqlite3_prepare_v2(db_handle, query, strlen(query), &p_statement, NULL); + if (result != SQLITE_OK) { + SLOGE("Sqlite3 error [%d] : <%s> preparing <%s> query.", result, sqlite3_errmsg(db_handle), query); + return CERTSVC_FAIL; + } + + result = sqlite3_step(p_statement); + if (result != SQLITE_DONE) { + SLOGE("Sqlite3 error [%d] : <%s> executing <%s> statement.", result, sqlite3_errmsg(db_handle), query); + return CERTSVC_FAIL; + } + + result = sqlite3_finalize(p_statement); + if (result != SQLITE_OK) { + SLOGE("Sqlite3 error [%d] : <%s> finalising <%s> statement.", result, sqlite3_errmsg(db_handle), query); + return CERTSVC_FAIL; + } + return CERTSVC_SUCCESS; +} + +int initialize_db(void) { + + int result = CERTSVC_SUCCESS; +// int i=0; +// static int reentry = 1; +// char *query = NULL; +// char db_list[][6]={"wifi","vpn","email"}; + + if (cert_store_db == NULL) { + result = open_db(&cert_store_db, CERTSVC_SYSTEM_STORE_DB); + if (result != CERTSVC_SUCCESS) { + SLOGE("Certsvc store DB creation failed. result[%d]", result); + return result; + } + } + +/* + if (reentry == 1) { + for (i=0; i<3; i++) { + query = sqlite3_mprintf("create table if not exists %Q (gname text primary key not null, " \ + "common_name text key not null, private_key_gname text, " \ + "associated_gname text, is_root_cert integer, " \ + "enabled integer key not null," + "is_root_app_enabled integer key not null)", db_list[i]); + + result = evaluate_query(cert_store_db, query); + if (result != CERTSVC_SUCCESS) { + SLOGE("Certificate store database initialisation Failed."); + result = CERTSVC_FAIL; + } + sqlite3_free(query); query=NULL; + } + + query = sqlite3_mprintf("create table if not exists disabled_certs "\ + "(gname text primary key not null, certificate text key not null)"); + + result = evaluate_query(cert_store_db, query); + if (result != CERTSVC_SUCCESS) { + SLOGE("wifi store DB initialisation Failed."); + result = CERTSVC_FAIL; + } + + sqlite3_free(query); query=NULL; + result = CERTSVC_SUCCESS; + reentry++; + goto err; + } + +err: +*/ + + return CERTSVC_SUCCESS; +} + +void CertSigHandler(int signo) +{ + SLOGD("Got Signal %d, exiting now.", signo); + if (cert_store_db != NULL) { + sqlite3_close(cert_store_db); + cert_store_db = NULL; + } + exit(1); +} + +int CertSvcGetSocketFromSystemd(int* pSockfd) +{ + int n = sd_listen_fds(0); + int fd; + + for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START+n; ++fd) { + if (0 < sd_is_socket_unix(fd, SOCK_STREAM, 1, VCORE_SOCK_PATH, 0)) { + LOGD("Get socket from systemd. fd[%d]", fd); + *pSockfd = fd; + return CERTSVC_SUCCESS; + } + } + return CERTSVC_FAIL; +} + +void CertSvcServerComm() +{ + int server_sockfd = 0; + int client_sockfd = 0; + int read_len = 0; + int client_len = 0; + struct sockaddr_un clientaddr; + int result = CERTSVC_SUCCESS; + char *certListBuffer = NULL; + char *certBlockBuffer = NULL; + size_t bufferLen = 0; + size_t blockBufferLen = 0; + + struct timeval timeout; + timeout.tv_sec = 10; + timeout.tv_usec = 0; + + SLOGI("cert-server is starting..."); + + VcoreRequestData recv_data; + VcoreResponseData send_data; + + if (!CertSvcGetSocketFromSystemd(&server_sockfd)) { + SLOGE("Failed to get sockfd from systemd."); + return; + } + + client_len = sizeof(clientaddr); + signal(SIGINT, (void*)CertSigHandler); + +/* + if (!cert_store_db) { + result = initialize_db(); + if (result != CERTSVC_SUCCESS) { + SLOGE("Failed to initialize database."); + result = CERTSVC_IO_ERROR; + goto Error_close_exit; + } + + if (cert_store_db) { + sqlite3_close(cert_store_db); + cert_store_db = NULL; + } + } +*/ + + fd_set fd; + struct timeval tv; + while (1) { + errno = 0; + + FD_ZERO(&fd); + FD_SET(server_sockfd, &fd); + + tv.tv_sec = 1; + tv.tv_usec = 0; + + memset(&recv_data, 0x00, sizeof(VcoreRequestData)); + memset(&send_data, 0x00, sizeof(VcoreResponseData)); + + int ret = select(server_sockfd + 1, &fd, NULL, NULL, &tv); + if (ret == 0) { // timeout + SLOGD("cert-server timeout. exit."); + break; + } + + if (ret == -1) { + SLOGE("select() error."); + break; + } + + if ((client_sockfd = accept(server_sockfd, (struct sockaddr*)&clientaddr, (socklen_t*)&client_len)) < 0) { + SLOGE("Error in function accept().[socket desc :%d, error no :%d].", client_sockfd, errno); + continue; + } + + SLOGD("cert-server Accept! client sock[%d]", client_sockfd); + + if (setsockopt (client_sockfd, SOL_SOCKET, SO_RCVTIMEO, (char *)&timeout, sizeof(timeout)) < 0) { + SLOGE("Error in Set SO_RCVTIMEO Socket Option"); + send_data.result = CERTSVC_FAIL; + goto Error_close_exit; + } + + if (setsockopt (client_sockfd, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeout, sizeof(timeout)) < 0) { + SLOGE("Error in Set SO_SNDTIMEO Socket Option"); + send_data.result = CERTSVC_FAIL; + goto Error_close_exit; + } + + SLOGD("Connected to a client..."); + + read_len = recv(client_sockfd, (char*)&recv_data, sizeof(recv_data), 0); + if (read_len < 0) { + SLOGE("Error in function recv()."); + send_data.result = CERTSVC_FAIL; + goto Error_close_exit; + } + + if (!cert_store_db) { + result = initialize_db(); + if (result != CERTSVC_SUCCESS) { + SLOGE("Failed to initialize database."); + result = CERTSVC_IO_ERROR; + goto Error_close_exit; + } + } + + SLOGD("revc request: reqType=%d", recv_data.reqType); + + switch (recv_data.reqType) { + case CERTSVC_EXTRACT_CERT: + { + send_data.result = getCertificateDetailFromStore( + cert_store_db, + recv_data.storeType, + recv_data.certType, + recv_data.gname, + send_data.dataBlock, + &send_data.dataBlockLen); + result = send(client_sockfd, (char*)&send_data, sizeof(send_data), 0); + break; + } + + case CERTSVC_EXTRACT_SYSTEM_CERT: + { + send_data.result = getCertificateDetailFromSystemStore( + cert_store_db, + recv_data.gname, + send_data.dataBlock, + &send_data.dataBlockLen); + result = send(client_sockfd, (char*)&send_data, sizeof(send_data), 0); + break; + } + + case CERTSVC_DELETE_CERT: + { + send_data.result = deleteCertificateFromStore( + cert_store_db, + recv_data.storeType, + recv_data.gname); + if (send_data.result == CERTSVC_SUCCESS) + send_data.result = update_ca_certificate_file(cert_store_db, NULL, 0); + result = send(client_sockfd, (char*)&send_data, sizeof(send_data), 0); + break; + } + + case CERTSVC_GET_CERTIFICATE_STATUS: + { + send_data.result = getCertificateStatusFromStore( + cert_store_db, + recv_data.storeType, + recv_data.gname, + &send_data.certStatus); + result = send(client_sockfd, (char*)&send_data, sizeof(send_data), 0); + break; + } + + case CERTSVC_SET_CERTIFICATE_STATUS: + { + send_data.result = setCertificateStatusToStore( + cert_store_db, + recv_data.storeType, + recv_data.is_root_app, + recv_data.gname, + recv_data.certStatus); + if (send_data.result == CERTSVC_SUCCESS) + send_data.result = update_ca_certificate_file(cert_store_db, NULL, 0); + result = send(client_sockfd, (char*)&send_data, sizeof(send_data), 0); + break; + } + + case CERTSVC_CHECK_ALIAS_EXISTS: + { + send_data.result = checkAliasExistsInStore( + cert_store_db, + recv_data.storeType, + recv_data.gname, + &send_data.certStatus); + result = send(client_sockfd, (char*)&send_data, sizeof(send_data), 0); + break; + } + + case CERTSVC_INSTALL_CERTIFICATE: + { + send_data.result = installCertificateToStore( + cert_store_db, + recv_data.storeType, + recv_data.gname, + recv_data.common_name, + recv_data.private_key_gname, + recv_data.associated_gname, + recv_data.dataBlock, + recv_data.dataBlockLen, + recv_data.certType); + + if ((send_data.result == CERTSVC_SUCCESS) && ((recv_data.certType == PEM_CRT) || (recv_data.certType == P12_TRUSTED))) + send_data.result = update_ca_certificate_file(cert_store_db, recv_data.dataBlock, recv_data.dataBlockLen); + result = send(client_sockfd, (char*)&send_data, sizeof(send_data), 0); + break; + } + + case CERTSVC_GET_CERTIFICATE_LIST: + case CERTSVC_GET_USER_CERTIFICATE_LIST: + case CERTSVC_GET_ROOT_CERTIFICATE_LIST: + { + send_data.result = getCertificateListFromStore( + cert_store_db, + recv_data.reqType, + recv_data.storeType, + recv_data.is_root_app, + &certListBuffer, + &bufferLen, + &send_data.certCount); + result = send(client_sockfd, (char*)&send_data, sizeof(send_data), 0); + if (bufferLen > 0) + result = send(client_sockfd, certListBuffer, bufferLen, 0); + + break; + } + + case CERTSVC_GET_CERTIFICATE_ALIAS: + { + send_data.result = getCertificateAliasFromStore( + cert_store_db, + recv_data.storeType, + recv_data.gname, + send_data.common_name); + result = send(client_sockfd, (char*)&send_data, sizeof(send_data), 0); + break; + } + + case CERTSVC_LOAD_CERTIFICATES: + { + send_data.result = loadCertificatesFromStore( + cert_store_db, + recv_data.storeType, + recv_data.gname, + &certBlockBuffer, + &blockBufferLen, + &send_data.certBlockCount); + result = send(client_sockfd, (char*)&send_data, sizeof(send_data), 0); + if (blockBufferLen > 0) + result = send(client_sockfd, certBlockBuffer, blockBufferLen, 0); + break; + } + + default: + SLOGE("Input error. Please check request type"); + break; + } + + if (result <= 0) { + SLOGE("send failed :%d, errno %d try once", result, errno); + //result = send(client_sockfd, (char*)&send_data, sizeof(send_data), 0); + //SLOGE("retry result :%d, errno %d", result, errno); + } + + close(client_sockfd); + if (cert_store_db) { + sqlite3_close(cert_store_db); + cert_store_db = NULL; + SLOGI("cert_store db was closed"); + } + } + +Error_close_exit: + close(server_sockfd); + if (cert_store_db) { + sqlite3_close(cert_store_db); + cert_store_db = NULL; + } + + if (certListBuffer) + free(certListBuffer); + + if (certBlockBuffer) + free(certBlockBuffer); + + if (client_sockfd >= 0) { + result = send(client_sockfd, (char*)&send_data, sizeof(send_data), 0); + close(client_sockfd); + } + else + SLOGE("cannot connect to client socket."); + + SLOGI("CertSvcServerComm done."); +} + +int main(void) +{ + SLOGI("cert-server start"); + CertSvcServerComm(); + SLOGI("cert-server end"); + + return 0; +} diff --git a/vcore/src/vcore/Base64.cpp b/vcore/src/vcore/Base64.cpp index 82398aa..e3a1abe 100644 --- a/vcore/src/vcore/Base64.cpp +++ b/vcore/src/vcore/Base64.cpp @@ -20,7 +20,8 @@ #include <openssl/evp.h> #include <openssl/buffer.h> -#include <dpl/log/log.h> +#include <dpl/log/wrt_log.h> + #include <dpl/scoped_free.h> #include <vcore/Base64.h> @@ -36,8 +37,8 @@ Base64Encoder::Base64Encoder() : void Base64Encoder::append(const std::string &data) { if (m_finalized) { - LogWarning("Already finalized."); - ThrowMsg(Exception::AlreadyFinalized, "Already finalized"); + WrtLogW("Already finalized."); + VcoreThrowMsg(Exception::AlreadyFinalized, "Already finalized"); } if (!m_b64) { @@ -49,24 +50,26 @@ void Base64Encoder::append(const std::string &data) void Base64Encoder::finalize() { if (m_finalized) { - LogWarning("Already finalized."); - ThrowMsg(Exception::AlreadyFinalized, "Already finalized."); + WrtLogW("Already finalized."); + VcoreThrowMsg(Exception::AlreadyFinalized, "Already finalized."); } m_finalized = true; - BIO_flush(m_b64); + + if (BIO_flush(m_b64) != 1) + VcoreThrowMsg(Exception::InternalError, "Bio internal error"); } std::string Base64Encoder::get() { if (!m_finalized) { - LogWarning("Not finalized"); - ThrowMsg(Exception::NotFinalized, "Not finalized"); + WrtLogW("Not finalized"); + VcoreThrowMsg(Exception::NotFinalized, "Not finalized"); } BUF_MEM *bptr = 0; BIO_get_mem_ptr(m_b64, &bptr); if (bptr == 0) { - LogError("Bio internal error"); - ThrowMsg(Exception::InternalError, "Bio internal error"); + WrtLogE("Bio internal error"); + VcoreThrowMsg(Exception::InternalError, "Bio internal error"); } if (bptr->length > 0) { @@ -82,8 +85,8 @@ void Base64Encoder::reset() m_b64 = BIO_new(BIO_f_base64()); m_bmem = BIO_new(BIO_s_mem()); if (!m_b64 || !m_bmem) { - LogError("Error during allocation memory in BIO"); - ThrowMsg(Exception::InternalError, + WrtLogE("Error during allocation memory in BIO"); + VcoreThrowMsg(Exception::InternalError, "Error during allocation memory in BIO"); } BIO_set_flags(m_b64, BIO_FLAGS_BASE64_NO_NL); @@ -103,8 +106,8 @@ Base64Decoder::Base64Decoder() : void Base64Decoder::append(const std::string &data) { if (m_finalized) { - LogWarning("Already finalized."); - ThrowMsg(Exception::AlreadyFinalized, "Already finalized."); + WrtLogW("Already finalized."); + VcoreThrowMsg(Exception::AlreadyFinalized, "Already finalized."); } m_input.append(data); } @@ -118,8 +121,8 @@ static bool whiteCharacter(char a) bool Base64Decoder::finalize() { if (m_finalized) { - LogWarning("Already finalized."); - ThrowMsg(Exception::AlreadyFinalized, "Already finalized."); + WrtLogW("Already finalized."); + VcoreThrowMsg(Exception::AlreadyFinalized, "Already finalized."); } m_finalized = true; @@ -137,44 +140,44 @@ bool Base64Decoder::finalize() { continue; } - LogError("Base64 input contains illegal chars: " << m_input[i]); + WrtLogE("Base64 input contains illegal chars: %c", m_input[i]); return false; } BIO *b64, *bmem; size_t len = m_input.size(); - DPL::ScopedFree<char> buffer(static_cast<char*>(malloc(len))); + VcoreDPL::ScopedFree<char> buffer(static_cast<char*>(malloc(len))); if (!buffer) { - LogError("Error in malloc."); - ThrowMsg(Exception::InternalError, "Error in malloc."); + WrtLogE("Error in malloc."); + VcoreThrowMsg(Exception::InternalError, "Error in malloc."); } memset(buffer.Get(), 0, len); b64 = BIO_new(BIO_f_base64()); if (!b64) { - LogError("Couldn't create BIO object."); - ThrowMsg(Exception::InternalError, "Couldn't create BIO object."); + WrtLogE("Couldn't create BIO object."); + VcoreThrowMsg(Exception::InternalError, "Couldn't create BIO object."); } BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); - DPL::ScopedFree<char> tmp(strdup(m_input.c_str())); + VcoreDPL::ScopedFree<char> tmp(strdup(m_input.c_str())); m_input.clear(); bmem = BIO_new_mem_buf(tmp.Get(), len); if (!bmem) { BIO_free(b64); - LogError("Internal error in BIO"); - ThrowMsg(Exception::InternalError, "Internal error in BIO"); + WrtLogE("Internal error in BIO"); + VcoreThrowMsg(Exception::InternalError, "Internal error in BIO"); } bmem = BIO_push(b64, bmem); if (!bmem) { BIO_free(b64); - LogError("Internal error in BIO"); - ThrowMsg(Exception::InternalError, "Internal error in BIO"); + WrtLogE("Internal error in BIO"); + VcoreThrowMsg(Exception::InternalError, "Internal error in BIO"); } int readlen = BIO_read(bmem, buffer.Get(), len); @@ -195,8 +198,8 @@ bool Base64Decoder::finalize() std::string Base64Decoder::get() const { if (!m_finalized) { - LogWarning("Not finalized."); - ThrowMsg(Exception::NotFinalized, "Not finalized"); + WrtLogW("Not finalized."); + VcoreThrowMsg(Exception::NotFinalized, "Not finalized"); } return m_output; } diff --git a/vcore/src/vcore/Base64.h b/vcore/src/vcore/Base64.h index 520662e..b961d98 100644 --- a/vcore/src/vcore/Base64.h +++ b/vcore/src/vcore/Base64.h @@ -17,23 +17,20 @@ #define _BASE64_H_ #include <string> -#include <dpl/noncopyable.h> -#include <dpl/exception.h> +#include <vcore/exception.h> struct bio_st; typedef bio_st BIO; namespace ValidationCore { -class Base64Encoder : public DPL::Noncopyable -{ - public: - class Exception - { - public: - DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) - DECLARE_EXCEPTION_TYPE(Base, InternalError) - DECLARE_EXCEPTION_TYPE(Base, NotFinalized) - DECLARE_EXCEPTION_TYPE(Base, AlreadyFinalized) +class Base64Encoder { +public: + class Exception { + public: + VCORE_DECLARE_EXCEPTION_TYPE(ValidationCore::Exception, Base) + VCORE_DECLARE_EXCEPTION_TYPE(Base, InternalError) + VCORE_DECLARE_EXCEPTION_TYPE(Base, NotFinalized) + VCORE_DECLARE_EXCEPTION_TYPE(Base, AlreadyFinalized) }; Base64Encoder(); void append(const std::string &data); @@ -42,22 +39,23 @@ class Base64Encoder : public DPL::Noncopyable void reset(); ~Base64Encoder(); - private: +private: + Base64Encoder(const Base64Encoder &); + const Base64Encoder &operator=(const Base64Encoder &); + BIO *m_b64; BIO *m_bmem; bool m_finalized; }; -class Base64Decoder : public DPL::Noncopyable -{ - public: - class Exception - { - public: - DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) - DECLARE_EXCEPTION_TYPE(Base, InternalError) - DECLARE_EXCEPTION_TYPE(Base, NotFinalized) - DECLARE_EXCEPTION_TYPE(Base, AlreadyFinalized) +class Base64Decoder { +public: + class Exception { + public: + VCORE_DECLARE_EXCEPTION_TYPE(ValidationCore::Exception, Base) + VCORE_DECLARE_EXCEPTION_TYPE(Base, InternalError) + VCORE_DECLARE_EXCEPTION_TYPE(Base, NotFinalized) + VCORE_DECLARE_EXCEPTION_TYPE(Base, AlreadyFinalized) }; Base64Decoder(); void append(const std::string &data); @@ -69,11 +67,12 @@ class Base64Decoder : public DPL::Noncopyable bool finalize(); std::string get() const; void reset(); - ~Base64Decoder() - { - } + ~Base64Decoder() {} + +private: + Base64Decoder(const Base64Decoder &); + const Base64Decoder &operator=(const Base64Decoder &); - private: std::string m_input; std::string m_output; bool m_finalized; diff --git a/vcore/src/vcore/CRL.h b/vcore/src/vcore/CRL.h index 51915ee..7a52569 100644 --- a/vcore/src/vcore/CRL.h +++ b/vcore/src/vcore/CRL.h @@ -26,29 +26,24 @@ #include <list> #include <string> -#include <dpl/exception.h> -#include <dpl/noncopyable.h> -#include <dpl/log/log.h> - #include <vcore/Certificate.h> #include <vcore/CertificateCollection.h> #include <vcore/VerificationStatus.h> #include <vcore/CRLCacheInterface.h> +#include <vcore/exception.h> namespace ValidationCore { - namespace CRLException { -DECLARE_EXCEPTION_TYPE(DPL::Exception, CRLException) -DECLARE_EXCEPTION_TYPE(CRLException, StorageError) -DECLARE_EXCEPTION_TYPE(CRLException, DownloadFailed) -DECLARE_EXCEPTION_TYPE(CRLException, InternalError) -DECLARE_EXCEPTION_TYPE(CRLException, InvalidParameter) +VCORE_DECLARE_EXCEPTION_TYPE(ValidationCore::Exception, Base) +VCORE_DECLARE_EXCEPTION_TYPE(Base, StorageError) +VCORE_DECLARE_EXCEPTION_TYPE(Base, InternalError) +VCORE_DECLARE_EXCEPTION_TYPE(Base, InvalidParameter) + } // namespace CRLException class CRLImpl; -class CRL : DPL::Noncopyable -{ +class CRL { public: typedef std::list<std::string> StringList; @@ -67,6 +62,7 @@ public: bool isRevoked; /**< True when certificate is revoked */ }; + CRL() = delete; CRL(CRLCacheInterface *ptr); virtual ~CRL(); @@ -152,6 +148,9 @@ public: private: friend class CachedCRL; CRLImpl *m_impl; + + CRL(const CRL &); + const CRL &operator=(const CRL &); }; } // namespace ValidationCore diff --git a/vcore/src/vcore/CRLImpl.cpp b/vcore/src/vcore/CRLImpl.cpp index b2e18f9..6602e17 100644 --- a/vcore/src/vcore/CRLImpl.cpp +++ b/vcore/src/vcore/CRLImpl.cpp @@ -16,7 +16,7 @@ /*! * @author Piotr Marcinkiewicz(p.marcinkiew@samsung.com) * @version 0.2 - * @file CRLImpl.h + * @file CRLImpl.cpp * @brief Routines for certificate validation over CRL */ @@ -32,9 +32,8 @@ #include <openssl/pem.h> #include <openssl/x509v3.h> -#include <dpl/log/log.h> +#include <dpl/log/wrt_log.h> #include <dpl/assert.h> -#include <dpl/exception.h> #include <dpl/db/orm.h> #include <dpl/foreach.h> @@ -42,11 +41,9 @@ #include <vcore/Certificate.h> #include <vcore/SoupMessageSendSync.h> #include <vcore/CRLCacheInterface.h> -#include <tzplatform_config.h> namespace { -const char *CRL_LOOKUP_DIR_1 = tzplatform_mkpath(TZ_SYS_SHARE, "cert-svc/ca-certs/code-signing/wac"); -const char *CRL_LOOKUP_DIR_2 = tzplatform_mkpath(TZ_SYS_SHARE, "cert-svc/certs/code-signing/wac"); +const char *CRL_LOOKUP_DIR = "/usr/share/ca-certificates/wac"; } //anonymous namespace namespace ValidationCore { @@ -58,7 +55,7 @@ CRL::StringList CRLImpl::getCrlUris(const CertificatePtr &argCert) if (!result.empty()) { return result; } - LogInfo("No distribution points found. Getting from CA cert."); + WrtLogI("No distribution points found. Getting from CA cert."); X509_STORE_CTX *ctx = createContext(argCert); X509_OBJECT obj; @@ -69,7 +66,7 @@ CRL::StringList CRLImpl::getCrlUris(const CertificatePtr &argCert) &obj); X509_STORE_CTX_free(ctx); if (0 >= retVal) { - LogError("No dedicated CA certificate available"); + WrtLogE("No dedicated CA certificate available"); return result; } CertificatePtr caCert(new Certificate(obj.data.x509)); @@ -82,36 +79,27 @@ CRLImpl::CRLImpl(CRLCacheInterface *ptr) { Assert(m_crlCache != NULL); - LogInfo("CRL storage initialization."); + WrtLogI("CRL storage initialization."); m_store = X509_STORE_new(); - if (!m_store) { - LogError("Failed to create new store."); - ThrowMsg(CRLException::StorageError, - "Not possible to create new store."); - } + if (!m_store) + VcoreThrowMsg(CRLException::StorageError, + "impossible to create new store"); + m_lookup = X509_STORE_add_lookup(m_store, X509_LOOKUP_hash_dir()); if (!m_lookup) { cleanup(); - LogError("Failed to add hash dir lookup"); - ThrowMsg(CRLException::StorageError, - "Not possible to add hash dir lookup."); + VcoreThrowMsg(CRLException::StorageError, + "impossible to add hash dir lookup"); } // Add hash dir pathname for CRL checks - bool retVal = X509_LOOKUP_add_dir(m_lookup, - CRL_LOOKUP_DIR_1, X509_FILETYPE_PEM) == 1; - retVal &= retVal && (X509_LOOKUP_add_dir(m_lookup, CRL_LOOKUP_DIR_1, - X509_FILETYPE_ASN1) == 1); - retVal &= retVal && (X509_LOOKUP_add_dir(m_lookup, CRL_LOOKUP_DIR_2, - X509_FILETYPE_PEM) == 1); - retVal &= retVal && (X509_LOOKUP_add_dir(m_lookup, CRL_LOOKUP_DIR_2, - X509_FILETYPE_ASN1) == 1); + bool retVal = X509_LOOKUP_add_dir(m_lookup, CRL_LOOKUP_DIR, X509_FILETYPE_PEM) == 1; + retVal &= X509_LOOKUP_add_dir(m_lookup, CRL_LOOKUP_DIR, X509_FILETYPE_ASN1) == 1; if (!retVal) { - LogError("Failed to add lookup dir for PEM files."); cleanup(); - ThrowMsg(CRLException::StorageError, - "Failed to add lookup dir for PEM files."); + VcoreThrowMsg(CRLException::StorageError, + "Failed to add lookup dir for PEM files"); } - LogInfo("CRL storage initialization complete."); + WrtLogI("CRL storage initialization complete."); } CRLImpl::~CRLImpl() @@ -122,7 +110,7 @@ CRLImpl::~CRLImpl() void CRLImpl::cleanup() { - LogInfo("Free CRL storage"); + WrtLogI("Free CRL storage"); // STORE is responsible for LOOKUP release // X509_LOOKUP_free(m_lookup); X509_STORE_free(m_store); @@ -136,7 +124,7 @@ CRL::RevocationStatus CRLImpl::checkCertificate(const CertificatePtr &argCert) FOREACH(it, crlUris) { CRLDataPtr crl = getCRL(*it); if (!crl) { - LogDebug("CRL not found for URI: " << *it); + WrtLogD("CRL not found for URI: %s", (*it).c_str()); continue; } X509_CRL *crlInternal = convertToInternal(crl); @@ -150,17 +138,17 @@ CRL::RevocationStatus CRLImpl::checkCertificate(const CertificatePtr &argCert) // If nextUpdate is not set assume it is actual. retStatus.isCRLValid = true; } - LogInfo("CRL valid: " << retStatus.isCRLValid); + WrtLogI("CRL valid: %d", retStatus.isCRLValid); X509_REVOKED rev; rev.serialNumber = X509_get_serialNumber(argCert->getX509()); // sk_X509_REVOKED_find returns index if serial number is found on list retVal = sk_X509_REVOKED_find(crlInternal->crl->revoked, &rev); X509_CRL_free(crlInternal); retStatus.isRevoked = retVal != -1; - LogInfo("CRL revoked: " << retStatus.isRevoked); + WrtLogI("CRL revoked: %d", retStatus.isRevoked); if (!retStatus.isRevoked && isOutOfDate(crl)) { - LogDebug("Certificate is not Revoked, but CRL is outOfDate."); + WrtLogD("Certificate is not Revoked, but CRL is outOfDate."); continue; } @@ -171,14 +159,11 @@ CRL::RevocationStatus CRLImpl::checkCertificate(const CertificatePtr &argCert) return retStatus; } -CRL::RevocationStatus CRLImpl::checkCertificateChain(CertificateCollection - certChain) +CRL::RevocationStatus CRLImpl::checkCertificateChain(CertificateCollection certChain) { - if (!certChain.sort()) { - LogError("Certificate list doesn't create chain."); - ThrowMsg(CRLException::InvalidParameter, - "Certificate list doesn't create chain."); - } + if (!certChain.sort()) + VcoreThrowMsg(CRLException::InvalidParameter, + "Certificate list doesn't create chain."); CRL::RevocationStatus ret; ret.isCRLValid = true; @@ -186,25 +171,27 @@ CRL::RevocationStatus CRLImpl::checkCertificateChain(CertificateCollection const CertificateList &certList = certChain.getChain(); FOREACH(it, certList) { if (!(*it)->isRootCert()) { - LogInfo("Certificate common name: " << *((*it)->getCommonName())); + WrtLogI("Certificate common name: %s", (*it)->getCommonName().c_str()); CRL::RevocationStatus certResult = checkCertificate(*it); ret.isCRLValid &= certResult.isCRLValid; ret.isRevoked |= certResult.isRevoked; if (ret.isCRLValid && !ret.isRevoked) { addToStore(*it); } + if (ret.isRevoked) { return ret; } } } + return ret; } VerificationStatus CRLImpl::checkEndEntity(CertificateCollection &chain) { if (!chain.sort() && !chain.empty()) { - LogInfo("Could not find End Entity certificate. " + WrtLogI("Could not find End Entity certificate. " "Collection does not form chain."); return VERIFICATION_STATUS_ERROR; } @@ -244,13 +231,13 @@ bool CRLImpl::isOutOfDate(const CRLDataPtr &crl) const { bool CRLImpl::updateList(const CertificatePtr &argCert, const CRL::UpdatePolicy updatePolicy) { - LogInfo("Update CRL for certificate"); + WrtLogI("Update CRL for certificate"); // Retrieve distribution points CRL::StringList crlUris = getCrlUris(argCert); FOREACH(it, crlUris) { // Try to get CRL from database - LogInfo("Getting CRL for URI: " << *it); + WrtLogI("Getting CRL for URI: %s", (*it).c_str()); bool downloaded = false; @@ -263,24 +250,24 @@ bool CRLImpl::updateList(const CertificatePtr &argCert, } if (!!crl && isOutOfDate(crl)) { - LogDebug("Crl out of date - downloading."); + WrtLogD("Crl out of date - downloading."); crl = downloadCRL(*it); downloaded = true; } if (!crl) { - LogDebug("Crl not found in cache - downloading."); + WrtLogD("Crl not found in cache - downloading."); crl = downloadCRL(*it); downloaded = true; } if (!crl) { - LogDebug("Failed to obtain CRL. URL: " << *it); + WrtLogD("Failed to obtain CRL. URL: %s", (*it).c_str()); continue; } if (!!crl && isOutOfDate(crl)) { - LogError("CRL out of date. Broken URL: " << *it); + WrtLogE("CRL out of date. Broken URL: %s", (*it).c_str()); } // Make X509 internal structure @@ -288,7 +275,7 @@ bool CRLImpl::updateList(const CertificatePtr &argCert, //Check if CRL is signed if (!verifyCRL(crlInternal, argCert)) { - LogError("Failed to verify CRL. URI: " << crl->uri); + WrtLogE("Failed to verify CRL. URI: %s", (crl->uri).c_str()); X509_CRL_free(crlInternal); return false; } @@ -333,7 +320,7 @@ bool CRLImpl::verifyCRL(X509_CRL *crl, X509_CRL_get_issuer(crl), &obj); X509_STORE_CTX_free(ctx); if (0 >= retVal) { - LogError("Unknown CRL issuer certificate!"); + WrtLogE("Unknown CRL issuer certificate!"); return false; } @@ -341,19 +328,19 @@ bool CRLImpl::verifyCRL(X509_CRL *crl, EVP_PKEY *pkey = X509_get_pubkey(obj.data.x509); X509_OBJECT_free_contents(&obj); if (!pkey) { - LogError("Failed to get issuer's public key."); + WrtLogE("Failed to get issuer's public key."); return false; } retVal = X509_CRL_verify(crl, pkey); EVP_PKEY_free(pkey); if (0 > retVal) { - LogError("Failed to verify CRL."); + WrtLogE("Failed to verify CRL."); return false; } else if (0 == retVal) { - LogError("CRL is invalid"); + WrtLogE("CRL is invalid"); return false; } - LogInfo("CRL is valid."); + WrtLogI("CRL is valid."); return true; } @@ -362,10 +349,10 @@ bool CRLImpl::isPEMFormat(const CRLDataPtr &crl) const const char *pattern = "-----BEGIN X509 CRL-----"; std::string content(crl->buffer, crl->length); if (content.find(pattern) != std::string::npos) { - LogInfo("CRL is in PEM format."); + WrtLogI("CRL is in PEM format."); return true; } - LogInfo("CRL is in DER format."); + WrtLogI("CRL is in DER format."); return false; } @@ -375,11 +362,10 @@ X509_CRL *CRLImpl::convertToInternal(const CRLDataPtr &crl) const X509_CRL *ret = NULL; if (isPEMFormat(crl)) { BIO *bmem = BIO_new_mem_buf(crl->buffer, crl->length); - if (!bmem) { - LogError("Failed to allocate memory in BIO"); - ThrowMsg(CRLException::InternalError, - "Failed to allocate memory in BIO"); - } + if (!bmem) + VcoreThrowMsg(CRLException::InternalError, + "Failed to allocate memory in BIO"); + ret = PEM_read_bio_X509_CRL(bmem, NULL, NULL, NULL); BIO_free_all(bmem); } else { @@ -389,11 +375,10 @@ X509_CRL *CRLImpl::convertToInternal(const CRLDataPtr &crl) const reinterpret_cast<unsigned char*>(crl->buffer); ret = d2i_X509_CRL(NULL, &buffer, crl->length); } - if (!ret) { - LogError("Failed to convert to internal structure"); - ThrowMsg(CRLException::InternalError, - "Failed to convert to internal structure"); - } + + if (!ret) + VcoreThrowMsg(CRLException::InternalError, + "Failed to convert to internal structure"); return ret; } @@ -401,9 +386,9 @@ X509_STORE_CTX *CRLImpl::createContext(const CertificatePtr &argCert) { X509_STORE_CTX *ctx; ctx = X509_STORE_CTX_new(); - if (!ctx) { - ThrowMsg(CRLException::StorageError, "Failed to create new context."); - } + if (!ctx) + VcoreThrowMsg(CRLException::StorageError, "Failed to create new ctx"); + X509_STORE_CTX_init(ctx, m_store, argCert->getX509(), NULL); return ctx; } @@ -421,7 +406,7 @@ CRLImpl::CRLDataPtr CRLImpl::downloadCRL(const std::string &uri) &cpath, &use_ssl)) { - LogWarning("Error in OCSP_parse_url"); + WrtLogW("Error in OCSP_parse_url"); return CRLDataPtr(); } @@ -440,7 +425,7 @@ CRLImpl::CRLDataPtr CRLImpl::downloadCRL(const std::string &uri) message.setHeader("Host", host); if (SoupMessageSendSync::REQUEST_STATUS_OK != message.sendSync()) { - LogWarning("Error in sending network request."); + WrtLogW("Error in sending network request."); return CRLDataPtr(); } @@ -453,22 +438,21 @@ CRLImpl::CRLDataPtr CRLImpl::getCRL(const std::string &uri) const CRLCachedData cachedCrl; cachedCrl.distribution_point = uri; if (!(m_crlCache->getCRLResponse(&cachedCrl))) { - LogInfo("CRL not present in database. URI: " << uri); + WrtLogI("CRL not present in database. URI: %s", uri.c_str()); return CRLDataPtr(); } std::string body = cachedCrl.crl_body; - LogInfo("CRL found in database."); + WrtLogI("CRL found in database."); //TODO: remove when ORM::blob available //Encode buffer to base64 format to store in database Base64Decoder decoder; decoder.append(body); - if (!decoder.finalize()) { - LogError("Failed to decode base64 format."); - ThrowMsg(CRLException::StorageError, "Failed to decode base64 format."); - } + if (!decoder.finalize()) + VcoreThrowMsg(CRLException::StorageError, + "Failed to decode base64 format."); std::string crlBody = decoder.get(); std::unique_ptr<char[]> bodyBuffer(new char[crlBody.length()]); @@ -482,9 +466,9 @@ void CRLImpl::updateCRL(const CRLDataPtr &crl) //TODO: remove when ORM::blob available //Encode buffer to base64 format to store in database Base64Encoder encoder; - if (!crl || !crl->buffer) { - ThrowMsg(CRLException::InternalError, "CRL buffer is empty"); - } + if (!crl || !crl->buffer) + VcoreThrowMsg(CRLException::InternalError, "CRL buffer is empty"); + encoder.append(std::string(crl->buffer, crl->length)); encoder.finalize(); std::string b64CRLBody = encoder.get(); diff --git a/vcore/src/vcore/CRLImpl.h b/vcore/src/vcore/CRLImpl.h index 72d8d43..68475d5 100644 --- a/vcore/src/vcore/CRLImpl.h +++ b/vcore/src/vcore/CRLImpl.h @@ -23,14 +23,12 @@ #ifndef _VALIDATION_CORE_ENGINE_CRLIMPL_H_ #define _VALIDATION_CORE_ENGINE_CRLIMPL_H_ -#include <dpl/exception.h> +#include <string.h> #include <memory> -#include <dpl/noncopyable.h> -#include <dpl/log/log.h> - #include <openssl/x509.h> -#include <vcore/CRL.h> +#include <dpl/noncopyable.h> + #include <vcore/Certificate.h> #include <vcore/CertificateCollection.h> #include <vcore/SoupMessageSendBase.h> @@ -38,18 +36,18 @@ #include <vcore/CRLCacheInterface.h> #include <vcore/TimeConversion.h> +#include <vcore/CRL.h> + namespace ValidationCore { -class CRLImpl : DPL::Noncopyable -{ - protected: +class CRLImpl : VcoreDPL::Noncopyable { +protected: X509_STORE *m_store; X509_LOOKUP *m_lookup; CRLCacheInterface *m_crlCache; - class CRLData : DPL::Noncopyable - { - public: + class CRLData : VcoreDPL::Noncopyable { + public: //TODO: change to SharedArray when available char *buffer; size_t length; @@ -75,7 +73,6 @@ class CRLImpl : DPL::Noncopyable ~CRLData() { - LogInfo("Delete buffer"); delete[] buffer; } }; @@ -94,7 +91,8 @@ class CRLImpl : DPL::Noncopyable bool isOutOfDate(const CRLDataPtr &crl) const; friend class CachedCRL; - public: + +public: CRLImpl(CRLCacheInterface *ptr); ~CRLImpl(); diff --git a/vcore/src/vcore/CachedCRL.cpp b/vcore/src/vcore/CachedCRL.cpp index dfcd04b..bdc5123 100644 --- a/vcore/src/vcore/CachedCRL.cpp +++ b/vcore/src/vcore/CachedCRL.cpp @@ -23,7 +23,7 @@ #include <vcore/CachedCRL.h> #include <dpl/foreach.h> -#include <dpl/log/log.h> +#include <dpl/log/wrt_log.h> #include <dpl/foreach.h> #include <vcore/CRLImpl.h> @@ -86,7 +86,7 @@ VerificationStatus CachedCRL::check(const CertificateCollection &certs) } if (!allValid) { // problems with CRL validity - LogDebug("Some CRLs not valid"); + WrtLogD("Some CRLs not valid"); } CRL::RevocationStatus stat; Try { @@ -96,24 +96,24 @@ VerificationStatus CachedCRL::check(const CertificateCollection &certs) return VERIFICATION_STATUS_ERROR; } if (stat.isRevoked) { - LogDebug("Status REVOKED"); + WrtLogD("Status REVOKED"); return VERIFICATION_STATUS_REVOKED; } - LogDebug("Status GOOD"); + WrtLogD("Status GOOD"); return VERIFICATION_STATUS_GOOD; } VerificationStatus CachedCRL::checkEndEntity(CertificateCollection &certs) { if (certs.empty()) { - LogError("Collection empty. This should never happen."); - LogDebug("Status ERROR"); + WrtLogE("Collection empty. This should never happen."); + WrtLogD("Status ERROR"); return VERIFICATION_STATUS_ERROR; } if (!certs.sort()) { - LogError("Could not find End Entity certificate. " + WrtLogE("Could not find End Entity certificate. " "Collection does not form chain."); - LogDebug("Status ERROR"); + WrtLogD("Status ERROR"); return VERIFICATION_STATUS_ERROR; } CRLImpl crl(new CRLCacheDAO); @@ -131,15 +131,15 @@ VerificationStatus CachedCRL::checkEndEntity(CertificateCollection &certs) } if (!allValid) { // problems with CRL validity - LogDebug("Some CRLs not valid"); + WrtLogD("Some CRLs not valid"); } CertificateList::const_iterator iter = certs.begin(); CRL::RevocationStatus stat = crl.checkCertificate(*iter); if (stat.isRevoked) { - LogDebug("Status REVOKED"); + WrtLogD("Status REVOKED"); return VERIFICATION_STATUS_REVOKED; } - LogDebug("Status GOOD"); + WrtLogD("Status GOOD"); return VERIFICATION_STATUS_GOOD; } @@ -164,7 +164,7 @@ bool CachedCRL::updateCRLForUri(const std::string &uri, bool useExpiredShift) } if (CertificateCacheDAO::getCRLResponse(&cachedCRL)) { if (now < cachedCRL.next_update_time) { - LogDebug("Cached CRL still valid for: " << uri); + WrtLogD("Cached CRL still valid for: %s", uri.c_str()); return true; } } @@ -172,7 +172,7 @@ bool CachedCRL::updateCRLForUri(const std::string &uri, bool useExpiredShift) CRLImpl crl(new CRLCacheDAO); CRLImpl::CRLDataPtr list = crl.downloadCRL(uri); if (!list) { - LogWarning("Could not retreive CRL from " << uri); + WrtLogW("Could not retreive CRL from %s", uri.c_str()); return false; } crl.updateCRL(list); diff --git a/vcore/src/vcore/CachedOCSP.cpp b/vcore/src/vcore/CachedOCSP.cpp index c0e3695..48c613f 100644 --- a/vcore/src/vcore/CachedOCSP.cpp +++ b/vcore/src/vcore/CachedOCSP.cpp @@ -25,7 +25,7 @@ #include <time.h> #include <dpl/foreach.h> -#include <dpl/log/log.h> +#include <dpl/log/wrt_log.h> #include <dpl/foreach.h> #include <vcore/OCSP.h> @@ -75,9 +75,9 @@ VerificationStatus CachedOCSP::check(const CertificateCollection &certs) db_status.end_entity_check = false; if (CertificateCacheDAO::getOCSPStatus(&db_status)) { - LogDebug("Found cache entry for OCSP"); + WrtLogD("Found cache entry for OCSP"); if (now < db_status.next_update_time) { - LogDebug("Cache response valid"); + WrtLogD("Cache response valid"); return db_status.ocsp_status; } } @@ -109,9 +109,9 @@ VerificationStatus CachedOCSP::checkEndEntity(CertificateCollection &certs) db_status.end_entity_check = true; if (CertificateCacheDAO::getOCSPStatus(&db_status)) { - LogDebug("Found cache entry for OCSP"); + WrtLogD("Found cache entry for OCSP"); if (now < db_status.next_update_time) { - LogDebug("Cache response valid"); + WrtLogD("Cache response valid"); return db_status.ocsp_status; } } @@ -150,7 +150,7 @@ void CachedOCSP::updateCache() CertificateCollection col; col.load(db_status->cert_chain); if (!col.sort()) { - LogError("Certificate collection does not create chain."); + WrtLogE("Certificate collection does not create chain."); continue; } @@ -183,7 +183,7 @@ void CachedOCSP::getCertsForEndEntity( const CertificateCollection &certs, CertificateList* clst) { if (NULL == clst) { - LogError("NULL pointer"); + WrtLogE("NULL pointer"); return; } diff --git a/vcore/src/vcore/CertStoreType.cpp b/vcore/src/vcore/CertStoreType.cpp index 4a994b7..d435fb6 100644 --- a/vcore/src/vcore/CertStoreType.cpp +++ b/vcore/src/vcore/CertStoreType.cpp @@ -23,46 +23,57 @@ */ #include <vcore/CertStoreType.h> +#include <string.h> + namespace ValidationCore { namespace CertStoreId { Set::Set() : m_certificateStorage(0) - #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL +#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL , m_ocspUrl(NULL) - #endif +#endif {} -void Set::add(Type second) { +Set::~Set() +{ +#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL + delete[] m_ocspUrl; +#endif +} + +void Set::add(Type second) +{ m_certificateStorage |= second; } #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL -void Set::add(std::string ocspUrl) { +void Set::add(std::string ocspUrl) +{ - if (strlen(ocspUrl.c_str()) == 0) - { - return; - } + if (ocspUrl.length() == 0) + return; - m_ocspUrl = new char[ocspUrl.size() + 1]; - if (m_ocspUrl != NULL) { - strncpy(m_ocspUrl, ocspUrl.c_str(), ocspUrl.size() + 1); - } + m_ocspUrl = new char[ocspUrl.length() + 1]; + if (m_ocspUrl) + strncpy(m_ocspUrl, ocspUrl.c_str(), ocspUrl.length() + 1); } #endif -bool Set::contains(Type second) const { +bool Set::contains(Type second) const +{ return static_cast<bool>(m_certificateStorage & second); } -bool Set::isEmpty() const { +bool Set::isEmpty() const +{ return m_certificateStorage == 0; } #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL -char* Set::getOcspUrl() { - return m_ocspUrl; +char* Set::getOcspUrl() +{ + return m_ocspUrl; } #endif diff --git a/vcore/src/vcore/CertStoreType.h b/vcore/src/vcore/CertStoreType.h index 409d9b7..c07e0ce 100644 --- a/vcore/src/vcore/CertStoreType.h +++ b/vcore/src/vcore/CertStoreType.h @@ -24,7 +24,7 @@ #ifndef _VALIDATION_CORE_CERTSTORETYPE_H_ #define _VALIDATION_CORE_CERTSTORETYPE_H_ -#include <string.h> +#include <string> namespace ValidationCore { namespace CertStoreId { @@ -35,6 +35,7 @@ const Type TIZEN_DEVELOPER = 1; // RootCA certificates for author signatures. const Type TIZEN_TEST = 1 << 1; const Type TIZEN_VERIFY = 1 << 2; +const Type TIZEN_STORE = 1 << 3; // RootCA's visibility level : public const Type VIS_PUBLIC = 1 << 6; // RootCA's visibility level : partner @@ -46,26 +47,26 @@ const Type VIS_PARTNER_MANUFACTURER = 1 << 9; // RootCA's visibility level : platform const Type VIS_PLATFORM = 1 << 10; -class Set -{ - public: +class Set { +public: Set(); + virtual ~Set(); void add(Type second); - #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL +#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL void add(std::string ocspUrl); char* getOcspUrl(); - #endif +#endif - bool contains(Type second) const; + bool contains(Type second) const; bool isEmpty() const; private: Type m_certificateStorage; - #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL +#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL char* m_ocspUrl; - #endif +#endif }; } // namespace CertStoreId diff --git a/vcore/src/vcore/Certificate.cpp b/vcore/src/vcore/Certificate.cpp index 45bfba6..55bcd3a 100644 --- a/vcore/src/vcore/Certificate.cpp +++ b/vcore/src/vcore/Certificate.cpp @@ -29,7 +29,7 @@ #include <openssl/bn.h> #include <dpl/assert.h> -#include <dpl/log/log.h> +#include <dpl/log/wrt_log.h> #include <vcore/Base64.h> #include <vcore/TimeConversion.h> @@ -40,11 +40,9 @@ Certificate::Certificate(X509 *cert) { Assert(cert); m_x509 = X509_dup(cert); - if (!m_x509) { - LogWarning("Internal Openssl error in d2i_X509 function."); - ThrowMsg(Exception::OpensslInternalError, - "Internal Openssl error in d2i_X509 function."); - } + if (!m_x509) + VcoreThrowMsg(Certificate::Exception::OpensslInternalError, + "Internal Openssl error in d2i_X509 function."); } Certificate::Certificate(cert_svc_mem_buff &buffer) @@ -52,11 +50,9 @@ Certificate::Certificate(cert_svc_mem_buff &buffer) Assert(buffer.data); const unsigned char *ptr = buffer.data; m_x509 = d2i_X509(NULL, &ptr, buffer.size); - if (!m_x509) { - LogWarning("Internal Openssl error in d2i_X509 function."); - ThrowMsg(Exception::OpensslInternalError, - "Internal Openssl error in d2i_X509 function."); - } + if (!m_x509) + VcoreThrowMsg(Certificate::Exception::OpensslInternalError, + "Internal Openssl error in d2i_X509 function."); } Certificate::Certificate(const std::string &der, @@ -73,7 +69,7 @@ Certificate::Certificate(const std::string &der, base64.reset(); base64.append(der); if (!base64.finalize()) { - LogWarning("Error during decoding"); + WrtLogW("Error during decoding"); } tmp = base64.get(); ptr = reinterpret_cast<const unsigned char*>(tmp.c_str()); @@ -84,11 +80,9 @@ Certificate::Certificate(const std::string &der, } m_x509 = d2i_X509(NULL, &ptr, size); - if (!m_x509) { - LogError("Internal Openssl error in d2i_X509 function."); - ThrowMsg(Exception::OpensslInternalError, - "Internal Openssl error in d2i_X509 function."); - } + if (!m_x509) + VcoreThrowMsg(Certificate::Exception::OpensslInternalError, + "Internal Openssl error in d2i_X509 function."); } Certificate::~Certificate() @@ -105,11 +99,9 @@ std::string Certificate::getDER(void) const { unsigned char *rawDer = NULL; int size = i2d_X509(m_x509, &rawDer); - if (!rawDer || size <= 0) { - LogError("i2d_X509 failed"); - ThrowMsg(Exception::OpensslInternalError, - "i2d_X509 failed"); - } + if (!rawDer || size <= 0) + VcoreThrowMsg(Certificate::Exception::OpensslInternalError, + "i2d_X509 failed"); std::string output(reinterpret_cast<char*>(rawDer), size); OPENSSL_free(rawDer); @@ -128,7 +120,7 @@ std::string Certificate::getBase64(void) const bool Certificate::isSignedBy(const CertificatePtr &parent) const { if (!parent) { - LogDebug("Invalid certificate parameter."); + WrtLogD("Invalid certificate parameter."); return false; } return 0 == X509_NAME_cmp(X509_get_subject_name(parent->m_x509), @@ -143,21 +135,15 @@ Certificate::Fingerprint Certificate::getFingerprint( Fingerprint raw; if (type == FINGERPRINT_MD5) { - if (!X509_digest(m_x509, EVP_md5(), fingerprint, &fingerprintlength)) { - LogError("MD5 digest counting failed!"); - ThrowMsg(Exception::OpensslInternalError, - "MD5 digest counting failed!"); - } + if (!X509_digest(m_x509, EVP_md5(), fingerprint, &fingerprintlength)) + VcoreThrowMsg(Certificate::Exception::OpensslInternalError, + "MD5 digest counting failed!"); } if (type == FINGERPRINT_SHA1) { - if (!X509_digest(m_x509, EVP_sha1(), fingerprint, - &fingerprintlength)) - { - LogError("SHA1 digest counting failed"); - ThrowMsg(Exception::OpensslInternalError, - "SHA1 digest counting failed!"); - } + if (!X509_digest(m_x509, EVP_sha1(), fingerprint, &fingerprintlength)) + VcoreThrowMsg(Certificate::Exception::OpensslInternalError, + "SHA1 digest counting failed"); } raw.resize(fingerprintlength); // improve performance @@ -181,30 +167,28 @@ X509_NAME *Certificate::getX509Name(FieldType type) const Assert("Invalid field type."); } - if (!name) { - LogError("Error during x509 name extraction."); - ThrowMsg(Exception::OpensslInternalError, - "Error during x509 name extraction."); - } + if (!name) + VcoreThrowMsg(Certificate::Exception::OpensslInternalError, + "Error during x509 name extraction."); return name; } -DPL::String Certificate::getOneLine(FieldType type) const +std::string Certificate::getOneLine(FieldType type) const { X509_NAME *name = getX509Name(type); static const int MAXB = 1024; - char buffer[MAXB]; + char buffer[MAXB] = {0, }; X509_NAME_oneline(name, buffer, MAXB); - return DPL::FromUTF8String(buffer); + + return std::string(buffer); } -DPL::String Certificate::getField(FieldType type, - int fieldNid) const +std::string Certificate::getField(FieldType type, int fieldNid) const { X509_NAME *subjectName = getX509Name(type); X509_NAME_ENTRY *subjectEntry = NULL; - DPL::String output; + std::string output; int entryCount = X509_NAME_entry_count(subjectName); for (int i = 0; i < entryCount; ++i) { @@ -229,59 +213,61 @@ DPL::String Certificate::getField(FieldType type, int nLength = ASN1_STRING_to_UTF8(&pData, pASN1Str); - if (nLength < 0) { - LogError("Reading field error."); - ThrowMsg(Exception::OpensslInternalError, - "Reading field error."); - } + if (nLength < 0) + VcoreThrowMsg(Certificate::Exception::OpensslInternalError, + "Reading field error."); - std::string strEntry(reinterpret_cast<char*>(pData), - nLength); - output = DPL::FromUTF8String(strEntry); - OPENSSL_free(pData); + if (!pData) { + output = std::string(); + } + else { + output = std::string(reinterpret_cast<char*>(pData), nLength); + OPENSSL_free(pData); + } } + return output; } -DPL::String Certificate::getCommonName(FieldType type) const +std::string Certificate::getCommonName(FieldType type) const { return getField(type, NID_commonName); } -DPL::String Certificate::getCountryName(FieldType type) const +std::string Certificate::getCountryName(FieldType type) const { return getField(type, NID_countryName); } -DPL::String Certificate::getStateOrProvinceName(FieldType type) const +std::string Certificate::getStateOrProvinceName(FieldType type) const { return getField(type, NID_stateOrProvinceName); } -DPL::String Certificate::getLocalityName(FieldType type) const +std::string Certificate::getLocalityName(FieldType type) const { return getField(type, NID_localityName); } -DPL::String Certificate::getOrganizationName(FieldType type) const +std::string Certificate::getOrganizationName(FieldType type) const { return getField(type, NID_organizationName); } -DPL::String Certificate::getOrganizationalUnitName(FieldType type) const +std::string Certificate::getOrganizationalUnitName(FieldType type) const { return getField(type, NID_organizationalUnitName); } -DPL::String Certificate::getEmailAddres(FieldType type) const +std::string Certificate::getEmailAddres(FieldType type) const { return getField(type, NID_pkcs9_emailAddress); } -DPL::String Certificate::getOCSPURL() const +std::string Certificate::getOCSPURL() const { // TODO verify this code - DPL::String retValue; + std::string retValue; AUTHORITY_INFO_ACCESS *aia = static_cast<AUTHORITY_INFO_ACCESS*>( X509_get_ext_d2i(m_x509, NID_info_access, @@ -301,10 +287,11 @@ DPL::String Certificate::getOCSPURL() const if (OBJ_obj2nid(ad->method) == NID_ad_OCSP && ad->location->type == GEN_URI) { - void* data = ASN1_STRING_data(ad->location->d.ia5); - retValue = DPL::String(DPL::FromUTF8String( - static_cast<char*>(data))); - + void *data = ASN1_STRING_data(ad->location->d.ia5); + if (!data) + retValue = std::string(); + else + retValue = std::string(static_cast<char *>(data)); break; } } @@ -312,8 +299,6 @@ DPL::String Certificate::getOCSPURL() const return retValue; } - - Certificate::AltNameSet Certificate::getAlternativeNameDNS() const { AltNameSet set; @@ -327,13 +312,16 @@ Certificate::AltNameSet Certificate::getAlternativeNameDNS() const while (sk_GENERAL_NAME_num(san) > 0) { namePart = sk_GENERAL_NAME_pop(san); if (GEN_DNS == namePart->type) { - std::string temp = - reinterpret_cast<char*>(ASN1_STRING_data(namePart->d.dNSName)); - DPL::String altDNSName = DPL::FromASCIIString(temp); - set.insert(altDNSName); - LogDebug("FOUND GEN_DNS: " << temp); + char *temp = reinterpret_cast<char *>(ASN1_STRING_data(namePart->d.dNSName)); + if (!temp) { + set.insert(std::string()); + } + else { + set.insert(std::string(temp)); + WrtLogD("FOUND GEN_DNS: %s", temp); + } } else { - LogDebug("FOUND GEN TYPE ID: " << namePart->type); + WrtLogD("FOUND GEN TYPE ID: %d", namePart->type); } } return set; @@ -342,54 +330,51 @@ Certificate::AltNameSet Certificate::getAlternativeNameDNS() const time_t Certificate::getNotAfter() const { ASN1_TIME *time = X509_get_notAfter(m_x509); - if (!time) { - LogError("Reading Not After error."); - ThrowMsg(Exception::OpensslInternalError, "Reading Not After error."); - } + if (!time) + VcoreThrowMsg(Certificate::Exception::OpensslInternalError, + "Reading Not After error."); + time_t output; - if (asn1TimeToTimeT(time, &output)) { - LogError("Converting ASN1_time to time_t error."); - ThrowMsg(Exception::OpensslInternalError, - "Converting ASN1_time to time_t error."); - } + if (asn1TimeToTimeT(time, &output)) + VcoreThrowMsg(Certificate::Exception::OpensslInternalError, + "Converting ASN1_time to time_t error."); + return output; } time_t Certificate::getNotBefore() const { ASN1_TIME *time = X509_get_notBefore(m_x509); - if (!time) { - LogError("Reading Not Before error."); - ThrowMsg(Exception::OpensslInternalError, "Reading Not Before error."); - } + if (!time) + VcoreThrowMsg(Certificate::Exception::OpensslInternalError, + "Reading Not Before error."); + time_t output; - if (asn1TimeToTimeT(time, &output)) { - LogError("Converting ASN1_time to time_t error."); - ThrowMsg(Exception::OpensslInternalError, - "Converting ASN1_time to time_t error."); - } + if (asn1TimeToTimeT(time, &output)) + VcoreThrowMsg(Certificate::Exception::OpensslInternalError, + "Converting ASN1_time to time_t error."); + return output; } ASN1_TIME* Certificate::getNotAfterTime() const { - ASN1_TIME *timeafter = X509_get_notAfter(m_x509); - if (!timeafter) { - LogError("Reading Not After error."); - ThrowMsg(Exception::OpensslInternalError, "Reading Not After error."); - } + ASN1_TIME *timeafter = X509_get_notAfter(m_x509); + if (!timeafter) + VcoreThrowMsg(Certificate::Exception::OpensslInternalError, + "Reading Not After error."); - return timeafter; + return timeafter; } ASN1_TIME* Certificate::getNotBeforeTime() const { - ASN1_TIME *timebefore = X509_get_notBefore(m_x509); - if (!timebefore) { - LogError("Reading Not Before error."); - ThrowMsg(Exception::OpensslInternalError, "Reading Not Before error."); - } - return timebefore; + ASN1_TIME *timebefore = X509_get_notBefore(m_x509); + if (!timebefore) + VcoreThrowMsg(Certificate::Exception::OpensslInternalError, + "Reading Not Before error."); + + return timebefore; } bool Certificate::isRootCert() @@ -412,7 +397,7 @@ Certificate::getCrlUris() const NULL, NULL)); if (!distPoints) { - LogDebug("No distribution points in certificate."); + WrtLogD("No distribution points in certificate."); return result; } @@ -420,7 +405,7 @@ Certificate::getCrlUris() const for (int i = 0; i < count; ++i) { DIST_POINT* point = sk_DIST_POINT_value(distPoints, i); if (!point) { - LogError("Failed to get distribution point."); + WrtLogE("Failed to get distribution point."); continue; } if (point->distpoint != NULL && @@ -435,7 +420,7 @@ Certificate::getCrlUris() const char *crlUri = reinterpret_cast<char*>(name->d.ia5->data); if (!crlUri) { - LogError("Failed to get URI."); + WrtLogE("Failed to get URI."); continue; } result.push_back(crlUri); @@ -453,14 +438,13 @@ long Certificate::getVersion() const return X509_get_version(m_x509); } -DPL::String Certificate::getSerialNumberString() const +std::string Certificate::getSerialNumberString() const { ASN1_INTEGER *ai = X509_get_serialNumber(m_x509); - if (NULL == ai) { - LogError("Error in X509_get_serialNumber"); - ThrowMsg(Exception::OpensslInternalError, - "Error in X509_get_serialNumber"); - } + if (!ai) + VcoreThrowMsg(Certificate::Exception::OpensslInternalError, + "Error in X509_get_serialNumber"); + std::stringstream stream; stream << std::hex << std::setfill('0'); if (ai->type == V_ASN1_NEG_INTEGER) { @@ -473,10 +457,11 @@ DPL::String Certificate::getSerialNumberString() const if (!data.empty()) { data.erase(--data.end()); } - return DPL::FromUTF8String(data); + + return data; } -DPL::String Certificate::getKeyUsageString() const +std::string Certificate::getKeyUsageString() const { // Extensions were defined in RFC 3280 const char *usage[] = { @@ -505,66 +490,64 @@ DPL::String Certificate::getKeyUsageString() const if (!result.empty()) { result.erase(--result.end()); } - return DPL::FromUTF8String(result); + + return result; } -DPL::String Certificate::getSignatureAlgorithmString() const +std::string Certificate::getSignatureAlgorithmString() const { std::unique_ptr<BIO, std::function<int(BIO*)>> b(BIO_new(BIO_s_mem()),BIO_free); - if (b.get() == NULL) { - LogError("Error in BIO_new"); - ThrowMsg(Exception::OpensslInternalError, - "Error in BIO_new"); - } - if (i2a_ASN1_OBJECT(b.get(), m_x509->cert_info->signature->algorithm) < 0) { - LogError("Error in i2a_ASN1_OBJECT"); - ThrowMsg(Exception::OpensslInternalError, - "Error in i2a_ASN1_OBJECT"); - } + if (!b.get()) + VcoreThrowMsg(Certificate::Exception::OpensslInternalError, + "Error in BIO_new"); + + if (i2a_ASN1_OBJECT(b.get(), m_x509->cert_info->signature->algorithm) < 0) + VcoreThrowMsg(Certificate::Exception::OpensslInternalError, + "Error in i2a_ASN1_OBJECT"); + BUF_MEM *bptr = 0; BIO_get_mem_ptr(b.get(), &bptr); - if (bptr == 0) { - LogError("Error in BIO_get_mem_ptr"); - ThrowMsg(Exception::OpensslInternalError, - "Error in BIO_get_mem_ptr"); - } + if (bptr == 0) + VcoreThrowMsg(Certificate::Exception::OpensslInternalError, + "Error in BIO_get_mem_ptr"); + std::string result(bptr->data, bptr->length); - return DPL::FromUTF8String(result); + + return result; } -DPL::String Certificate::getPublicKeyString() const +std::string Certificate::getPublicKeyString() const { std::unique_ptr<BIO, std::function<int(BIO*)>> b(BIO_new(BIO_s_mem()),BIO_free); - if (b.get() == NULL) { - LogError("Error in BIO_new"); - ThrowMsg(Exception::OpensslInternalError, - "Error in BIO_new"); - } + if (!b.get()) + VcoreThrowMsg(Certificate::Exception::OpensslInternalError, + "Error in BIO_new"); + EVP_PKEY *pkey = X509_get_pubkey(m_x509); - if (pkey == NULL) { - LogError("Error in X509_get_pubkey"); - ThrowMsg(Exception::OpensslInternalError, - "Error in X509_get_pubkey"); - } + if (!pkey) + VcoreThrowMsg(Certificate::Exception::OpensslInternalError, + "Error in X509_get_pubkey"); + EVP_PKEY_print_public(b.get(), pkey, 16, NULL); EVP_PKEY_free(pkey); BUF_MEM *bptr = 0; BIO_get_mem_ptr(b.get(), &bptr); - if (bptr == 0) { - LogError("Error in BIO_get_mem_ptr"); - ThrowMsg(Exception::OpensslInternalError, - "Error in BIO_get_mem_ptr"); - } + if (bptr == 0) + VcoreThrowMsg(Certificate::Exception::OpensslInternalError, + "Error in BIO_get_mem_ptr"); + std::string result(bptr->data, bptr->length); - return DPL::FromUTF8String(result); + + return result; } -int Certificate::isCA() const { +int Certificate::isCA() const +{ return X509_check_ca(m_x509); } diff --git a/vcore/src/vcore/Certificate.h b/vcore/src/vcore/Certificate.h index 2687468..e8d2364 100644 --- a/vcore/src/vcore/Certificate.h +++ b/vcore/src/vcore/Certificate.h @@ -27,14 +27,12 @@ #include <string> #include <vector> #include <ctime> - -#include <dpl/exception.h> -#include <dpl/noncopyable.h> #include <memory> -#include <dpl/string.h> #include <openssl/x509.h> +#include <vcore/exception.h> + #include <cert-service.h> extern "C" { @@ -51,11 +49,18 @@ class Certificate; typedef std::shared_ptr<Certificate> CertificatePtr; typedef std::list<CertificatePtr> CertificateList; -class Certificate : public std::enable_shared_from_this<Certificate> -{ - public: +class Certificate : public std::enable_shared_from_this<Certificate> { +public: + class Exception { + public: + VCORE_DECLARE_EXCEPTION_TYPE(ValidationCore::Exception, Base); + VCORE_DECLARE_EXCEPTION_TYPE(Base, OpensslInternalError); + }; + typedef std::vector<unsigned char> Fingerprint; - typedef DPL::String AltName; + + // ascii string + typedef std::string AltName; typedef std::set<AltName> AltNameSet; enum FingerprintType @@ -75,13 +80,6 @@ class Certificate : public std::enable_shared_from_this<Certificate> FORM_BASE64 }; - class Exception - { - public: - DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) - DECLARE_EXCEPTION_TYPE(Base, OpensslInternalError) - }; - explicit Certificate(X509 *cert); explicit Certificate(cert_svc_mem_buff &buffer); @@ -107,19 +105,16 @@ class Certificate : public std::enable_shared_from_this<Certificate> Fingerprint getFingerprint(FingerprintType type) const; // getName uses deprecated functions. Usage is strongly discouraged. - DPL::String getOneLine(FieldType type = FIELD_SUBJECT) const; - - DPL::String getCommonName(FieldType type = FIELD_SUBJECT) const; - DPL::String getCountryName(FieldType type = FIELD_SUBJECT) const; - DPL::String getStateOrProvinceName( - FieldType type = FIELD_SUBJECT) const; - DPL::String getLocalityName(FieldType type = FIELD_SUBJECT) const; - DPL::String getOrganizationName( - FieldType type = FIELD_SUBJECT) const; - DPL::String getOrganizationalUnitName( - FieldType type = FIELD_SUBJECT) const; - DPL::String getEmailAddres(FieldType type = FIELD_SUBJECT) const; - DPL::String getOCSPURL() const; + // utf8 string + std::string getOneLine(FieldType type = FIELD_SUBJECT) const; + std::string getCommonName(FieldType type = FIELD_SUBJECT) const; + std::string getCountryName(FieldType type = FIELD_SUBJECT) const; + std::string getStateOrProvinceName(FieldType type = FIELD_SUBJECT) const; + std::string getLocalityName(FieldType type = FIELD_SUBJECT) const; + std::string getOrganizationName(FieldType type = FIELD_SUBJECT) const; + std::string getOrganizationalUnitName(FieldType type = FIELD_SUBJECT) const; + std::string getEmailAddres(FieldType type = FIELD_SUBJECT) const; + std::string getOCSPURL() const; // Openssl supports 9 types of alternative name filed. @@ -150,13 +145,11 @@ class Certificate : public std::enable_shared_from_this<Certificate> long getVersion() const; - DPL::String getSerialNumberString() const; - - DPL::String getKeyUsageString() const; - - DPL::String getSignatureAlgorithmString() const; - - DPL::String getPublicKeyString() const; + // utf8 string + std::string getSerialNumberString() const; + std::string getKeyUsageString() const; + std::string getSignatureAlgorithmString() const; + std::string getPublicKeyString() const; /* * 0 - not CA @@ -171,11 +164,11 @@ class Certificate : public std::enable_shared_from_this<Certificate> static std::string FingerprintToColonHex( const Fingerprint &fingerprint); - protected: +protected: X509_NAME *getX509Name(FieldType type) const; - DPL::String getField(FieldType type, - int fieldNid) const; + // utf8 string + std::string getField(FieldType type, int fieldNid) const; X509 *m_x509; }; diff --git a/vcore/src/vcore/CertificateCacheDAO.cpp b/vcore/src/vcore/CertificateCacheDAO.cpp index 483702c..c01fa7a 100644 --- a/vcore/src/vcore/CertificateCacheDAO.cpp +++ b/vcore/src/vcore/CertificateCacheDAO.cpp @@ -26,13 +26,13 @@ #include <vcore/VCorePrivate.h> #include <dpl/foreach.h> -#include <dpl/log/log.h> +#include <dpl/log/wrt_log.h> #include <dpl/db/orm.h> #include <orm_generator_vcore.h> #include <vcore/Database.h> -using namespace DPL::DB::ORM; -using namespace DPL::DB::ORM::vcore; +using namespace VcoreDPL::DB::ORM; +using namespace VcoreDPL::DB::ORM::vcore; namespace ValidationCore { @@ -49,7 +49,7 @@ void CertificateCacheDAO::setOCSPStatus(const std::string& cert_chain, if (getOCSPStatus(&status)) { // only need to update data in DB Equals<OCSPResponseStorage::cert_chain> e1( - DPL::FromUTF8String(cert_chain)); + VcoreDPL::FromUTF8String(cert_chain)); Equals<OCSPResponseStorage::end_entity_check> e2( end_entity_check ? 1 : 0); @@ -66,7 +66,7 @@ void CertificateCacheDAO::setOCSPStatus(const std::string& cert_chain, // need to insert data OCSPResponseStorage::Row row; - row.Set_cert_chain(DPL::FromUTF8String(cert_chain)); + row.Set_cert_chain(VcoreDPL::FromUTF8String(cert_chain)); row.Set_ocsp_status(ocsp_status); row.Set_next_update_time(next_update_time); row.Set_end_entity_check(end_entity_check ? 1 : 0); @@ -76,7 +76,7 @@ void CertificateCacheDAO::setOCSPStatus(const std::string& cert_chain, insert->Execute(); } transaction.Commit(); - } Catch(DPL::DB::SqlConnection::Exception::Base) { + } Catch(VcoreDPL::DB::SqlConnection::Exception::Base) { ReThrowMsg(Exception::DatabaseError, "Failed to setOCSPStatus"); } } @@ -84,12 +84,12 @@ void CertificateCacheDAO::setOCSPStatus(const std::string& cert_chain, bool CertificateCacheDAO::getOCSPStatus(OCSPCachedStatus* cached_status) { if (NULL == cached_status) { - LogError("NULL pointer"); + WrtLogE("NULL pointer"); return false; } Try { Equals<OCSPResponseStorage::cert_chain> e1( - DPL::FromUTF8String(cached_status->cert_chain)); + VcoreDPL::FromUTF8String(cached_status->cert_chain)); Equals<OCSPResponseStorage::end_entity_check> e2( cached_status->end_entity_check ? 1 : 0); @@ -105,10 +105,10 @@ bool CertificateCacheDAO::getOCSPStatus(OCSPCachedStatus* cached_status) return true; } - LogDebug("Cached OCSP status not found"); + WrtLogD("Cached OCSP status not found"); return false; } - Catch(DPL::DB::SqlConnection::Exception::Base) { + Catch(VcoreDPL::DB::SqlConnection::Exception::Base) { ReThrowMsg(Exception::DatabaseError, "Failed to getOCSPStatus"); } } @@ -117,7 +117,7 @@ void CertificateCacheDAO::getOCSPStatusList( OCSPCachedStatusList* cached_status_list) { if (NULL == cached_status_list) { - LogError("NULL pointer"); + WrtLogE("NULL pointer"); return; } Try { @@ -127,7 +127,7 @@ void CertificateCacheDAO::getOCSPStatusList( FOREACH(i, list) { OCSPCachedStatus status; - status.cert_chain = DPL::ToUTF8String(i->Get_cert_chain()); + status.cert_chain = VcoreDPL::ToUTF8String(i->Get_cert_chain()); status.ocsp_status = intToVerificationStatus( *(i->Get_ocsp_status())); status.end_entity_check = @@ -137,7 +137,7 @@ void CertificateCacheDAO::getOCSPStatusList( } } - Catch(DPL::DB::SqlConnection::Exception::Base) { + Catch(VcoreDPL::DB::SqlConnection::Exception::Base) { ReThrowMsg(Exception::DatabaseError, "Failed to getOCSPStatusList"); } } @@ -155,11 +155,11 @@ void CertificateCacheDAO::setCRLResponse(const std::string& distribution_point, // only need to update data in DB VCORE_DB_UPDATE(update, CRLResponseStorage, &ThreadInterface()) Equals<CRLResponseStorage::distribution_point> e1( - DPL::FromUTF8String(distribution_point)); + VcoreDPL::FromUTF8String(distribution_point)); CRLResponseStorage::Row row; update->Where(e1); - row.Set_crl_body(DPL::FromUTF8String(crl_body)); + row.Set_crl_body(VcoreDPL::FromUTF8String(crl_body)); row.Set_next_update_time(next_update_time); update->Values(row); update->Execute(); @@ -168,14 +168,14 @@ void CertificateCacheDAO::setCRLResponse(const std::string& distribution_point, VCORE_DB_INSERT(insert, CRLResponseStorage, &ThreadInterface()) CRLResponseStorage::Row row; - row.Set_distribution_point(DPL::FromUTF8String(distribution_point)); - row.Set_crl_body(DPL::FromUTF8String(crl_body)); + row.Set_distribution_point(VcoreDPL::FromUTF8String(distribution_point)); + row.Set_crl_body(VcoreDPL::FromUTF8String(crl_body)); row.Set_next_update_time(next_update_time); insert->Values(row); insert->Execute(); } transaction.Commit(); - } Catch(DPL::DB::SqlConnection::Exception::Base) { + } Catch(VcoreDPL::DB::SqlConnection::Exception::Base) { ReThrowMsg(Exception::DatabaseError, "Failed to setOCSPStatus"); } } @@ -183,27 +183,27 @@ void CertificateCacheDAO::setCRLResponse(const std::string& distribution_point, bool CertificateCacheDAO::getCRLResponse(CRLCachedData* cached_data) { if (NULL == cached_data) { - LogError("NULL pointer"); + WrtLogE("NULL pointer"); return false; } Try { VCORE_DB_SELECT(select, CRLResponseStorage, &ThreadInterface()) Equals<CRLResponseStorage::distribution_point> e1( - DPL::FromUTF8String(cached_data->distribution_point)); + VcoreDPL::FromUTF8String(cached_data->distribution_point)); select->Where(e1); std::list<CRLResponseStorage::Row> rows = select->GetRowList(); if (1 == rows.size()) { CRLResponseStorage::Row row = rows.front(); - cached_data->crl_body = DPL::ToUTF8String(row.Get_crl_body()); + cached_data->crl_body = VcoreDPL::ToUTF8String(row.Get_crl_body()); cached_data->next_update_time = *(row.Get_next_update_time()); return true; } - LogDebug("Cached CRL not found"); + WrtLogD("Cached CRL not found"); return false; } - Catch(DPL::DB::SqlConnection::Exception::Base) { + Catch(VcoreDPL::DB::SqlConnection::Exception::Base) { ReThrowMsg(Exception::DatabaseError, "Failed to getCRLResponse"); } } @@ -212,7 +212,7 @@ void CertificateCacheDAO::getCRLResponseList( CRLCachedDataList* cached_data_list) { if (NULL == cached_data_list) { - LogError("NULL pointer"); + WrtLogE("NULL pointer"); return; } Try { @@ -222,15 +222,15 @@ void CertificateCacheDAO::getCRLResponseList( FOREACH(i, list) { CRLCachedData response; - response.distribution_point = DPL::ToUTF8String( + response.distribution_point = VcoreDPL::ToUTF8String( i->Get_distribution_point()); - response.crl_body = DPL::ToUTF8String(i->Get_crl_body()); + response.crl_body = VcoreDPL::ToUTF8String(i->Get_crl_body()); response.next_update_time = *(i->Get_next_update_time()); cached_data_list->push_back(response); } } - Catch(DPL::DB::SqlConnection::Exception::Base) { + Catch(VcoreDPL::DB::SqlConnection::Exception::Base) { ReThrowMsg(Exception::DatabaseError, "Failed to getCRLResponses"); } } @@ -245,7 +245,7 @@ void CertificateCacheDAO::clearCertificateCache() del2->Execute(); transaction.Commit(); } - Catch(DPL::DB::SqlConnection::Exception::Base) { + Catch(VcoreDPL::DB::SqlConnection::Exception::Base) { ReThrowMsg(Exception::DatabaseError, "Failed to clearUserSettings"); } } diff --git a/vcore/src/vcore/CertificateCacheDAO.h b/vcore/src/vcore/CertificateCacheDAO.h index 59102da..f10ec07 100644 --- a/vcore/src/vcore/CertificateCacheDAO.h +++ b/vcore/src/vcore/CertificateCacheDAO.h @@ -52,7 +52,7 @@ class CertificateCacheDAO { class Exception { public: - DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base) DECLARE_EXCEPTION_TYPE(Base, DatabaseError) }; diff --git a/vcore/src/vcore/CertificateCollection.cpp b/vcore/src/vcore/CertificateCollection.cpp index 90d1d4e..2f20146 100644 --- a/vcore/src/vcore/CertificateCollection.cpp +++ b/vcore/src/vcore/CertificateCollection.cpp @@ -21,13 +21,12 @@ */ #include <vcore/CertificateCollection.h> -#include <algorithm> - +#include <vcore/Base64.h> #include <dpl/binary_queue.h> #include <dpl/foreach.h> -#include <dpl/log/log.h> +#include <dpl/log/wrt_log.h> -#include <vcore/Base64.h> +#include <algorithm> namespace { @@ -68,18 +67,19 @@ bool CertificateCollection::load(const std::string &buffer) base64.reset(); base64.append(buffer); if (!base64.finalize()) { - LogWarning("Error during chain decoding"); + WrtLogW("Error during chain decoding"); return false; } std::string binaryData = base64.get(); - DPL::BinaryQueue queue; + VcoreDPL::BinaryQueue queue; queue.AppendCopy(binaryData.c_str(), binaryData.size()); int certNum; queue.FlattenConsume(&certNum, sizeof(int)); CertificateList list; + CertificatePtr certPtr; for (int i = 0; i < certNum; ++i) { int certSize; @@ -87,16 +87,16 @@ bool CertificateCollection::load(const std::string &buffer) std::vector<char> rawDERCert; rawDERCert.resize(certSize); queue.FlattenConsume(&rawDERCert[0], certSize); - Try { - list.push_back(CertificatePtr( - new Certificate(std::string(rawDERCert.begin(), - rawDERCert.end())))); - } Catch(Certificate::Exception::Base) { - LogWarning("Error during certificate creation."); + VcoreTry { + list.push_back(CertificatePtr(new Certificate(std::string( + rawDERCert.begin(), + rawDERCert.end())))); + } VcoreCatch (Certificate::Exception::Base) { + WrtLogW("Error during certificate creation."); return false; } - LogDebug("Loading certificate. Certificate common name: " << - list.back()->getCommonName()); + + WrtLogD("Loading certificate. Certificate common name: %s", list.back()->getCommonName().c_str()); } load(list); return true; @@ -126,11 +126,10 @@ CertificateList CertificateCollection::getCertificateList() const bool CertificateCollection::isChain() const { - if (COLLECTION_SORTED != m_collectionStatus) { - LogError("You must sort certificates first"); - ThrowMsg(Exception::WrongUsage, - "You must sort certificates first"); - } + if (COLLECTION_SORTED != m_collectionStatus) + VcoreThrowMsg(CertificateCollection::Exception::WrongUsage, + "You must sort certificate first"); + return (COLLECTION_SORTED == m_collectionStatus) ? true : false; } @@ -144,11 +143,9 @@ bool CertificateCollection::sort() CertificateList CertificateCollection::getChain() const { - if (COLLECTION_SORTED != m_collectionStatus) { - LogError("You must sort certificates first"); - ThrowMsg(Exception::WrongUsage, - "You must sort certificates first"); - } + if (COLLECTION_SORTED != m_collectionStatus) + VcoreThrowMsg(CertificateCollection::Exception::WrongUsage, + "You must sort certificates first"); return m_certList; } @@ -166,7 +163,7 @@ void CertificateCollection::sortCollection() // Sort all certificate by subject for (auto it = m_certList.begin(); it != m_certList.end(); ++it) { - subTransl.insert(std::make_pair(DPL::ToUTF8String((*it)->getOneLine()),(*it))); + subTransl.insert(std::make_pair((*it)->getOneLine(), (*it))); } // We need one start certificate sorted.push_back(subTransl.begin()->second); @@ -175,7 +172,7 @@ void CertificateCollection::sortCollection() // Get the issuer from front certificate and find certificate with this subject in subTransl. // Add this certificate to the front. while (!subTransl.empty()) { - std::string issuer = DPL::ToUTF8String(sorted.back()->getOneLine(Certificate::FIELD_ISSUER)); + std::string issuer = sorted.back()->getOneLine(Certificate::FIELD_ISSUER); auto it = subTransl.find(issuer); if (it == subTransl.end()) { break; @@ -186,13 +183,13 @@ void CertificateCollection::sortCollection() // Sort all certificates by issuer for (auto it = subTransl.begin(); it != subTransl.end(); ++it) { - issTransl.insert(std::make_pair(DPL::ToUTF8String((it->second->getOneLine(Certificate::FIELD_ISSUER))),it->second)); + issTransl.insert(std::make_pair(it->second->getOneLine(Certificate::FIELD_ISSUER), it->second)); } // Get the subject from last certificate and find certificate with such issuer in issTransl. // Add this certificate at end. while (!issTransl.empty()) { - std::string sub = DPL::ToUTF8String(sorted.front()->getOneLine()); + std::string sub = sorted.front()->getOneLine(); auto it = issTransl.find(sub); if (it == issTransl.end()) { break; @@ -202,7 +199,7 @@ void CertificateCollection::sortCollection() } if (!issTransl.empty()) { - LogWarning("Certificates don't form a valid chain."); + WrtLogW("Certificates don't form a valid chain."); m_collectionStatus = COLLECTION_CHAIN_BROKEN; return; } diff --git a/vcore/src/vcore/CertificateCollection.h b/vcore/src/vcore/CertificateCollection.h index 953bbfb..9b9a6c4 100644 --- a/vcore/src/vcore/CertificateCollection.h +++ b/vcore/src/vcore/CertificateCollection.h @@ -24,8 +24,9 @@ #include <list> #include <string> +#include <map> -#include <dpl/exception.h> +#include <vcore/exception.h> #include <vcore/Certificate.h> @@ -37,14 +38,12 @@ namespace ValidationCore { * It could check if collection creates certificate chain. */ -class CertificateCollection -{ - public: - class Exception - { - public: - DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) - DECLARE_EXCEPTION_TYPE(Base, WrongUsage) +class CertificateCollection { +public: + class Exception { + public: + VCORE_DECLARE_EXCEPTION_TYPE(ValidationCore::Exception, Base); + VCORE_DECLARE_EXCEPTION_TYPE(Base, WrongUsage); }; CertificateCollection(); @@ -152,7 +151,7 @@ class CertificateCollection */ CertificatePtr back() const; - protected: +protected: void sortCollection(void); enum CollectionStatus diff --git a/vcore/src/vcore/CertificateConfigReader.cpp b/vcore/src/vcore/CertificateConfigReader.cpp index e98e747..3d67e35 100644 --- a/vcore/src/vcore/CertificateConfigReader.cpp +++ b/vcore/src/vcore/CertificateConfigReader.cpp @@ -19,12 +19,13 @@ * @version 1.0 * @brief */ -#include "CertificateConfigReader.h" -#include <cstdlib> +#include <vcore/CertificateConfigReader.h> #include <dpl/assert.h> +#include <cstdlib> + namespace { const std::string XML_EMPTY_NAMESPACE = ""; @@ -39,6 +40,7 @@ const std::string TOKEN_ATTR_URL_NAME = "ocspUrl"; const std::string TOKEN_VALUE_TIZEN_DEVELOPER = "tizen-developer"; const std::string TOKEN_VALUE_TIZEN_TEST = "tizen-test"; const std::string TOKEN_VALUE_TIZEN_VERIFY = "tizen-verify"; +const std::string TOKEN_VALUE_TIZEN_STORE = "tizen-store"; const std::string TOKEN_VALUE_VISIBILITY_PUBLIC = "tizen-public"; const std::string TOKEN_VALUE_VISIBILITY_PARTNER = "tizen-partner"; const std::string TOKEN_VALUE_VISIBILITY_PARTNER_OPERATOR = "tizen-partner-operator"; @@ -61,9 +63,9 @@ int hexCharToInt(char c) } // anonymous namespace namespace ValidationCore { -CertificateConfigReader::CertificateConfigReader() : - m_certificateDomain(0), - m_parserSchema(this) +CertificateConfigReader::CertificateConfigReader() + : m_certificateDomain(0) + , m_parserSchema(this) { m_parserSchema.addBeginTagCallback( TOKEN_CERTIFICATE_SET, @@ -96,21 +98,37 @@ CertificateConfigReader::CertificateConfigReader() : &CertificateConfigReader::tokenEndFingerprintSHA1); } +void CertificateConfigReader::initialize( + const std::string &file, + const std::string &scheme) +{ + m_parserSchema.initialize(file, true, SaxReader::VALIDATION_XMLSCHEME, scheme); +} + +void CertificateConfigReader::read(CertificateIdentifier &identificator) +{ + m_parserSchema.read(identificator); +} + +void CertificateConfigReader::blankFunction(CertificateIdentifier &) +{ +} + void CertificateConfigReader::tokenCertificateDomain(CertificateIdentifier &) { - std::string name = m_parserSchema.getReader(). - attribute(TOKEN_ATTR_NAME, SaxReader::THROW_DISABLE); + std::string name = m_parserSchema.getReader().attribute(TOKEN_ATTR_NAME); if (name.empty()) { - LogWarning("Invalid fingerprint file. Domain name is mandatory"); - ThrowMsg(Exception::InvalidFile, - "Invalid fingerprint file. Domain name is mandatory"); + VcoreThrowMsg(CertificateConfigReader::Exception::InvalidFile, + "Invalid fingerprint file. Domain name is mandatory"); } else if (name == TOKEN_VALUE_TIZEN_DEVELOPER) { m_certificateDomain = CertStoreId::TIZEN_DEVELOPER; } else if (name == TOKEN_VALUE_TIZEN_TEST) { m_certificateDomain = CertStoreId::TIZEN_TEST; } else if (name == TOKEN_VALUE_TIZEN_VERIFY) { m_certificateDomain = CertStoreId::TIZEN_VERIFY; + } else if (name == TOKEN_VALUE_TIZEN_STORE) { + m_certificateDomain = CertStoreId::TIZEN_STORE; } else if (name == TOKEN_VALUE_VISIBILITY_PUBLIC) { m_certificateDomain = CertStoreId::VIS_PUBLIC; } else if (name == TOKEN_VALUE_VISIBILITY_PARTNER) { @@ -121,8 +139,7 @@ void CertificateConfigReader::tokenCertificateDomain(CertificateIdentifier &) m_certificateDomain = CertStoreId::VIS_PARTNER_MANUFACTURER; } else if (name == TOKEN_VALUE_VISIBILITY_PLATFORM) { m_certificateDomain = CertStoreId::VIS_PLATFORM; - } else { - LogWarning("This domain will be ignored : " << name); + } else { m_certificateDomain = 0; } } @@ -130,9 +147,9 @@ void CertificateConfigReader::tokenCertificateDomain(CertificateIdentifier &) void CertificateConfigReader::tokenEndFingerprintSHA1( CertificateIdentifier &identificator) { - #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL - std::string url = m_parserSchema.getReader().attribute(TOKEN_ATTR_URL_NAME, SaxReader::THROW_DISABLE); - #endif +#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL + std::string url = m_parserSchema.getReader().attribute(TOKEN_ATTR_URL_NAME); +#endif std::string text = m_parserSchema.getText(); text += ":"; // add guard at the end of fingerprint @@ -157,8 +174,8 @@ void CertificateConfigReader::tokenEndFingerprintSHA1( } identificator.add(fingerprint, m_certificateDomain); - #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL +#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL identificator.add(fingerprint, url); - #endif +#endif } } // namespace ValidationCore diff --git a/vcore/src/vcore/CertificateConfigReader.h b/vcore/src/vcore/CertificateConfigReader.h index 4ca7d8e..d61cc86 100644 --- a/vcore/src/vcore/CertificateConfigReader.h +++ b/vcore/src/vcore/CertificateConfigReader.h @@ -23,46 +23,33 @@ #define _VALIDATION_CORE_CERTIFICATE_CONFIG_READER_H_ #include <string> -#include <dpl/exception.h> #include <vcore/CertificateIdentifier.h> #include <vcore/CertStoreType.h> #include <vcore/ParserSchema.h> +#include <vcore/exception.h> namespace ValidationCore { -class CertificateConfigReader -{ - public: - class Exception - { - public: - DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) - DECLARE_EXCEPTION_TYPE(Base, InvalidFile) +class CertificateConfigReader { +public: + class Exception { + public: + VCORE_DECLARE_EXCEPTION_TYPE(ValidationCore::Exception, Base); + VCORE_DECLARE_EXCEPTION_TYPE(Base, InvalidFile); }; - CertificateConfigReader(); - void initialize(const std::string &file, - const std::string &scheme) - { - m_parserSchema.initialize(file, true, SaxReader::VALIDATION_XMLSCHEME, - scheme); - } + CertificateConfigReader(); - void read(CertificateIdentifier &identificator) - { - m_parserSchema.read(identificator); - } + void initialize(const std::string &file, const std::string &scheme); + void read(CertificateIdentifier &identificator); - private: - void blankFunction(CertificateIdentifier &) - { - } +private: + void blankFunction(CertificateIdentifier &); void tokenCertificateDomain(CertificateIdentifier &identificator); void tokenEndFingerprintSHA1(CertificateIdentifier &identificator); CertStoreId::Type m_certificateDomain; - ParserSchema<CertificateConfigReader, CertificateIdentifier> - m_parserSchema; + ParserSchema<CertificateConfigReader, CertificateIdentifier> m_parserSchema; }; } // namespace ValidationCore diff --git a/vcore/src/vcore/CertificateIdentifier.h b/vcore/src/vcore/CertificateIdentifier.h index 0090d2c..bbdab2d 100644 --- a/vcore/src/vcore/CertificateIdentifier.h +++ b/vcore/src/vcore/CertificateIdentifier.h @@ -27,14 +27,13 @@ #include <map> #include <dpl/noncopyable.h> -#include "Certificate.h" -#include "CertStoreType.h" +#include <vcore/Certificate.h> +#include <vcore/CertStoreType.h> namespace ValidationCore { -class CertificateIdentifier : public DPL::Noncopyable -{ +class CertificateIdentifier : public VcoreDPL::Noncopyable { public: - typedef std::map<Certificate::Fingerprint, CertStoreId::Set> FingerPrintMap; + typedef std::map<Certificate::Fingerprint, CertStoreId::Set> FingerPrintMap; CertificateIdentifier() { @@ -49,13 +48,13 @@ public: fingerPrintMap[fingerprint].add(domain); } - #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL + #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL void add(const Certificate::Fingerprint &fingerprint, - std::string ocspUrl) + std::string ocspUrl) { - fingerPrintMap[fingerprint].add(ocspUrl); + fingerPrintMap[fingerprint].add(ocspUrl); } - #endif + #endif CertStoreId::Set find(const Certificate::Fingerprint &fingerprint) const { @@ -72,7 +71,7 @@ public: find(certificate->getFingerprint(Certificate::FINGERPRINT_SHA1)); } - private: +private: FingerPrintMap fingerPrintMap; }; } // namespace ValidationCore diff --git a/vcore/src/vcore/CertificateLoader.cpp b/vcore/src/vcore/CertificateLoader.cpp index 038e0fc..a934f67 100644 --- a/vcore/src/vcore/CertificateLoader.cpp +++ b/vcore/src/vcore/CertificateLoader.cpp @@ -15,7 +15,7 @@ */ #include <dpl/assert.h> #include <openssl/x509v3.h> -#include <dpl/log/log.h> +#include <dpl/log/wrt_log.h> #include <dpl/noncopyable.h> #include <openssl/ecdsa.h> #include <openssl/evp.h> @@ -34,7 +34,7 @@ const int MIN_RSA_KEY_LENGTH = 1024; namespace ValidationCore { //// COMPARATOR CLASS START //// -//class CertificateLoaderECDSA : public CertificateLoader::CertificateLoaderComparator, DPL::Noncopyable { +//class CertificateLoaderECDSA : public CertificateLoader::CertificateLoaderComparator, VcoreDPL::Noncopyable { //public: // CertificateLoaderECDSA(const std::string &publicKey) // : m_ecPublicKey(NULL) @@ -45,7 +45,7 @@ namespace ValidationCore { // m_initialized = CertificateLoader::convertBase64NodeToBigNum(publicKey, &m_searchKey); // // if(!m_initialized) -// LogError("Init failed!"); +// WrtLogE("Init failed!"); // } // // virtual bool compare(X509 *x509cert){ @@ -60,7 +60,7 @@ namespace ValidationCore { // return false; // // if(m_ecPublicKey->type != EVP_PKEY_EC){ -// LogError("ecPublicKey has wrong type!"); +// WrtLogE("ecPublicKey has wrong type!"); // return false; // } // @@ -97,7 +97,7 @@ namespace ValidationCore { //// COMPARATOR RSA CLASS START //// -//class CertificateLoaderRSA : public CertificateLoader::CertificateLoaderComparator, DPL::Noncopyable { +//class CertificateLoaderRSA : public CertificateLoader::CertificateLoaderComparator, VcoreDPL::Noncopyable { //public: // CertificateLoaderRSA(const std::string &m_modulus,const std::string &m_exponent ) // : m_rsaPublicKey(NULL) @@ -109,7 +109,7 @@ namespace ValidationCore { // m_initialized_exponent = CertificateLoader::convertBase64NodeToBigNum(m_exponent, &m_exponent_bn); // // if(!m_initialized_modulus || !m_initialized_exponent) -// LogError("Init failed!"); +// WrtLogE("Init failed!"); // } // // virtual bool compare(X509 *x509cert){ @@ -124,7 +124,7 @@ namespace ValidationCore { // return false; // // if(m_rsaPublicKey->type != EVP_PKEY_RSA){ -// LogInfo("rsaPublicKey has wrong type!"); +// WrtLogI("rsaPublicKey has wrong type!"); // return false; // } // @@ -133,7 +133,7 @@ namespace ValidationCore { // // if (BN_cmp(m_modulus_bn, rsa->n) == 0 && // BN_cmp(m_exponent_bn, rsa->e) == 0 ){ -// LogError ("Compare TRUE"); +// WrtLogE ("Compare TRUE"); // return true; // } // return false; @@ -162,7 +162,7 @@ CertificateLoader::CertificateLoaderResult CertificateLoader:: { (void) m_modulus; (void) m_exponent; - LogError("Not implemented."); + WrtLogE("Not implemented."); return UNKNOWN_ERROR; // if (m_exponent.empty() || m_modulus.empty()) // return WRONG_ARGUMENTS; @@ -188,7 +188,7 @@ CertificateLoader::CertificateLoaderResult CertificateLoader::loadCertificate( { (void) storageName; (void) cmp; - LogError("Not Implemented"); + WrtLogE("Not Implemented"); return UNKNOWN_ERROR; // long int result = OPERATION_SUCCESS; // @@ -217,7 +217,7 @@ CertificateLoader::CertificateLoaderResult CertificateLoader::loadCertificate( // { // // if(OPERATION_SUCCESS!=certmgr_extract_certificate_data(&certRetrieved, &descriptor)){ - // LogError("Extracting Certificate Data failed \n"); + // WrtLogE("Extracting Certificate Data failed "); // continue; // } // @@ -226,35 +226,35 @@ CertificateLoader::CertificateLoaderResult CertificateLoader::loadCertificate( // X509 *x509cert = d2i_X509(NULL, &ptr, certRetrieved.size); // if(x509cert == NULL){ // certmgr_release_certificate_data(&descriptor); - // LogError("Error extracting certificate (d2i_X509)."); + // WrtLogE("Error extracting certificate (d2i_X509)."); // return UNKNOWN_ERROR; // } // - // LogDebug("The subject of this certificate is " << descriptor.mandatory.subject); + // WrtLogD("The subject of this certificate is %s", (descriptor.mandatory.subject)); // if(cmp->compare(x509cert)){ - // LogDebug("Found match. Coping bytes: " << certRetrieved.size); + // WrtLogD("Found match. Coping bytes: %d", certRetrieved.size); // m_certificatePtr = CertificatePtr(new Certificate(certRetrieved)); // certmgr_release_certificate_data(&descriptor); // X509_free(x509cert); // break; // } // - // LogDebug("Release"); + // WrtLogD("Release"); // X509_free(x509cert); // certmgr_release_certificate_data(&descriptor); // } // // if(ERR_NO_MORE_CERTIFICATES == result){ - // LogError("Certificates for given DN not found\n"); + // WrtLogE("Certificates for given DN not found"); // return CERTIFICATE_NOT_FOUND; // } // // if(result!= OPERATION_SUCCESS){ - // LogError("Certificate Manager Error\n"); + // WrtLogE("Certificate Manager Error"); // return UNKNOWN_ERROR; // } // - // LogDebug("Exit"); + // WrtLogD("Exit"); // return NO_ERROR; } @@ -263,7 +263,7 @@ CertificateLoader::CertificateLoaderResult CertificateLoader:: loadCertificateBasedOnSubjectName(const std::string &subjectName) { (void) subjectName; - LogError("Not implemented."); + WrtLogE("Not implemented."); return UNKNOWN_ERROR; // if(subjectName.empty()) // { @@ -295,29 +295,29 @@ CertificateLoader::CertificateLoaderResult CertificateLoader:: // { // // if(OPERATION_SUCCESS!=certmgr_extract_certificate_data(&certRetrieved, &descriptor)){ - // LogError("Extracting Certificate Data failed \n"); + // WrtLogE("Extracting Certificate Data failed "); // continue; // } // // if(!strcmp(subjectName.c_str(), descriptor.mandatory.subject)){ - // LogDebug("The subject of this certificate is " << descriptor.mandatory.subject); + // WrtLogD("The subject of this certificate is %s", descriptor.mandatory.subject); // m_certificatePtr = CertificatePtr(new Certificate(certRetrieved)); // certmgr_release_certificate_data(&descriptor); // break; // } - // LogDebug("Release"); + // WrtLogD("Release"); // certmgr_release_certificate_data(&descriptor); // } // // if(ERR_NO_MORE_CERTIFICATES == result) { - // LogError("Certificates for given DN not found\n"); + // WrtLogE("Certificates for given DN not found"); // return CERTIFICATE_NOT_FOUND; // } // if(result!= OPERATION_SUCCESS){ - // LogError("Certificate Manager Error\n"); + // WrtLogE("Certificate Manager Error"); // return UNKNOWN_ERROR; // } - // LogDebug("Exit"); + // WrtLogD("Exit"); // return NO_ERROR; } @@ -333,7 +333,7 @@ CertificateLoader::CertificateLoaderResult CertificateLoader:: // KW memset(&m_cmBuff, 0, sizeof(certmgr_mem_buff)); // KW } // KW -// KW LogDebug("IssuerName: " << issuerName << " serialNumber: " << serialNumber); +// KW WrtLogD("IssuerName: %s , serialNumber: %s", issuerName.c_str(), serialNumber.c_str()); // KW // KW //used to check status of retrieved certificate // KW long int result = OPERATION_SUCCESS; @@ -359,14 +359,14 @@ CertificateLoader::CertificateLoaderResult CertificateLoader:: // KW certRetrieved.firstFree = 0) // KW { // KW -// KW LogDebug("Extracting certificate from CertMgr"); +// KW WrtLogD("Extracting certificate from CertMgr"); // KW // KW if( OPERATION_SUCCESS != certmgr_extract_certificate_data(&certRetrieved, &descriptor) ){ -// KW LogError("Extracting Certificate Data failed \n"); +// KW WrtLogE("Extracting Certificate Data failed "); // KW continue; // KW } // KW -// KW LogDebug("Issuer: " << descriptor.mandatory.issuer); +// KW WrtLogD("Issuer: %s", (descriptor.mandatory.issuer).c_str()); // KW // KW const unsigned char *ptr = certRetrieved.data; // KW char *tmp; @@ -376,13 +376,13 @@ CertificateLoader::CertificateLoaderResult CertificateLoader:: // KW OPENSSL_free(tmp); // KW X509_free(x509cert); // KW -// KW LogInfo("Certificate number found: " << serialNO); -// KW LogInfo("Certificate number looking for: " << serialNumber); +// KW WrtLogI("Certificate number found: %d", serialNO); +// KW WrtLogI("Certificate number looking for: %d", serialNumber); // KW // KW if(!strcmp(issuerName.c_str(), descriptor.mandatory.issuer) // KW && serialNumber == serialNO) // KW { -// KW LogError("The issuer of this certificate is " << descriptor.mandatory.issuer); +// KW WrtLogE("The issuer of this certificate is %s", (descriptor.mandatory.issuer).c_str()); // KW // KW m_cmBuff.data = new unsigned char[certRetrieved.size]; // KW m_cmBuff.firstFree = m_cmBuff.size = certRetrieved.size; @@ -394,11 +394,11 @@ CertificateLoader::CertificateLoaderResult CertificateLoader:: // KW } // KW // KW if(ERR_NO_MORE_CERTIFICATES == result) { -// KW LogError("Certificates not found"); +// KW WrtLogE("Certificates not found"); // KW return CERTIFICATE_NOT_FOUND; // KW } // KW if(result != OPERATION_SUCCESS){ -// KW LogError("Certificate Manager Error"); +// KW WrtLogE("Certificate Manager Error"); // KW return UNKNOWN_ERROR; // KW } // KW return NO_ERROR; @@ -410,10 +410,10 @@ CertificateLoader::CertificateLoaderResult CertificateLoader:: { (void) curveName; (void) publicKey; - LogError("Not implemented."); + WrtLogE("Not implemented."); return UNKNOWN_ERROR; // if(curveName != OID_CURVE_SECP256R1){ - // LogError("Found field id: " << curveName << " Expected: " << OID_CURVE_SECP256R1); + // WrtLogE("Found field id: %s Expected:", curveName.c_str(), OID_CURVE_SECP256R1.c_str()); // return UNSUPPORTED_CERTIFICATE_FIELD; // } // @@ -432,34 +432,34 @@ CertificateLoader::CertificateLoaderResult CertificateLoader:: // return result; } -CertificateLoader::CertificateLoaderResult CertificateLoader:: - loadCertificateFromRawData(const std::string &rawData) +CertificateLoader::CertificateLoaderResult CertificateLoader::loadCertificateFromRawData(const std::string &rawData) { - Try { - m_certificatePtr = - CertificatePtr(new Certificate(rawData, Certificate::FORM_BASE64)); - } Catch(Certificate::Exception::Base) { - LogWarning("Error reading certificate by openssl."); + VcoreTry { + m_certificatePtr = CertificatePtr(new Certificate(rawData, Certificate::FORM_BASE64)); + } VcoreCatch(Certificate::Exception::Base) { + WrtLogW("Error reading certificate by openssl."); return UNKNOWN_ERROR; } // Check the key length if sig algorithm is RSA EVP_PKEY *pKey = X509_get_pubkey(m_certificatePtr->getX509()); - if (pKey->type == EVP_PKEY_RSA) { - RSA* pRSA = pKey->pkey.rsa; + if (pKey != NULL) { + if (pKey->type == EVP_PKEY_RSA) { + RSA* pRSA = pKey->pkey.rsa; - if (pRSA) { - int keyLength = RSA_size(pRSA); + if (pRSA) { + int keyLength = RSA_size(pRSA); - // key Length (modulus) is in bytes - keyLength <<= 3; - LogDebug("RSA key length: " << keyLength << " bits"); + // key Length (modulus) is in bytes + keyLength <<= 3; + WrtLogD("RSA key length: %d bits", keyLength); - if (keyLength < MIN_RSA_KEY_LENGTH) { - LogError( - "RSA key too short!" << "Has only " << keyLength << " bits"); - return CERTIFICATE_SECURITY_ERROR; + if (keyLength < MIN_RSA_KEY_LENGTH) { + WrtLogE( + "RSA key too short! Has only %d bits", keyLength); + return CERTIFICATE_SECURITY_ERROR; + } } } } @@ -483,7 +483,7 @@ CertificateLoader::CertificateLoaderResult CertificateLoader:: // // if (result != OPERATION_SUCCESS) // { -// LogError("Unable to load certificate"); +// WrtLogE("Unable to load certificate"); // return UNKNOWN_ERROR; // } // @@ -512,11 +512,11 @@ CertificateLoader::CertificateLoaderResult CertificateLoader:: // // // key Length (modulus) is in bytes // keyLength <<= 3; -// LogDebug("RSA key length: " << keyLength << " bits"); +// WrtLogD("RSA key length: %d bits", keyLength); // // if (keyLength < MIN_RSA_KEY_LENGTH) // { -// LogError("RSA key too short!" << "Has only " << keyLength << " bits"); +// WrtLogE("RSA key too short! Has only %d bits.", keyLength); // return CERTIFICATE_SECURITY_ERROR; // } // } @@ -542,7 +542,7 @@ CertificateLoader::CertificateLoaderResult CertificateLoader:: (void) strJ; (void) strSeed; (void) strPGenCounter; - LogError("Not implemented."); + WrtLogE("Not implemented."); return UNKNOWN_ERROR; // (void)strY; // (void)strJ; @@ -578,7 +578,7 @@ CertificateLoader::CertificateLoaderResult CertificateLoader:: // // if (OPERATION_SUCCESS != certmgr_extract_certificate_data(&certRetrieved, &descriptor)) // { - // LogDebug("unable to retrieve cert from storage"); + // WrtLogD("unable to retrieve cert from storage"); // continue; // } // @@ -605,9 +605,9 @@ CertificateLoader::CertificateLoaderResult CertificateLoader:: // BN_cmp(pDSAqBigNum, pDSA->q) == 0 && // BN_cmp(pDSAgBigNum, pDSA->g) == 0) // { - // LogInfo("DSA Certificate found"); + // WrtLogI("DSA Certificate found"); // /* TODO load this certificate to m_cmBuff value */ - // LogError("Not implemented!"); + // WrtLogE("Not implemented!"); // // EVP_PKEY_free(pKey); // X509_free(pCertificate); @@ -639,12 +639,12 @@ CertificateLoader::CertificateLoaderResult CertificateLoader:: // X509_free(pCertificate); // } // else - // LogError("Unable to load certificate"); + // WrtLogE("Unable to load certificate"); // // certmgr_release_certificate_data(&descriptor); // } // - // LogError("No DSA certificate with given parameters"); + // WrtLogE("No DSA certificate with given parameters"); // // return CERTIFICATE_NOT_FOUND; } @@ -654,11 +654,11 @@ bool CertificateLoader::convertBase64NodeToBigNum(const std::string& strNode, { (void) strNode; (void) ppBigNum; - LogError("Not implemented."); + WrtLogE("Not implemented."); return false; // if (!ppBigNum || *ppBigNum != NULL) // { - // LogError("Ptr variable not initialized properly!"); + // WrtLogE("Ptr variable not initialized properly!"); // return false; // } // @@ -670,7 +670,7 @@ bool CertificateLoader::convertBase64NodeToBigNum(const std::string& strNode, // // if (!binBuff) // { - // LogError("base64 decode failed"); + // WrtLogE("base64 decode failed"); // return false; // } // @@ -681,7 +681,7 @@ bool CertificateLoader::convertBase64NodeToBigNum(const std::string& strNode, // // if (!(*ppBigNum)) // { - // LogError("Conversion from node to bignum failed"); + // WrtLogE("Conversion from node to bignum failed"); // return false; // } // @@ -692,7 +692,7 @@ bool CertificateLoader::convertBase64NodeToBigNum(const std::string& strNode, // KW { // KW if (!pBigNum) // KW { -// KW LogError("null ptr"); +// KW WrtLogE("null ptr"); // KW return false; // KW } // KW @@ -702,7 +702,7 @@ bool CertificateLoader::convertBase64NodeToBigNum(const std::string& strNode, // KW // convert bignum to binary format // KW if (BN_bn2bin(pBigNum, buffer) < 0) // KW { -// KW LogError("Conversion from bignum to binary failed"); +// KW WrtLogE("Conversion from bignum to binary failed"); // KW delete []buffer; // KW return false; // KW } diff --git a/vcore/src/vcore/CertificateLoader.h b/vcore/src/vcore/CertificateLoader.h index de92764..0d4fe04 100644 --- a/vcore/src/vcore/CertificateLoader.h +++ b/vcore/src/vcore/CertificateLoader.h @@ -27,7 +27,7 @@ #include <vcore/Certificate.h> namespace ValidationCore { -class CertificateLoader : public DPL::Noncopyable +class CertificateLoader : public VcoreDPL::Noncopyable { public: class CertificateLoaderComparator diff --git a/vcore/src/vcore/CertificateVerifier.cpp b/vcore/src/vcore/CertificateVerifier.cpp index ffc0dcc..d683883 100644 --- a/vcore/src/vcore/CertificateVerifier.cpp +++ b/vcore/src/vcore/CertificateVerifier.cpp @@ -23,7 +23,7 @@ #include <dpl/assert.h> #include <dpl/foreach.h> -#include <dpl/log/log.h> +#include <dpl/log/wrt_log.h> namespace ValidationCore { @@ -35,7 +35,7 @@ CertificateVerifier::CertificateVerifier(bool enableOcsp, bool enableCrl) VerificationStatus CertificateVerifier::check( CertificateCollection &certCollection) const { - LogDebug("== Certificate collection validation start =="); + WrtLogD("== Certificate collection validation start =="); Assert(certCollection.isChain() && "Collection must form chain."); VerificationStatus statusOcsp; @@ -52,14 +52,14 @@ VerificationStatus CertificateVerifier::check( } else { statusCrl = VERIFICATION_STATUS_GOOD; } - LogDebug("== Certificate collection validation end =="); + WrtLogD("== Certificate collection validation end =="); return getStatus(statusOcsp, statusCrl); } VerificationStatus CertificateVerifier::obtainOcspStatus( const CertificateCollection &chain) const { - LogDebug("== Obtain ocsp status =="); + WrtLogD("== Obtain ocsp status =="); CachedOCSP ocsp; return ocsp.check(chain); } @@ -67,7 +67,7 @@ VerificationStatus CertificateVerifier::obtainOcspStatus( VerificationStatus CertificateVerifier::obtainCrlStatus( const CertificateCollection &chain) const { - LogDebug("== Obtain crl status =="); + WrtLogD("== Obtain crl status =="); CachedCRL crl; return crl.check(chain); } @@ -79,26 +79,26 @@ VerificationStatus CertificateVerifier::getStatus( if (ocsp == VERIFICATION_STATUS_REVOKED || crl == VERIFICATION_STATUS_REVOKED) { - LogDebug("Return status: REVOKED"); + WrtLogD("Return status: REVOKED"); return VERIFICATION_STATUS_REVOKED; } if (ocsp == VERIFICATION_STATUS_GOOD) { - LogDebug("Return status: GOOD"); + WrtLogD("Return status: GOOD"); return VERIFICATION_STATUS_GOOD; } if (ocsp == VERIFICATION_STATUS_UNKNOWN) { - LogDebug("Return status: UNKNOWN"); + WrtLogD("Return status: UNKNOWN"); return VERIFICATION_STATUS_UNKNOWN; } if (ocsp == VERIFICATION_STATUS_NOT_SUPPORT) { - LogDebug("Return status: NOT_SUPPORT"); + WrtLogD("Return status: NOT_SUPPORT"); return VERIFICATION_STATUS_GOOD; } - LogDebug("Return status: ERROR"); + WrtLogD("Return status: ERROR"); return VERIFICATION_STATUS_ERROR; } @@ -125,7 +125,7 @@ VerificationStatus CertificateVerifier::checkEndEntity( } else { statusCrl.add(VERIFICATION_STATUS_GOOD); } - LogDebug("== Certificate collection validateion end =="); + WrtLogD("== Certificate collection validateion end =="); return getStatus(statusOcsp.convertToStatus(), statusCrl.convertToStatus()); } diff --git a/vcore/src/vcore/Config.h b/vcore/src/vcore/Config.h index a810414..8dccbe0 100644 --- a/vcore/src/vcore/Config.h +++ b/vcore/src/vcore/Config.h @@ -65,7 +65,7 @@ private: std::string m_certificateXMLSchemaPath; }; -typedef DPL::Singleton<Config> ConfigSingleton; +typedef VcoreDPL::Singleton<Config> ConfigSingleton; } // namespace ValidationCore diff --git a/vcore/src/vcore/CryptoHash.cpp b/vcore/src/vcore/CryptoHash.cpp index 2827b16..7ec4869 100644 --- a/vcore/src/vcore/CryptoHash.cpp +++ b/vcore/src/vcore/CryptoHash.cpp @@ -37,42 +37,6 @@ namespace Hash namespace // anonymous { const size_t HASH_DIGEST_STREAM_FEED_SIZE = 1024; - -std::string Raw2Base64(const void *buffer, size_t bufferSize) -{ - BIO *bio64, *biomem; - - if ((bio64 = BIO_new(BIO_f_base64())) == NULL) - ThrowMsg(AppendFailed, "BIO_new(BIO_f_base64()) failed!"); - - if ((biomem = BIO_new(BIO_s_mem())) == NULL) - { - BIO_free_all(bio64); - ThrowMsg(AppendFailed, "BIO_new(BIO_s_mem()) failed!"); - } - - bio64 = BIO_push(bio64, biomem); - - if (BIO_write(bio64, buffer, static_cast<int>(bufferSize)) <= 0) - { - BIO_free_all(bio64); - ThrowMsg(AppendFailed, "BIO_write failed!"); - } - - if (BIO_flush(bio64) <= 0) - { - BIO_free_all(bio64); - ThrowMsg(AppendFailed, "BIO_flush failed!"); - } - - BUF_MEM *bioptr; - BIO_get_mem_ptr(bio64, &bioptr); - - std::string base64 = std::string(static_cast<const char *>(bioptr->data), static_cast<const char *>(bioptr->data + bioptr->length)); - - BIO_free_all(bio64); - return base64; -} } // namespace anonymous Base::Base() @@ -87,7 +51,8 @@ Base::~Base() void Base::Append(const char *buffer) { if (m_hasFinal) - ThrowMsg(OutOfSequence, "Cannot append hash after final update!"); + VcoreThrowMsg(Crypto::Hash::OutOfSequence, + "Cannot append hash after final update!"); HashUpdate(buffer, strlen(buffer)); } @@ -95,7 +60,8 @@ void Base::Append(const char *buffer) void Base::Append(const char *buffer, size_t bufferSize) { if (m_hasFinal) - ThrowMsg(OutOfSequence, "Cannot append hash after final update!"); + VcoreThrowMsg(Crypto::Hash::OutOfSequence, + "Cannot append hash after final update!"); HashUpdate(buffer, bufferSize); } @@ -103,7 +69,8 @@ void Base::Append(const char *buffer, size_t bufferSize) void Base::Append(const std::string &buffer) { if (m_hasFinal) - ThrowMsg(OutOfSequence, "Cannot append hash after final update!"); + VcoreThrowMsg(Crypto::Hash::OutOfSequence, + "Cannot append hash after final update!"); HashUpdate(buffer.c_str(), buffer.size()); } @@ -111,7 +78,8 @@ void Base::Append(const std::string &buffer) void Base::Append(std::istream &stream) { if (m_hasFinal) - ThrowMsg(OutOfSequence, "Cannot append hash after final update!"); + VcoreThrowMsg(Crypto::Hash::OutOfSequence, + "Cannot append hash after final update!"); char buffer[HASH_DIGEST_STREAM_FEED_SIZE]; @@ -128,7 +96,8 @@ void Base::Append(std::istream &stream) void Base::Append(const void *data, size_t dataSize) { if (m_hasFinal) - ThrowMsg(OutOfSequence, "Cannot append hash after final update!"); + VcoreThrowMsg(Crypto::Hash::OutOfSequence, + "Cannot append hash after final update!"); HashUpdate(data, dataSize); } @@ -167,7 +136,8 @@ OpenSSL::OpenSSL(const EVP_MD *evpMd) EVP_MD_CTX_init(&m_context); if (EVP_DigestInit(&m_context, evpMd) != 1) - ThrowMsg(AppendFailed, "EVP_DigestInit failed!"); + VcoreThrowMsg(Crypto::Hash::AppendFailed, + "EVP_DigestInit failed!"); } OpenSSL::~OpenSSL() @@ -183,23 +153,27 @@ OpenSSL::~OpenSSL() void OpenSSL::HashUpdate(const void *data, size_t dataSize) { if (m_finalized) - ThrowMsg(AppendFailed, "OpenSSLHash hash already finalized!"); + VcoreThrowMsg(Crypto::Hash::AppendFailed, + "OpenSSLHash hash already finalized!"); if (EVP_DigestUpdate(&m_context, data, dataSize) != 1) - ThrowMsg(AppendFailed, "EVP_DigestUpdate failed!"); + VcoreThrowMsg(Crypto::Hash::AppendFailed, + "EVP_DigestUpdate failed!"); } Hash::Raw OpenSSL::HashFinal() { if (m_finalized) - ThrowMsg(AppendFailed, "OpenSSLHash hash already finalized!"); + VcoreThrowMsg(Crypto::Hash::AppendFailed, + "OpenSSLHash hash already finalized!"); unsigned char hash[EVP_MAX_MD_SIZE] = {}; unsigned int hashLength; // Also cleans context if (EVP_DigestFinal(&m_context, hash, &hashLength) != 1) - ThrowMsg(AppendFailed, "EVP_DigestFinal failed!"); + VcoreThrowMsg(Crypto::Hash::AppendFailed, + "EVP_DigestFinal failed!"); m_finalized = true; return Raw(hash, hash + hashLength); diff --git a/vcore/src/vcore/CryptoHash.h b/vcore/src/vcore/CryptoHash.h index aaed9e0..5611daf 100644 --- a/vcore/src/vcore/CryptoHash.h +++ b/vcore/src/vcore/CryptoHash.h @@ -22,32 +22,23 @@ #ifndef _CRYPTO_HASH_H_ #define _CRYPTO_HASH_H_ -#include <dpl/exception.h> #include <openssl/evp.h> #include <istream> #include <string> #include <vector> +#include <vcore/exception.h> + namespace ValidationCore { namespace Crypto { namespace Hash { -/** - * Raw hash buffer - */ typedef std::vector<unsigned char> Raw; -/** - * Append called out of sequence - */ -DECLARE_EXCEPTION_TYPE(DPL::Exception, OutOfSequence) - -/** - * Append failed internally - */ -DECLARE_EXCEPTION_TYPE(DPL::Exception, AppendFailed) +VCORE_DECLARE_EXCEPTION_TYPE(ValidationCore::Exception, OutOfSequence) +VCORE_DECLARE_EXCEPTION_TYPE(ValidationCore::Exception, AppendFailed) class Base { diff --git a/vcore/src/vcore/Database.cpp b/vcore/src/vcore/Database.cpp index 5f03e45..839af32 100644 --- a/vcore/src/vcore/Database.cpp +++ b/vcore/src/vcore/Database.cpp @@ -20,5 +20,6 @@ * @brief This file contains the definition of webruntime database */ #include <vcore/Database.h> +#include <mutex> -DPL::Mutex g_vcoreDbQueriesMutex; +std::mutex g_vcoreDbQueriesMutex; diff --git a/vcore/src/vcore/Database.h b/vcore/src/vcore/Database.h index ca6efa2..f4a5d17 100644 --- a/vcore/src/vcore/Database.h +++ b/vcore/src/vcore/Database.h @@ -24,21 +24,21 @@ #include <dpl/db/thread_database_support.h> #include <dpl/db/sql_connection.h> -#include <dpl/mutex.h> #include <dpl/thread.h> +#include <mutex> -extern DPL::Mutex g_vcoreDbQueriesMutex; +extern std::mutex g_vcoreDbQueriesMutex; #define VCORE_DB_INTERNAL(tlsCommand, InternalType, interface) \ - static DPL::ThreadLocalVariable<InternalType> *tlsCommand ## Ptr = NULL; \ + static VcoreDPL::ThreadLocalVariable<InternalType> *tlsCommand ## Ptr = NULL; \ { \ - DPL::Mutex::ScopedLock lock(&g_vcoreDbQueriesMutex); \ + std::lock_guard<std::mutex> lock(g_vcoreDbQueriesMutex); \ if (!tlsCommand ## Ptr) { \ - static DPL::ThreadLocalVariable<InternalType> tmp; \ + static VcoreDPL::ThreadLocalVariable<InternalType> tmp; \ tlsCommand ## Ptr = &tmp; \ } \ } \ - DPL::ThreadLocalVariable<InternalType> &tlsCommand = *tlsCommand ## Ptr; \ + VcoreDPL::ThreadLocalVariable<InternalType> &tlsCommand = *tlsCommand ## Ptr; \ if (tlsCommand.IsNull()) { tlsCommand = InternalType(interface); } #define VCORE_DB_SELECT(name, type, interface) \ diff --git a/vcore/src/vcore/DeveloperModeValidator.cpp b/vcore/src/vcore/DeveloperModeValidator.cpp deleted file mode 100644 index a861728..0000000 --- a/vcore/src/vcore/DeveloperModeValidator.cpp +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file DeveloperModeValidator.cpp - * @author Bartosz Janiak (b.janiak@samsung.com) - * @version 1.0 - * @brief DeveloperModeValidatorValidator - implementing WAC 2.0 spec, including TargetRestriction - */ - -#include <vcore/DeveloperModeValidator.h> - -#include <algorithm> -#include <vconf.h> -#include <dpl/log/log.h> -#include <dpl/scoped_free.h> - -namespace ValidationCore { - -DeveloperModeValidator::DeveloperModeValidator(bool complianceMode, - const std::string& fakeIMEI, - const std::string& fakeMEID) : - m_complianceModeEnabled(complianceMode), - m_developerModeEnabled(true), - m_fakeIMEI(fakeIMEI), - m_fakeMEID(fakeMEID) -{ -} - -DeveloperModeValidator::DeveloperModeValidator(bool complianceMode, - bool developerMode, - const std::string& fakeIMEI, - const std::string& fakeMEID, - const std::string& realMEID) : - m_complianceModeEnabled(complianceMode), - m_developerModeEnabled(developerMode), - m_fakeIMEI(fakeIMEI), - m_fakeMEID(fakeMEID), - m_realMEID(realMEID) -{ -} - -void DeveloperModeValidator::check(const SignatureData &data) -{ - LogDebug("entered"); - const SignatureData::IMEIList& IMEIList = data.getIMEIList(); - const SignatureData::MEIDList& MEIDList = data.getMEIDList(); - - if (IMEIList.empty() && MEIDList.empty()) { - LogDebug("No TargetRestriction in signature."); - return; - } - - if (!m_developerModeEnabled) { - Throw(Exception::NoTargetRestrictionSatisfied); - } - - if (!IMEIList.empty()) { - std::string phoneIMEIString = m_fakeIMEI; - if (!m_complianceModeEnabled) { - LogDebug("Compilance Mode is not enabled"); - DPL::ScopedFree<char> phoneIMEI( - vconf_get_str(VCONFKEY_TELEPHONY_IMEI)); - if (!phoneIMEI.Get()) { - ThrowMsg(Exception::NoTargetRestrictionSatisfied, - "Unable to get phone IMEI from vconf."); - } - phoneIMEIString = phoneIMEI.Get(); - } - - LogDebug("Phone IMEI: " << phoneIMEIString); - if (IMEIList.end() == - std::find(IMEIList.begin(), IMEIList.end(), phoneIMEIString)) - { - Throw(Exception::NoTargetRestrictionSatisfied); - } - } - - if (!MEIDList.empty()) { - std::string phoneMEIDString = m_fakeMEID; - if (!m_complianceModeEnabled) - { - if (m_realMEID.empty()) - { - ThrowMsg(Exception::NoTargetRestrictionSatisfied, - "Unable to get phone MEID from Tapi service."); - } - phoneMEIDString = m_realMEID; - } - - LogDebug("Phone MEID: " << phoneMEIDString); - if (MEIDList.end() == - std::find(MEIDList.begin(), MEIDList.end(), phoneMEIDString)) - { - Throw(Exception::NoTargetRestrictionSatisfied); - } - } - LogDebug("exit: ok"); -} - -} //ValidationCore diff --git a/vcore/src/vcore/DeveloperModeValidator.h b/vcore/src/vcore/DeveloperModeValidator.h deleted file mode 100644 index a0c37ba..0000000 --- a/vcore/src/vcore/DeveloperModeValidator.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file DeveloperModeValidator.h - * @author Bartosz Janiak (b.janiak@samsung.com) - * @version 1.0 - * @brief DeveloperModeValidatorValidator - implementing WAC 2.0 spec, including TargetRestriction - */ -#ifndef _VALIDATION_CORE_DEVELOPER_MODE_VALIDATOR_H_ -#define _VALIDATION_CORE_DEVELOPER_MODE_VALIDATOR_H_ - -#include <string> -#include <dpl/exception.h> -#include <vcore/SignatureData.h> - -namespace ValidationCore { - -class DeveloperModeValidator -{ - public: - explicit DeveloperModeValidator( - bool complianceMode = false, - const std::string &fakeIMEI = "", - const std::string &fakeMEID = "") __attribute__((deprecated)); - - explicit DeveloperModeValidator(bool complianceMode = false, - bool developerMode = false, - const std::string &fakeIMEI = "", - const std::string &fakeMEID = "", - const std::string &realMEID = ""); - - class Exception - { - public: - DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) - DECLARE_EXCEPTION_TYPE(Base, UnableToLoadTestCertificate) - DECLARE_EXCEPTION_TYPE(Base, NoTargetRestrictionSatisfied) - }; - - void check(const SignatureData &data); - private: - bool m_complianceModeEnabled; - bool m_developerModeEnabled; - std::string m_fakeIMEI; - std::string m_fakeMEID; - std::string m_realMEID; -}; - -} -#endif /* _VALIDATION_CORE_DEVELOPER_MODE_VALIDATOR_H_ */ - diff --git a/vcore/src/vcore/OCSP.cpp b/vcore/src/vcore/OCSP.cpp index 26f81c3..1e94b17 100644 --- a/vcore/src/vcore/OCSP.cpp +++ b/vcore/src/vcore/OCSP.cpp @@ -24,11 +24,12 @@ namespace ValidationCore { -OCSP::OCSP() : - m_impl(new OCSPImpl()) +OCSP::OCSP() + : m_impl(new OCSPImpl()) {} -OCSP::~OCSP(){ +OCSP::~OCSP() +{ delete m_impl; } diff --git a/vcore/src/vcore/OCSP.h b/vcore/src/vcore/OCSP.h index 59c6969..76ac117 100644 --- a/vcore/src/vcore/OCSP.h +++ b/vcore/src/vcore/OCSP.h @@ -25,8 +25,6 @@ #include <ctime> -#include <dpl/noncopyable.h> - #include <vcore/Certificate.h> #include <vcore/CertificateCollection.h> #include <vcore/VerificationStatus.h> @@ -35,9 +33,12 @@ namespace ValidationCore { class OCSPImpl; -class OCSP : DPL::Noncopyable -{ +class OCSP { public: + + OCSP(const OCSP &) = delete; + const OCSP &operator=(const OCSP &) = delete; + OCSP(); VerificationStatus checkEndEntity(const CertificateCollection &certList); @@ -82,6 +83,7 @@ public: virtual ~OCSP(); private: OCSPImpl *m_impl; + }; } // namespace ValidationCore diff --git a/vcore/src/vcore/OCSPCertMgrUtil.cpp b/vcore/src/vcore/OCSPCertMgrUtil.cpp index 5db4290..019cd1f 100644 --- a/vcore/src/vcore/OCSPCertMgrUtil.cpp +++ b/vcore/src/vcore/OCSPCertMgrUtil.cpp @@ -27,7 +27,8 @@ #include <openssl/pem.h> #include <openssl/x509.h> -#include <dpl/log/log.h> +#include <dpl/assert.h> +#include <dpl/log/wrt_log.h> #include <dpl/scoped_resource.h> #include <string.h> #include <iostream> @@ -68,11 +69,11 @@ void getCertFromStore(X509_NAME *subject, X509 **xcert) { if (!xcert || *xcert || !subject) { - LogError("Invalid input!"); + WrtLogE("Invalid input!"); return; } - typedef DPL::ScopedResource<ContextDeleter> ScopedContext; + typedef VcoreDPL::ScopedResource<ContextDeleter> ScopedContext; int result; char buffer[MAX_BUF]; @@ -84,43 +85,43 @@ void getCertFromStore(X509_NAME *subject, ScopedContext ctx(cert_svc_cert_context_init()); if (ctx.Get() == NULL) { - LogWarning("Error in cert_svc_cert_context_init."); + WrtLogW("Error in cert_svc_cert_context_init."); return; } - LogDebug("Search certificate with subject: " << buffer); + WrtLogD("Search certificate with subject: %s", buffer); result = cert_svc_search_certificate(ctx.Get(), SUBJECT_STR, buffer); - LogDebug("Search finished!"); + WrtLogD("Search finished!"); if (CERT_SVC_ERR_NO_ERROR != result) { - LogWarning("Error during certificate search"); + WrtLogW("Error during certificate search"); return; } fileList = ctx.Get()->fileNames; if (fileList == NULL) { - LogDebug("No certificate found"); + WrtLogD("No certificate found"); return; } if (fileList->filename == NULL) { - LogWarning("Empty filename"); + WrtLogW("Empty filename"); return; } - LogDebug("Found cert file: " << fileList->filename); + WrtLogD("Found cert file: %s", fileList->filename); ScopedContext ctx2(cert_svc_cert_context_init()); if (ctx2.Get() == NULL) { - LogWarning("Error in cert_svc_cert_context_init."); + WrtLogW("Error in cert_svc_cert_context_init."); return; } // TODO add read_certifcate_from_file function to Certificate.h if (CERT_SVC_ERR_NO_ERROR != cert_svc_load_file_to_context(ctx2.Get(), fileList->filename)) { - LogWarning("Error in cert_svc_load_file_to_context"); + WrtLogW("Error in cert_svc_load_file_to_context"); return; } @@ -129,20 +130,18 @@ void getCertFromStore(X509_NAME *subject, pCertificate = d2i_X509(NULL, &ptr, ctx2.Get()->certBuf->size); if (pCertificate == NULL) { - LogWarning("Error during certificate conversion in d2i_X509"); + WrtLogW("Error during certificate conversion in d2i_X509"); return; } *xcert = pCertificate; if (fileList->next != NULL) { - LogError("There is more then one certificate with same subject :/"); + WrtLogE("There is more then one certificate with same subject :/"); // TODO Implement me. for (fileList = fileList->next; fileList != NULL; fileList = fileList->next) { - LogError( - "Additional certificate with same subject: " << - fileList->filename); + WrtLogE("Additional certificate with same subject: %s", fileList->filename); } } } diff --git a/vcore/src/vcore/OCSPImpl.cpp b/vcore/src/vcore/OCSPImpl.cpp index face891..98fc030 100644 --- a/vcore/src/vcore/OCSPImpl.cpp +++ b/vcore/src/vcore/OCSPImpl.cpp @@ -22,7 +22,6 @@ * @brief Routines for certificate validation over OCSP */ -#include <vcore/OCSP.h> #include <vcore/OCSPImpl.h> #include <string.h> @@ -32,11 +31,11 @@ #include <openssl/crypto.h> #include <openssl/err.h> #include <openssl/x509v3.h> +#include <boost/optional.hpp> -#include <dpl/log/log.h> +#include <dpl/log/wrt_log.h> #include <dpl/assert.h> #include <dpl/foreach.h> -#include <dpl/scoped_array.h> #include <dpl/scoped_free.h> #include <libsoup/soup.h> @@ -100,21 +99,19 @@ OCSPImpl::OCSPImpl() : m_bUseDefResponder(false), m_bSignRequest(false), m_pSignKey(0) -{ -} +{} SoupWrapper::SoupMessageSendBase::RequestStatus OCSPImpl::sendOcspRequest( OCSP_REQUEST* argRequest, - const DPL::OptionalString& argUri) + const std::string& argUri) { using namespace SoupWrapper; // convert OCSP_REQUEST to memory buffer - std::string url = DPL::ToUTF8String(*argUri); char* requestBuffer; int requestSizeInt; if (!convertToBuffer(argRequest, &requestBuffer, &requestSizeInt)) { - ThrowMsg(Exception::VerificationError, - "OCSP: failed to convert OCSP_REQUEST to mem buffer"); + VcoreThrowMsg(OCSPImpl::Exception::VerificationError, + "OCSP: failed to convert OCSP_REQUEST to mem buffer"); } Assert(requestSizeInt >= 0); @@ -127,13 +124,13 @@ SoupWrapper::SoupMessageSendBase::RequestStatus OCSPImpl::sendOcspRequest( char *cport = 0,*chost = 0,*cpath = 0; int use_ssl = 0; - if (!OCSP_parse_url(const_cast<char*>(url.c_str()), + if (!OCSP_parse_url(const_cast<char*>(argUri.c_str()), &chost, &cport, &cpath, &use_ssl)) { - LogWarning("Error in OCSP_parse_url"); + WrtLogW("Error in OCSP_parse_url"); return SoupMessageSendBase::REQUEST_STATUS_CONNECTION_ERROR; } @@ -148,7 +145,7 @@ SoupWrapper::SoupMessageSendBase::RequestStatus OCSPImpl::sendOcspRequest( free(chost); free(cpath); - m_soupMessage.setHost(url); + m_soupMessage.setHost(argUri); m_soupMessage.setHeader("Host", host); m_soupMessage.setRequest(std::string("application/ocsp-request"), buffer); @@ -163,9 +160,8 @@ ValidationCore::VerificationStatusSet OCSPImpl::validateCertificateList( if (certs.size() < 2) { // no certificates to verify, just return a error - LogWarning("No validation will be proceed. OCSP require at" - " least 2 certificates in chain. Found only " << - certs.size()); + WrtLogW("No validation will be proceed. OCSP require at" + " least 2 certificates in chain. Found only %d", certs.size()); statusSet.add(VERIFICATION_STATUS_ERROR); return statusSet; } @@ -173,7 +169,7 @@ ValidationCore::VerificationStatusSet OCSPImpl::validateCertificateList( CertificatePtr root = certs.back(); CertStoreId::Set storedSetId = createCertificateIdentifier().find(root); char* ocspUrl = storedSetId.getOcspUrl(); - + if (ocspUrl != NULL) { setUseDefaultResponder(true); @@ -185,10 +181,8 @@ ValidationCore::VerificationStatusSet OCSPImpl::validateCertificateList( time_t minValidity = 0; for (++parent; parent != certs.end(); ++iter, ++parent) { - LogDebug("Certificate validation (CN:" << - (*iter)->getOneLine() << ")"); - LogDebug("Parent certificate (CN:" << - (*parent)->getOneLine() << ")"); + WrtLogD("Certificate validation (CN:%s)", (*iter)->getOneLine().c_str()); + WrtLogD("Parent certificate (CN:%s)", (*parent)->getOneLine().c_str()); statusSet.add(validateCertificate(*iter, *parent)); if ((0 == minValidity || minValidity > m_responseValidity) && m_responseValidity > 0) @@ -227,20 +221,20 @@ VerificationStatus OCSPImpl::validateCertificate(CertificatePtr argCert, Assert(!!argCert); Assert(!!argIssuer); - Try { - DPL::OptionalString uri; + VcoreTry { + std::string uri; if (!m_bUseDefResponder) { uri = argCert->getOCSPURL(); - if (!uri) { + if (uri.empty()) { return VERIFICATION_STATUS_NOT_SUPPORT; } } else { if (m_strResponderURI.empty()) { - ThrowMsg(Exception::VerificationError, - "Default responder is not set"); + VcoreThrowMsg(OCSPImpl::Exception::VerificationError, + "Default responder is not set"); } - LogWarning("Default responder will be used"); + WrtLogW("Default responder will be used"); uri = m_strResponderURI; } @@ -248,7 +242,7 @@ VerificationStatus OCSPImpl::validateCertificate(CertificatePtr argCert, // creates a request CreateRequestResult newRequest = createRequest(argCert, argIssuer); if (!newRequest.success) { - ThrowMsg(Exception::VerificationError, "Request creation failed"); + VcoreThrowMsg(OCSPImpl::Exception::VerificationError, "Request creation failed"); } // SSLSmartContainer <OCSP_CERTID> certIdCont(certId); @@ -267,8 +261,8 @@ VerificationStatus OCSPImpl::validateCertificate(CertificatePtr argCert, OcspResponse response = convertToResponse(); if (!response.first) { - ThrowMsg(OCSPImpl::Exception::VerificationError, - "OCSP: failed to convert mem buffer to OCSP_RESPONSE"); + VcoreThrowMsg(OCSPImpl::Exception::VerificationError, + "OCSP: failed to convert mem buffer to OCSP_RESPONSE"); } SSLSmartContainer <OCSP_RESPONSE> responseCont(response.second); @@ -277,33 +271,49 @@ VerificationStatus OCSPImpl::validateCertificate(CertificatePtr argCert, validateResponse(requestCont, responseCont, newRequest.ocspCertId); - } Catch(Exception::ConnectionError) { - LogWarning("OCSP: ConnectionError"); + } VcoreCatch(OCSPImpl::Exception::ConnectionError) { + WrtLogW("OCSP: ConnectionError"); return VERIFICATION_STATUS_CONNECTION_FAILED; - } Catch(Exception::CertificateRevoked) { - LogWarning("OCSP: Revoked"); + } VcoreCatch(OCSPImpl::Exception::CertificateRevoked) { + WrtLogW("OCSP: Revoked"); return VERIFICATION_STATUS_REVOKED; - } Catch(Exception::CertificateUnknown) { - LogWarning("OCSP: Unknown"); + } VcoreCatch(OCSPImpl::Exception::CertificateUnknown) { + WrtLogW("OCSP: Unknown"); return VERIFICATION_STATUS_UNKNOWN; - } Catch(Exception::VerificationError) { - LogWarning("OCSP: Verification error"); + } VcoreCatch(OCSPImpl::Exception::VerificationError) { + WrtLogW("OCSP: Verification error"); return VERIFICATION_STATUS_VERIFICATION_ERROR; - } Catch(Exception::Base) { - LogWarning("OCSP: Error"); + } VcoreCatch(OCSPImpl::Exception::Base) { + WrtLogW("OCSP: Error"); return VERIFICATION_STATUS_ERROR; } - LogWarning("OCSP: Good"); + WrtLogW("OCSP: Good"); return VERIFICATION_STATUS_GOOD; } +void OCSPImpl::setDefaultResponder(const char *uri) +{ + Assert(uri); + m_strResponderURI = std::string(uri); +} + +void OCSPImpl::setUseDefaultResponder(bool value) +{ + m_bUseDefResponder = value; +} + +time_t OCSPImpl::getResponseValidity() +{ + return m_responseValidity; +} + OCSPImpl::CreateRequestResult OCSPImpl::createRequest(CertificatePtr argCert, CertificatePtr argIssuer) { OCSP_REQUEST* newRequest = OCSP_REQUEST_new(); if (!newRequest) { - LogWarning("OCSP: Failed to create a request"); + WrtLogW("OCSP: Failed to create a request"); return CreateRequestResult(); } @@ -312,14 +322,14 @@ OCSPImpl::CreateRequestResult OCSPImpl::createRequest(CertificatePtr argCert, OCSP_CERTID* certId = addSerial(argCert, argIssuer); if (!certId) { - LogWarning("OCSP: Unable to create a serial id"); + WrtLogW("OCSP: Unable to create a serial id"); return CreateRequestResult(); } SSLSmartContainer <OCSP_CERTID> certIdCont(certId); // Inserting certificate ID to request if (!OCSP_request_add0_id(requestCont, certIdCont)) { - LogWarning("OCSP: Unable to create a certificate id"); + WrtLogW("OCSP: Unable to create a certificate id"); return CreateRequestResult(); } @@ -329,7 +339,7 @@ OCSPImpl::CreateRequestResult OCSPImpl::createRequest(CertificatePtr argCert, if (m_bSignRequest) { if (!m_pSignCert || !m_pSignKey) { - LogWarning("OCSP: Unable to sign request if " + WrtLogW("OCSP: Unable to sign request if " "SignCert or SignKey was not set"); return CreateRequestResult(); } @@ -341,7 +351,7 @@ OCSPImpl::CreateRequestResult OCSPImpl::createRequest(CertificatePtr argCert, 0, 0)) { - LogWarning("OCSP: Unable to sign request"); + WrtLogW("OCSP: Unable to sign request"); return CreateRequestResult(); } } @@ -367,7 +377,7 @@ void OCSPImpl::setDigestAlgorithmForCertId(OCSP::DigestAlgorithm alg) if (NULL != foundAlg) { m_pCertIdDigestAlg = foundAlg; } else { - LogDebug("Request for unsupported CertId digest algorithm" + WrtLogD("Request for unsupported CertId digest algorithm" "ignored!"); } } @@ -379,7 +389,7 @@ void OCSPImpl::setDigestAlgorithmForRequest(OCSP::DigestAlgorithm alg) if (NULL != foundAlg) { m_pRequestDigestAlg = foundAlg; } else { - LogDebug("Request for unsupported OCSP request digest algorithm" + WrtLogD("Request for unsupported OCSP request digest algorithm" "ignored!"); } } @@ -402,24 +412,24 @@ void OCSPImpl::validateResponse(OCSP_REQUEST* argRequest, if (result != OCSP_RESPONSE_STATUS_SUCCESSFUL) { handleInvalidResponse(result); - ThrowMsg(Exception::VerificationError, "OCSP_response_status failed"); + VcoreThrowMsg(OCSPImpl::Exception::VerificationError, "OCSP_response_status failed"); } // get response object OCSP_BASICRESP* basic = OCSP_response_get1_basic(argResponse); if (!basic) { - ThrowMsg(Exception::VerificationError, - "OCSP: Unable to get a BASICRESP object."); + VcoreThrowMsg(OCSPImpl::Exception::VerificationError, + "OCSP: Unable to get a BASICRESP object."); } SSLSmartContainer <OCSP_BASICRESP> basicRespCont(basic); if (m_bUseNonce && OCSP_check_nonce(argRequest, basicRespCont) <= 0) { - ThrowMsg(Exception::VerificationError, "OCSP: Invalid nonce"); + VcoreThrowMsg(OCSPImpl::Exception::VerificationError, "OCSP: Invalid nonce"); } if (!verifyResponse(basic)) { - ThrowMsg(Exception::VerificationError, - "Unable to verify the OCSP responder's certificate"); + VcoreThrowMsg(OCSPImpl::Exception::VerificationError, + "Unable to verify the OCSP responder's certificate"); } checkRevocationStatus(basicRespCont, argCertId); @@ -431,7 +441,7 @@ bool OCSPImpl::verifyResponse(OCSP_BASICRESP* basic) // verify ocsp response int response = OCSP_basic_verify(basic, NULL, m_pTrustedStore, 0); if (response <= 0) { - LogWarning("OCSP verification failed"); + WrtLogW("OCSP verification failed"); } return response > 0; @@ -456,8 +466,8 @@ void OCSPImpl::checkRevocationStatus(OCSP_BASICRESP* basic, &thisUpdate, &nextUpdate)) { - ThrowMsg(Exception::VerificationError, - "OCSP: Failed to find certificate status."); + VcoreThrowMsg(OCSPImpl::Exception::VerificationError, + "OCSP: Failed to find certificate status."); } if (!OCSP_check_validity(thisUpdate, @@ -465,27 +475,26 @@ void OCSPImpl::checkRevocationStatus(OCSP_BASICRESP* basic, MaxValidatyPeriodInSeconds, MaxAge)) { - ThrowMsg(Exception::VerificationError, - "OCSP: Failed to check certificate validate."); + VcoreThrowMsg(OCSPImpl::Exception::VerificationError, + "OCSP: Failed to check certificate validate."); } if (nextUpdate) { asn1GeneralizedTimeToTimeT(nextUpdate,&m_responseValidity); time_t now; time(&now); - LogDebug("Time of next OCSP update got from server: " << - m_responseValidity); - LogDebug("Expires in: " << (m_responseValidity - now)); - LogDebug("Original: " << nextUpdate->data); + WrtLogD("Time of next OCSP update got from server: %d", m_responseValidity); + WrtLogD("Expires in: %d", (m_responseValidity - now)); + WrtLogD("Original: %d", nextUpdate->data); } switch (status) { case V_OCSP_CERTSTATUS_GOOD: return; case V_OCSP_CERTSTATUS_REVOKED: - ThrowMsg(Exception::CertificateRevoked, "Certificate is Revoked"); + VcoreThrowMsg(OCSPImpl::Exception::CertificateRevoked, "Certificate is Revoked"); case V_OCSP_CERTSTATUS_UNKNOWN: - ThrowMsg(Exception::CertificateUnknown, "Certificate is Unknown"); + VcoreThrowMsg(OCSPImpl::Exception::CertificateUnknown, "Certificate is Unknown"); default: Assert(false && "Invalid status"); } @@ -512,7 +521,7 @@ OCSPImpl::OcspResponse OCSPImpl::convertToResponse() BIO_free_all(res_mem_bio); if (!response) { - LogWarning("OCSP: Failed to convert OCSP Response to DER format"); + WrtLogW("OCSP: Failed to convert OCSP Response to DER format"); return std::make_pair(false, static_cast<OCSP_RESPONSE*>(NULL)); } @@ -523,23 +532,23 @@ void OCSPImpl::handleInvalidResponse(int result) { switch (result) { case OCSP_RESPONSE_STATUS_MALFORMEDREQUEST: - LogWarning("OCSP: Server returns " + WrtLogW("OCSP: Server returns " "OCSP_RESPONSE_STATUS_MALFORMEDREQUEST status"); break; case OCSP_RESPONSE_STATUS_INTERNALERROR: - LogWarning("OCSP: Server returns " + WrtLogW("OCSP: Server returns " "OCSP_RESPONSE_STATUS_INTERNALERROR status"); break; case OCSP_RESPONSE_STATUS_TRYLATER: - LogWarning("OCSP: Server returns " + WrtLogW("OCSP: Server returns " "OCSP_RESPONSE_STATUS_TRYLATER status"); break; case OCSP_RESPONSE_STATUS_SIGREQUIRED: - LogWarning("OCSP: Server returns " + WrtLogW("OCSP: Server returns " "OCSP_RESPONSE_STATUS_SIGREQUIRED status"); break; case OCSP_RESPONSE_STATUS_UNAUTHORIZED: - LogWarning("OCSP: Server returns " + WrtLogW("OCSP: Server returns " "OCSP_RESPONSE_STATUS_UNAUTHORIZED status"); break; default: diff --git a/vcore/src/vcore/OCSPImpl.h b/vcore/src/vcore/OCSPImpl.h index 11cd647..00f568f 100644 --- a/vcore/src/vcore/OCSPImpl.h +++ b/vcore/src/vcore/OCSPImpl.h @@ -36,9 +36,6 @@ #include <openssl/ocsp.h> #include <libsoup/soup.h> -#include <dpl/assert.h> -#include <dpl/exception.h> - #include <vcore/scoped_gpointer.h> #include <vcore/OCSPCertMgrUtil.h> #include <vcore/CertificateCollection.h> @@ -48,6 +45,7 @@ #include <vcore/SoupMessageSendBase.h> #include <vcore/SoupMessageSendSync.h> #include <vcore/TimeConversion.h> +#include <vcore/exception.h> /* * The WRT MUST NOT allow installation of widgets with revoked signatures. * @@ -82,13 +80,13 @@ namespace ValidationCore { -class OCSPImpl -{ - public: +class OCSPImpl { +public: + OCSPImpl(); + static const char* DEFAULT_RESPONDER_URI_ENV; VerificationStatus checkEndEntity(const CertificateCollection &certList); - OCSPImpl(); /** * Sets digest algorithm for certid in ocsp request @@ -107,28 +105,28 @@ class OCSPImpl VerificationStatus validateCertificate(CertificatePtr argCert, CertificatePtr argIssuer); - void setDefaultResponder(const char* uri) - { - Assert(uri); - m_strResponderURI = DPL::FromUTF8String(uri); - } + void setDefaultResponder(const char* uri); - void setUseDefaultResponder(bool value) - { - m_bUseDefResponder = value; - } + void setUseDefaultResponder(bool value); /** * @return time when response will become invalid - for list of * certificates, this is the minimum of all validities; value is * valid only for not-revoked certificates (non error validation result) */ - time_t getResponseValidity() - { - return m_responseValidity; - } - - private: + time_t getResponseValidity(); + +private: + class Exception { + public: + VCORE_DECLARE_EXCEPTION_TYPE(ValidationCore::Exception, Base) + VCORE_DECLARE_EXCEPTION_TYPE(Base, ConnectionError) + VCORE_DECLARE_EXCEPTION_TYPE(Base, CertificateRevoked) + VCORE_DECLARE_EXCEPTION_TYPE(Base, CertificateUnknown) + VCORE_DECLARE_EXCEPTION_TYPE(Base, VerificationError) + VCORE_DECLARE_EXCEPTION_TYPE(Base, RetrieveCertFromStoreError) + VCORE_DECLARE_EXCEPTION_TYPE(Base, VerificationNotSupport) + }; typedef WRT::ScopedGPointer<SoupSession> ScopedSoupSession; typedef WRT::ScopedGPointer<SoupMessage> ScopedSoupMessage; @@ -146,18 +144,6 @@ class OCSPImpl char** responseBuffer, size_t* responseSize); - class Exception - { - public: - DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) - DECLARE_EXCEPTION_TYPE(Base, ConnectionError) - DECLARE_EXCEPTION_TYPE(Base, CertificateRevoked) - DECLARE_EXCEPTION_TYPE(Base, CertificateUnknown) - DECLARE_EXCEPTION_TYPE(Base, VerificationError) - DECLARE_EXCEPTION_TYPE(Base, RetrieveCertFromStoreError) - DECLARE_EXCEPTION_TYPE(Base, VerificationNotSupport) - }; - const EVP_MD* m_pCertIdDigestAlg; const EVP_MD* m_pRequestDigestAlg; @@ -165,7 +151,7 @@ class OCSPImpl SoupWrapper::SoupMessageSendBase::RequestStatus sendOcspRequest( OCSP_REQUEST* argRequest, - const DPL::String& argUri); + const std::string& argUri); @@ -220,7 +206,7 @@ class OCSPImpl time_t m_responseValidity; bool m_bUseNonce; bool m_bUseDefResponder; - DPL::String m_strResponderURI; + std::string m_strResponderURI; bool m_bSignRequest; EVP_PKEY* m_pSignKey; CertificatePtr m_pSignCert; diff --git a/vcore/src/vcore/ParserSchema.h b/vcore/src/vcore/ParserSchema.h index ed9eb68..8e7b507 100644 --- a/vcore/src/vcore/ParserSchema.h +++ b/vcore/src/vcore/ParserSchema.h @@ -25,25 +25,23 @@ #include <map> #include <string> -#include <dpl/log/log.h> - #include <vcore/SaxReader.h> +#include <vcore/exception.h> namespace ValidationCore { namespace ParserSchemaException { -DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) -DECLARE_EXCEPTION_TYPE(Base, XmlReaderError) -DECLARE_EXCEPTION_TYPE(Base, CertificateLoaderError) -DECLARE_EXCEPTION_TYPE(Base, UnsupportedAlgorithm) -DECLARE_EXCEPTION_TYPE(Base, UnsupportedValue) + VCORE_DECLARE_EXCEPTION_TYPE(ValidationCore::Exception, Base); + VCORE_DECLARE_EXCEPTION_TYPE(Base, XmlReaderError); + VCORE_DECLARE_EXCEPTION_TYPE(Base, CertificateLoaderError); + VCORE_DECLARE_EXCEPTION_TYPE(Base, UnsupportedAlgorithm); + VCORE_DECLARE_EXCEPTION_TYPE(Base, UnsupportedValue); } template<typename ParserType, typename DataType> -class ParserSchema -{ - public: - struct TagDescription - { +class ParserSchema { +public: + + struct TagDescription { TagDescription(const std::string &tag, const std::string & xmlNamespace) : tagName(tag), @@ -69,27 +67,25 @@ class ParserSchema } }; - ParserSchema(ParserType * parser) : - m_functions(parser) - { - } - virtual ~ParserSchema() - { - } + ParserSchema(ParserType *parser) + : m_functions(parser) {} + + virtual ~ParserSchema() {} - void initialize(const std::string &filename, + void initialize( + const std::string &filename, bool defaultArgs, SaxReader::ValidationType valType, const std::string &xmlschema) { - Try + VcoreTry { m_reader.initialize(filename, defaultArgs, valType, xmlschema); } - Catch(SaxReader::Exception::Base) + VcoreCatch (SaxReader::Exception::Base) { - ReThrowMsg(ParserSchemaException::XmlReaderError, "XmlReaderError"); + VcoreReThrowMsg(ParserSchemaException::XmlReaderError, "XmlReaderError"); } } @@ -100,7 +96,8 @@ class ParserSchema void read(DataType &dataContainer) { - Try { + VcoreTry + { while (m_reader.next()) { switch (m_reader.type()) { case SaxReader::NODE_BEGIN: @@ -113,21 +110,21 @@ class ParserSchema textNode(dataContainer); break; default: - // LogInfo("Unknown Type Node"); break; } } } - Catch(SaxReader::Exception::Base) + VcoreCatch (SaxReader::Exception::Base) { - ReThrowMsg(ParserSchemaException::XmlReaderError, "XmlReaderError"); + VcoreReThrowMsg(ParserSchemaException::XmlReaderError, "XmlReaderError"); } } typedef void (ParserType::*FunctionPtr)(DataType &data); typedef std::map<TagDescription, FunctionPtr> FunctionMap; - void addBeginTagCallback(const std::string &tag, + void addBeginTagCallback( + const std::string &tag, const std::string &namespaceUri, FunctionPtr function) { @@ -135,7 +132,8 @@ class ParserSchema m_beginFunctionMap[desc] = function; } - void addEndTagCallback(const std::string &tag, + void addEndTagCallback( + const std::string &tag, const std::string &namespaceUri, FunctionPtr function) { @@ -143,24 +141,23 @@ class ParserSchema m_endFunctionMap[desc] = function; } - SaxReader& getReader(void) + SaxReader& getReader() { return m_reader; } - std::string& getText(void) + std::string& getText() { return m_textNode; } - protected: +protected: void beginNode(DataType &dataContainer) { TagDescription desc(m_reader.name(), m_reader.namespaceURI()); FunctionPtr fun = m_beginFunctionMap[desc]; if (fun == 0) { - LogDebug("No function found for xml tag: " << m_reader.name()); return; } @@ -173,7 +170,6 @@ class ParserSchema FunctionPtr fun = m_endFunctionMap[desc]; if (fun == 0) { - LogDebug("No function found for xml tag: " << m_reader.name()); return; } @@ -187,7 +183,6 @@ class ParserSchema } ParserType *m_functions; - SaxReader m_reader; FunctionMap m_beginFunctionMap; FunctionMap m_endFunctionMap; @@ -195,5 +190,6 @@ class ParserSchema // temporary values require due parsing textNode std::string m_textNode; }; + } // namespace ValidationCore #endif diff --git a/vcore/src/vcore/ReferenceValidator.cpp b/vcore/src/vcore/ReferenceValidator.cpp index e99436c..188a24e 100644 --- a/vcore/src/vcore/ReferenceValidator.cpp +++ b/vcore/src/vcore/ReferenceValidator.cpp @@ -29,7 +29,7 @@ #include <pcrecpp.h> #include <dpl/errno_string.h> -#include <dpl/log/log.h> +#include <dpl/log/wrt_log.h> namespace { @@ -97,7 +97,7 @@ int ReferenceValidator::Impl::hexToInt(char a) { if (a >= '0' && a <= '9') return a-'0'; if (a >= 'A' && a <= 'F') return a-'A' + 10; if (a >= 'a' && a <= 'f') return a-'a' + 10; - LogError("Symbol '" << a << "' is out of scope."); + WrtLogE("Symbol '%c' is out of scope.", a); throw ERROR_DECODING_URL; } @@ -125,7 +125,7 @@ std::string ReferenceValidator::Impl::decodeProcent(const std::string &path) { } } } catch (Result &) { - LogError("Error while decoding url path: " << path); + WrtLogE("Error while decoding url path: %s", path.c_str()); throw ERROR_DECODING_URL; } return std::string(output.begin(), output.end()); @@ -138,14 +138,10 @@ ReferenceValidator::Result ReferenceValidator::Impl::dfsCheckDirectories( { DIR *dp; struct dirent *dirp; - std::string currentDir = m_dirpath; - if (!directory.empty()) { - currentDir += "/"; - currentDir += directory; - } + std::string currentDir = m_dirpath + directory; if ((dp = opendir(currentDir.c_str())) == NULL) { - LogError("Error opening directory: " << currentDir.c_str()); + WrtLogE("Error opening directory: %s", currentDir.c_str()); m_errorDescription = currentDir; return ERROR_OPENING_DIR; } @@ -172,7 +168,7 @@ ReferenceValidator::Result ReferenceValidator::Impl::dfsCheckDirectories( } if (dirp->d_type == DT_DIR) { - LogDebug("Open directory: " << (directory + dirp->d_name)); + WrtLogD("Open directory: %s", (directory + dirp->d_name).c_str()); std::string tmp_directory = directory + dirp->d_name + "/"; Result result = dfsCheckDirectories(referenceSet, tmp_directory, @@ -185,14 +181,14 @@ ReferenceValidator::Result ReferenceValidator::Impl::dfsCheckDirectories( if (referenceSet.end() == referenceSet.find(directory + dirp->d_name)) { - LogDebug("Found file: " << (directory + dirp->d_name)); - LogError("Unknown ERROR_REFERENCE_NOT_FOUND."); + WrtLogD("Found file: %s", (directory + dirp->d_name).c_str()); + WrtLogE("Unknown ERROR_REFERENCE_NOT_FOUND."); closedir(dp); m_errorDescription = directory + dirp->d_name; return ERROR_REFERENCE_NOT_FOUND; } } else { - LogError("Unknown file type."); + WrtLogE("Unknown file type."); closedir(dp); m_errorDescription = directory + dirp->d_name; return ERROR_UNSUPPORTED_FILE_TYPE; @@ -200,9 +196,8 @@ ReferenceValidator::Result ReferenceValidator::Impl::dfsCheckDirectories( } if (errno != 0) { - m_errorDescription = DPL::GetErrnoString(); - LogError("readdir failed. Errno code: " << errno << - " Description: " << m_errorDescription); + m_errorDescription = VcoreDPL::GetErrnoString(); + WrtLogE("readdir failed. Errno code: %d, Description: ", errno, m_errorDescription.c_str()); closedir(dp); return ERROR_READING_DIR; } diff --git a/vcore/src/vcore/ReferenceValidator.h b/vcore/src/vcore/ReferenceValidator.h index d7d964f..b370773 100644 --- a/vcore/src/vcore/ReferenceValidator.h +++ b/vcore/src/vcore/ReferenceValidator.h @@ -28,7 +28,7 @@ namespace ValidationCore { -class ReferenceValidator : DPL::Noncopyable +class ReferenceValidator : VcoreDPL::Noncopyable { public: enum Result diff --git a/vcore/src/vcore/RevocationCheckerBase.cpp b/vcore/src/vcore/RevocationCheckerBase.cpp index 8aa1d62..777da78 100644 --- a/vcore/src/vcore/RevocationCheckerBase.cpp +++ b/vcore/src/vcore/RevocationCheckerBase.cpp @@ -28,19 +28,17 @@ #include <dpl/scoped_fclose.h> -#include <tzplatform_config.h> - #include "Certificate.h" #include "CertificateCollection.h" namespace { -const char *DefaultBundlePatch = tzplatform_mkpath(TZ_SYS_ETC, "ssl/certs/ca-certificates.crt"); +const char DefaultBundlePatch[] = "/opt/etc/ssl/certs/ca-certificates.crt"; } //Anonymous name space namespace ValidationCore { CertificatePtr RevocationCheckerBase::loadPEMFile(const char* fileName) { - DPL::ScopedFClose fd(fopen(fileName, "rb")); + VcoreDPL::ScopedFClose fd(fopen(fileName, "rb")); // no such file, return NULL if (!fd.Get()) { diff --git a/vcore/src/vcore/SaxReader.cpp b/vcore/src/vcore/SaxReader.cpp index 1a0261b..5c49ece 100644 --- a/vcore/src/vcore/SaxReader.cpp +++ b/vcore/src/vcore/SaxReader.cpp @@ -20,12 +20,13 @@ * @brief Simple c++ interface for libxml2. */ #include <dpl/assert.h> -#include <dpl/exception.h> -#include <dpl/log/log.h> +#include <dpl/log/wrt_log.h> #include <vcore/SaxReader.h> namespace ValidationCore { + + SaxReader::SaxReader() : m_reader(0) { @@ -38,54 +39,49 @@ SaxReader::~SaxReader() } } -void SaxReader::initialize(const std::string &filename, - bool defaultArgs, - ValidationType validate, - const std::string &schema) +void SaxReader::initialize( + const std::string &filename, + bool defaultArgs, + ValidationType validate, + const std::string &schema) { Assert(m_reader == 0 && "Double initialization of SaxReader"); - LogDebug("SaxReader opening file: " << filename); + WrtLogD("SaxReader opening file: %s", filename.c_str()); - /* - * create a new xml text reader - */ m_reader = xmlNewTextReaderFilename(filename.c_str()); - if (m_reader == NULL) { - /* - * no such file, return - */ - LogWarning("Error during opening file " << filename); - Throw(Exception::FileOpeningError); + if (!m_reader) { + VcoreThrowMsg(SaxReader::Exception::FileOpeningError, + "opening file " << filename << " error"); } + if (validate == VALIDATION_XMLSCHEME && xmlTextReaderSchemaValidate(m_reader, schema.c_str())) { /* * unable to turn on schema validation */ - LogError("Turn on Schema validation failed."); - ThrowMsg(Exception::ParserInternalError, - "Turn on Scheme validation failed!"); + VcoreThrowMsg(SaxReader::Exception::ParserInternalError, + "Turn on Schema validation failed"); } + // Path to DTD schema is taken from xml file. if (validate == VALIDATION_DTD && xmlTextReaderSetParserProp(m_reader, XML_PARSER_VALIDATE, 1)) { /* * unable to turn on DTD validation */ - LogError("Turn on DTD validation failed!"); - ThrowMsg(Exception::ParserInternalError, - "Turn on DTD validation failed!"); + VcoreThrowMsg(SaxReader::Exception::ParserInternalError, + "Turn on DTD validation failed!"); } + if (defaultArgs && xmlTextReaderSetParserProp(m_reader, XML_PARSER_DEFAULTATTRS, 1)) { /* * unable to turn on default arguments */ - LogError("Turn on default arguments failed"); - ThrowMsg(Exception::ParserInternalError, - "Turn on Default Arguments failed!"); + VcoreThrowMsg(SaxReader::Exception::ParserInternalError, + "Turn on default arguments failed"); } } @@ -99,149 +95,117 @@ bool SaxReader::next() { int res = xmlTextReaderRead(m_reader); - if (0 == xmlTextReaderIsValid(m_reader)) { - LogWarning("Throw exception file not valid!"); - Throw(Exception::FileNotValid); - } + if (res < 0) + VcoreThrowMsg(SaxReader::Exception::ParserInternalError, + "xmlTextReaderRead error"); - if (res == 1) { - return true; - } + if (!xmlTextReaderIsValid(m_reader)) + VcoreThrowMsg(SaxReader::Exception::FileNotValid, + "xmlTextReader is invalid"); - if (res == 0) { - return false; - } - LogError("ParserInternalError"); - Throw(Exception::ParserInternalError); + return res ? true : false; } void SaxReader::next(const std::string &token) { - xmlTextReaderRead(m_reader); - if (0 == xmlTextReaderIsValid(m_reader)) { - /* - * invalid file - */ - LogWarning("Throw exception file not valid!"); - Throw(Exception::FileNotValid); - } + int res = xmlTextReaderRead(m_reader); + + if (res < 0) + VcoreThrowMsg(SaxReader::Exception::ParserInternalError, + "xmlTextReaderRead error"); + + if (!xmlTextReaderIsValid(m_reader)) + VcoreThrowMsg(SaxReader::Exception::FileNotValid, + "xmlTextReader is invalid"); xmlChar *name = xmlTextReaderName(m_reader); - if (name == NULL) { - /* - * invalid file - */ - LogWarning("File not Valid"); - Throw(Exception::FileNotValid); - } + if (!name) + VcoreThrowMsg(SaxReader::Exception::ParserInternalError, + "xmlTextReaderName returns NULL"); - if (token == reinterpret_cast<const char*>(name)) { - xmlFree(name); - } else { - /* - * we encountered wrong token - */ + xmlChar *xmlToken = xmlCharStrdup(token.c_str()); + + if (xmlStrcmp(name, xmlToken)) { xmlFree(name); - LogWarning("Wrong Token"); - Throw(Exception::WrongToken); + xmlFree(xmlToken); + + VcoreThrowMsg(SaxReader::Exception::WrongToken, "Wrong Token"); } + + xmlFree(name); + xmlFree(xmlToken); } bool SaxReader::isEmpty(void) { int ret = xmlTextReaderIsEmptyElement(m_reader); - if (-1 == ret) { - LogError("Parser Internal Error"); - Throw(Exception::ParserInternalErrorInEmptyQuery); - } - return ret; + if (-1 == ret) + VcoreThrowMsg(SaxReader::Exception::ParserInternalError, + "xmlTextReaderIsEmptyElement error"); + + return ret ? true : false; } -std::string SaxReader::attribute(const std::string &token, - ThrowType throwStatus) +std::string SaxReader::attribute(const std::string &token, ThrowType throwStatus) { - std::string value; xmlChar *attr = xmlTextReaderGetAttribute(m_reader, BAD_CAST(token.c_str())); - if ((NULL == attr) && (throwStatus == THROW_DISABLE)) { - /* - * return empty string - */ - //TODO why not DPL::Optional? - return std::string(); - } - if (NULL == attr) { - /* - * error during read attribute - */ - LogError("Error in reading attribute."); - Throw(Exception::ParserInternalErrorInReadingAttribute); + if (!attr) { + if (throwStatus == THROW_DISABLE) { + return std::string(); + } + else { + VcoreThrowMsg(SaxReader::Exception::ParserInternalError, + "xmlTextReaderGetAttribute error"); + } } - /* - * cast it to val and return it - */ - value = reinterpret_cast<const char *>(attr); + std::string value = reinterpret_cast<const char *>(attr); xmlFree(attr); + return value; } -// KW std::string SaxReader::fullName(){ -// KW std::string value; -// KW xmlChar *name = xmlTextReaderName(m_reader); -// KW if(NULL == name) { -// KW LogError("Error in reading name."); -// KW Throw(Exception::ErrorReadingName); -// KW } -// KW value = reinterpret_cast<const char *>(name); -// KW xmlFree(name); -// KW return value; -// KW } - std::string SaxReader::name() { - std::string value; xmlChar *name = xmlTextReaderName(m_reader); - if (NULL == name) { - LogError("Error in reading name."); - Throw(Exception::ErrorReadingName); - } - value = reinterpret_cast<const char *>(name); + if (!name) + VcoreThrowMsg(SaxReader::Exception::ReadingNameError, + "reading name error"); + + std::string value = reinterpret_cast<const char *>(name); xmlFree(name); size_t pos = value.find_last_of(":"); if (pos != std::string::npos) { value.erase(0, pos + 1); } + return value; } std::string SaxReader::namespaceURI() { - std::string value; xmlChar *name = xmlTextReaderNamespaceUri(m_reader); - if (NULL != name) { - value = reinterpret_cast<const char *>(name); - xmlFree(name); + if (!name) { + return std::string(); } + + std::string value = reinterpret_cast<const char *>(name); + xmlFree(name); + return value; } std::string SaxReader::value() { - std::string value; - /* - * get value of node - */ xmlChar *text = xmlTextReaderValue(m_reader); - if (NULL == text) { - LogError("Error in reading value"); - Throw(Exception::ErrorReadingValue); - } - value = reinterpret_cast<const char*>(text); - /* - * free text and return the val - */ + if (!text) + VcoreThrowMsg(SaxReader::Exception::ReadingValueError, + "reading value error"); + + std::string value = reinterpret_cast<const char*>(text); xmlFree(text); + return value; } @@ -278,31 +242,20 @@ SaxReader::NodeType SaxReader::type() void SaxReader::dumpNode(std::string &buffer) { - /* - * size of buffer - */ - int size; - /* - * pointer to buffer - */ xmlBufferPtr buff = xmlBufferCreate(); xmlNodePtr node = xmlTextReaderExpand(m_reader); - - if (node == NULL) { - /* - * internal parser error - */ + if (!node) { xmlBufferFree(buff); - LogError("Parser Internal Error"); - Throw(Exception::ParserInternalError); + VcoreThrowMsg(SaxReader::Exception::ParserInternalError, + "xmlTextReaderExpand error"); } - /* - * get a size and fill in a buffer - */ - size = xmlNodeDump(buff, node->doc, node, 0, 0); - buffer.insert(0, reinterpret_cast<char*>(buff->content), size); + int size = xmlNodeDump(buff, node->doc, node, 0, 0); + if (size > 0) { + buffer.insert(0, reinterpret_cast<char*>(buff->content), size); + } xmlBufferFree(buff); } + } // namespace ValidationCore diff --git a/vcore/src/vcore/SaxReader.h b/vcore/src/vcore/SaxReader.h index 3fd4efc..000ce1c 100644 --- a/vcore/src/vcore/SaxReader.h +++ b/vcore/src/vcore/SaxReader.h @@ -26,31 +26,25 @@ #include <string> #include <libxml/xmlreader.h> -#include <dpl/exception.h> + +#include <vcore/exception.h> namespace ValidationCore { -class SaxReader -{ - public: +class SaxReader { +public: SaxReader(); ~SaxReader(); - /* - * custom exceptions - */ - class Exception - { - public: - DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) - DECLARE_EXCEPTION_TYPE(Base, FileOpeningError) - DECLARE_EXCEPTION_TYPE(Base, FileNotValid) - DECLARE_EXCEPTION_TYPE(Base, ParserInternalError) - DECLARE_EXCEPTION_TYPE(Base, WrongToken) - DECLARE_EXCEPTION_TYPE(Base, ParserInternalErrorInReadingAttribute) - DECLARE_EXCEPTION_TYPE(Base, ParserInternalErrorInEmptyQuery) - DECLARE_EXCEPTION_TYPE(Base, ErrorReadingValue) - DECLARE_EXCEPTION_TYPE(Base, ErrorReadingName) - DECLARE_EXCEPTION_TYPE(Base, UnsupportedType) + class Exception { + public: + VCORE_DECLARE_EXCEPTION_TYPE(ValidationCore::Exception, Base); + VCORE_DECLARE_EXCEPTION_TYPE(Base, FileOpeningError); + VCORE_DECLARE_EXCEPTION_TYPE(Base, FileNotValid); + VCORE_DECLARE_EXCEPTION_TYPE(Base, ParserInternalError); + VCORE_DECLARE_EXCEPTION_TYPE(Base, WrongToken); + VCORE_DECLARE_EXCEPTION_TYPE(Base, ReadingValueError); + VCORE_DECLARE_EXCEPTION_TYPE(Base, ReadingNameError); + VCORE_DECLARE_EXCEPTION_TYPE(Base, UnsupportedType); }; enum NodeType @@ -80,7 +74,8 @@ class SaxReader /* * initializes parser */ - void initialize(const std::string &filename, + void initialize( + const std::string &filename, bool defaultArgs = false, ValidationType validation = VALIDATION_DISABLE, const std::string &schema = std::string()); @@ -95,8 +90,8 @@ class SaxReader bool next(); /** - * Move to next xml node. If next node name is differ from token the exception will - * be thrown. + * Move to next xml node. If next node name is differ from token the exception wiil + * be thronw. */ void next(const std::string &token); @@ -108,13 +103,7 @@ class SaxReader /** * Read attribute tag. */ - std::string attribute(const std::string &token, - ThrowType throwStatus = THROW_ENABLE); - - /** - * Read xml tag name with namespace. - */ - // KW std::string fullName(); + std::string attribute(const std::string &token, ThrowType throwStatus = THROW_ENABLE); /** * Read xml tag name without namespace. @@ -142,7 +131,7 @@ class SaxReader */ void dumpNode(std::string &buffer); - private: +private: /* * internal libxml text reader */ diff --git a/vcore/src/vcore/SignatureData.cpp b/vcore/src/vcore/SignatureData.cpp new file mode 100644 index 0000000..a8a84fa --- /dev/null +++ b/vcore/src/vcore/SignatureData.cpp @@ -0,0 +1,154 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file SignatureData.cpp + * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + * @brief SignatureData is used to storage data parsed from digsig file. + */ +#include <vcore/SignatureData.h> + +#include <dpl/log/log.h> + +namespace ValidationCore { + +SignatureData::SignatureData() + : m_signatureNumber(-1) + , m_certificateSorted(false) +{} + +SignatureData::SignatureData(const std::string &fileName, int fileNumber) + : m_signatureNumber(fileNumber) + , m_fileName(fileName) + , m_certificateSorted(false) +{} + +SignatureData::~SignatureData() +{} + +const ReferenceSet& SignatureData::getReferenceSet() const +{ + return m_referenceSet; +} + +void SignatureData::setReference(const ReferenceSet &referenceSet) +{ + m_referenceSet = referenceSet; +} + +CertificateList SignatureData::getCertList() const +{ + return m_certList; +} + +void SignatureData::setSortedCertificateList(const CertificateList &list) +{ + m_certList = list; + m_certificateSorted = true; +} + +bool SignatureData::isAuthorSignature() const +{ + return m_signatureNumber == -1; +} + +std::string SignatureData::getSignatureFileName() const +{ + return m_fileName; +} + +int SignatureData::getSignatureNumber() const +{ + return m_signatureNumber; +} + +std::string SignatureData::getRoleURI() const +{ + return m_roleURI; +} + +std::string SignatureData::getProfileURI() const +{ + return m_profileURI; +} + +bool SignatureData::containObjectReference(const std::string &ref) const +{ + std::string rName = "#"; + rName += ref; + return m_referenceSet.end() != m_referenceSet.find(rName); +} + +ObjectList SignatureData::getObjectList() const +{ + return m_objectList; +} + +void SignatureData::setStorageType(const CertStoreId::Set &storeIdSet) +{ + m_storeIdSet = storeIdSet; +} + +const CertStoreId::Set& SignatureData::getStorageType() const +{ + return m_storeIdSet; +} + +CertStoreId::Type SignatureData::getVisibilityLevel() const +{ + if (m_storeIdSet.contains(CertStoreId::VIS_PLATFORM)) + return CertStoreId::VIS_PLATFORM; + else if (m_storeIdSet.contains(CertStoreId::VIS_PARTNER_MANUFACTURER)) + return CertStoreId::VIS_PLATFORM; + else if (m_storeIdSet.contains(CertStoreId::VIS_PARTNER_OPERATOR)) + return CertStoreId::VIS_PLATFORM; + else if (m_storeIdSet.contains(CertStoreId::VIS_PARTNER)) + return CertStoreId::VIS_PARTNER; + else if (m_storeIdSet.contains(CertStoreId::VIS_PUBLIC)) + return CertStoreId::VIS_PUBLIC; + else { + LogWarning("Visibility level was broken."); + return 0; + } +} + +const SignatureData::IMEIList& SignatureData::getIMEIList() const +{ + return m_imeiList; +} + +const SignatureData::MEIDList& SignatureData::getMEIDList() const +{ + return m_meidList; +} + +CertificatePtr SignatureData::getEndEntityCertificatePtr() const +{ + if (m_certificateSorted) + return m_certList.front(); + + return CertificatePtr(); +} + +CertificatePtr SignatureData::getRootCaCertificatePtr() const +{ + if (m_certificateSorted) + return m_certList.back(); + + return CertificatePtr(); +} + +} // ValidationCore diff --git a/vcore/src/vcore/SignatureData.h b/vcore/src/vcore/SignatureData.h index 5afba19..64310e3 100644 --- a/vcore/src/vcore/SignatureData.h +++ b/vcore/src/vcore/SignatureData.h @@ -14,7 +14,7 @@ * limitations under the License. */ /* - * @file SignatureData.cpp + * @file SignatureData.h * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) * @version 1.0 * @brief SignatureData is used to storage data parsed from digsig file. @@ -26,10 +26,6 @@ #include <set> #include <string> -#include <dpl/log/log.h> -#include <dpl/noncopyable.h> -#include <dpl/string.h> - #include <vcore/Certificate.h> #include <vcore/CertStoreType.h> @@ -38,143 +34,39 @@ namespace ValidationCore { typedef std::set<std::string> ReferenceSet; typedef std::list<std::string> ObjectList; -class SignatureData -{ - public: - - SignatureData() : - m_signatureNumber(-1), - m_certificateSorted(false) - { - } - - SignatureData(std::string fileName, int fileNumber) - : m_signatureNumber(fileNumber) - , m_fileName(fileName) - , m_certificateSorted(false) - {} +class SignatureData { +public: + SignatureData(); + SignatureData(const std::string &fileName, int fileNumber); - virtual ~SignatureData() - {} + virtual ~SignatureData(); typedef std::list<std::string> IMEIList; typedef std::list<std::string> MEIDList; - const ReferenceSet& getReferenceSet() const - { - return m_referenceSet; - } - - void setReference(const ReferenceSet &referenceSet) - { - m_referenceSet = referenceSet; - } - - CertificateList getCertList(void) const - { - return m_certList; - } - - void setSortedCertificateList(const CertificateList &list) - { - m_certList = list; - m_certificateSorted = true; - } - - bool isAuthorSignature(void) const - { - return m_signatureNumber == -1; - } - - std::string getSignatureFileName(void) const - { - return m_fileName; - } - - int getSignatureNumber() const - { - return m_signatureNumber; - } - - std::string getRoleURI() const - { - return m_roleURI; - } - - std::string getProfileURI() const - { - return m_profileURI; - } - - bool containObjectReference(const std::string &ref) const - { - std::string rName = "#"; - rName += ref; - return m_referenceSet.end() != m_referenceSet.find(rName); - } - - ObjectList getObjectList() const - { - return m_objectList; - } - - void setStorageType(const CertStoreId::Set &storeIdSet) - { - m_storeIdSet = storeIdSet; - } - - const CertStoreId::Set& getStorageType(void) const - { - return m_storeIdSet; - } - - const CertStoreId::Type getVisibilityLevel(void) const - { - if (m_storeIdSet.contains(CertStoreId::VIS_PLATFORM) == true) - return CertStoreId::VIS_PLATFORM; - else if (m_storeIdSet.contains(CertStoreId::VIS_PARTNER_MANUFACTURER) == true) - return CertStoreId::VIS_PLATFORM; - else if (m_storeIdSet.contains(CertStoreId::VIS_PARTNER_OPERATOR) == true) - return CertStoreId::VIS_PLATFORM; - else if (m_storeIdSet.contains(CertStoreId::VIS_PARTNER) == true) - return CertStoreId::VIS_PARTNER; - else if (m_storeIdSet.contains(CertStoreId::VIS_PUBLIC) == true) - return CertStoreId::VIS_PUBLIC; - else { - LogWarning("Visibility level was broken."); - return 0; - } - } - - const IMEIList& getIMEIList() const - { - return m_imeiList; - } - - const MEIDList& getMEIDList() const - { - return m_meidList; - } - - CertificatePtr getEndEntityCertificatePtr() const - { - if (m_certificateSorted) { - return m_certList.front(); - } - return CertificatePtr(); - } - - CertificatePtr getRootCaCertificatePtr() const - { - if (m_certificateSorted) { - return m_certList.back(); - } - return CertificatePtr(); - } + void setReference(const ReferenceSet &referenceSet); + void setSortedCertificateList(const CertificateList &list); + void setStorageType(const CertStoreId::Set &storeIdSet); + + const ReferenceSet& getReferenceSet() const; + CertificateList getCertList() const; + ObjectList getObjectList() const; + bool containObjectReference(const std::string &ref) const; + bool isAuthorSignature() const; + int getSignatureNumber() const; + std::string getSignatureFileName() const; + std::string getRoleURI() const; + std::string getProfileURI() const; + const CertStoreId::Set& getStorageType() const; + CertStoreId::Type getVisibilityLevel() const; + const IMEIList& getIMEIList() const; + const MEIDList& getMEIDList() const; + CertificatePtr getEndEntityCertificatePtr() const; + CertificatePtr getRootCaCertificatePtr() const; friend class SignatureReader; - private: +private: ReferenceSet m_referenceSet; CertificateList m_certList; diff --git a/vcore/src/vcore/SignatureFinder.cpp b/vcore/src/vcore/SignatureFinder.cpp index cc0a408..0c864b7 100644 --- a/vcore/src/vcore/SignatureFinder.cpp +++ b/vcore/src/vcore/SignatureFinder.cpp @@ -20,14 +20,15 @@ * @brief Search for author-signature.xml and signatureN.xml files. */ #include <vcore/SignatureFinder.h> +#include <dpl/log/wrt_log.h> #include <dirent.h> #include <errno.h> #include <istream> +#include <sstream> #include <pcrecpp.h> -#include <dpl/log/log.h> namespace ValidationCore { static const char *SIGNATURE_AUTHOR = "author-signature.xml"; @@ -35,7 +36,7 @@ static const char *REGEXP_DISTRIBUTOR_SIGNATURE = "^(signature)([1-9][0-9]*)(\\.xml)"; class SignatureFinder::Impl { - public: +public: Impl(const std::string& dir) : m_dir(dir) , m_signatureRegexp(REGEXP_DISTRIBUTOR_SIGNATURE) @@ -45,7 +46,7 @@ class SignatureFinder::Impl { Result find(SignatureFileInfoSet &set); - private: +private: std::string m_dir; pcrecpp::RE m_signatureRegexp; }; @@ -59,7 +60,7 @@ SignatureFinder::Result SignatureFinder::Impl::find(SignatureFileInfoSet &set) * find a dir */ if ((dp = opendir(m_dir.c_str())) == NULL) { - LogError("Error opening directory:" << m_dir); + WrtLogE("Error opening directory: %s", m_dir.c_str()); return ERROR_OPENING_DIR; } @@ -88,7 +89,7 @@ SignatureFinder::Result SignatureFinder::Impl::find(SignatureFileInfoSet &set) } if (errno != 0) { - LogError("Error in readdir"); + WrtLogE("Error in readdir"); closedir(dp); return ERROR_READING_DIR; } @@ -101,7 +102,8 @@ SignatureFinder::SignatureFinder(const std::string& dir) : m_impl(new Impl(dir)) {} -SignatureFinder::~SignatureFinder(){ +SignatureFinder::~SignatureFinder() +{ delete m_impl; } diff --git a/vcore/src/vcore/SignatureFinder.h b/vcore/src/vcore/SignatureFinder.h index c1545cc..4809096 100644 --- a/vcore/src/vcore/SignatureFinder.h +++ b/vcore/src/vcore/SignatureFinder.h @@ -27,12 +27,10 @@ #include <set> #include <string> -#include <dpl/noncopyable.h> - namespace ValidationCore { -class SignatureFileInfo -{ - public: + +class SignatureFileInfo { +public: SignatureFileInfo(const std::string &fileName, int num) : m_fileName(fileName) , m_fileNumber(num) @@ -52,15 +50,16 @@ class SignatureFileInfo { return m_fileNumber < second.m_fileNumber; } - private: + +private: std::string m_fileName; int m_fileNumber; }; typedef std::set<SignatureFileInfo> SignatureFileInfoSet; -class SignatureFinder : DPL::Noncopyable { - public: +class SignatureFinder { +public: enum Result { NO_ERROR, @@ -69,15 +68,19 @@ class SignatureFinder : DPL::Noncopyable { ERROR_ISTREAM }; - SignatureFinder(const std::string& dir); + SignatureFinder() = delete; + explicit SignatureFinder(const std::string& dir); virtual ~SignatureFinder(); Result find(SignatureFileInfoSet &set); - private: +private: class Impl; Impl *m_impl; + + SignatureFinder(const SignatureFinder &); + const SignatureFinder &operator=(const SignatureFinder &); }; } // namespace ValidationCore diff --git a/vcore/src/vcore/SignatureReader.cpp b/vcore/src/vcore/SignatureReader.cpp index 80553b6..229c93d 100644 --- a/vcore/src/vcore/SignatureReader.cpp +++ b/vcore/src/vcore/SignatureReader.cpp @@ -162,11 +162,9 @@ SignatureReader::SignatureReader() : m_parserSchema.addBeginTagCallback(TOKEN_OBJECT, XML_NAMESPACE, &SignatureReader::tokenObject); - m_parserSchema.addBeginTagCallback( - TOKEN_SIGNATURE_PROPERTIES, - XML_NAMESPACE, - &SignatureReader:: - tokenSignatureProperties); + m_parserSchema.addBeginTagCallback(TOKEN_SIGNATURE_PROPERTIES, + XML_NAMESPACE, + &SignatureReader::tokenSignatureProperties); m_parserSchema.addBeginTagCallback(TOKEN_SIGNATURE_PROPERTY, XML_NAMESPACE, &SignatureReader::blankFunction); @@ -306,11 +304,9 @@ SignatureReader::SignatureReader() : m_parserSchema.addEndTagCallback(TOKEN_DSA_SEED_COMPONENT, XML_NAMESPACE, &SignatureReader::tokenEndDSASeedComponent); - m_parserSchema.addEndTagCallback( - TOKEN_DSA_PGENCOUNTER_COMPONENT, - XML_NAMESPACE, - &SignatureReader:: - tokenEndDSAPGenCounterComponent); + m_parserSchema.addEndTagCallback(TOKEN_DSA_PGENCOUNTER_COMPONENT, + XML_NAMESPACE, + &SignatureReader::tokenEndDSAPGenCounterComponent); m_parserSchema.addEndTagCallback(TOKEN_RSA_KEY_VALUE, XML_NAMESPACE, &SignatureReader::tokenEndRSAKeyValue); @@ -325,46 +321,58 @@ SignatureReader::SignatureReader() : &SignatureReader::blankFunction); } -void SignatureReader::tokenKeyInfo(SignatureData &signatureData) + +void SignatureReader::initialize( + SignatureData &signatureData, + const std::string &xmlscheme) { - (void)signatureData; + m_parserSchema.initialize( + signatureData.getSignatureFileName(), + true, + SaxReader::VALIDATION_XMLSCHEME, + xmlscheme); } -void SignatureReader::tokenX509Data(SignatureData &signatureData) + +void SignatureReader::read(SignatureData &signatureData) { - (void)signatureData; + m_parserSchema.read(signatureData); } -void SignatureReader::tokenX509Certificate(SignatureData &signatureData) + +void SignatureReader::blankFunction(SignatureData &) { - (void)signatureData; } -void SignatureReader::tokenPublicKey(SignatureData &signatureData) + +void SignatureReader::tokenKeyInfo(SignatureData &) +{ +} + +void SignatureReader::tokenX509Data(SignatureData &) { - (void)signatureData; } -void SignatureReader::tokenNamedCurve(SignatureData &signatureData) +void SignatureReader::tokenX509Certificate(SignatureData &) +{ +} + +void SignatureReader::tokenPublicKey(SignatureData &) +{ +} + +void SignatureReader::tokenNamedCurve(SignatureData &) { - (void)signatureData; m_nameCurveURI = m_parserSchema.getReader().attribute(TOKEN_URI); } void SignatureReader::tokenTargetRestriction(SignatureData &signatureData) { - std::string IMEI = m_parserSchema.getReader().attribute( - TOKEN_IMEI, - SaxReader:: - THROW_DISABLE); - std::string MEID = m_parserSchema.getReader().attribute( - TOKEN_MEID, - SaxReader:: - THROW_DISABLE); + std::string IMEI = m_parserSchema.getReader().attribute(TOKEN_IMEI); + std::string MEID = m_parserSchema.getReader().attribute(TOKEN_MEID); //less verbose way to say (IMEI && MEID) || (!IMEI && !MEID) if (IMEI.empty() == MEID.empty()) { //WAC 2.0 WR-4650 point 4 - ThrowMsg(Exception::TargetRestrictionException, - "TargetRestriction should contain exactly one attribute."); - return; + VcoreThrowMsg(SignatureReader::Exception::TargetRestriction, + "TargetRestriction should contain exactly one attribute."); } if (!IMEI.empty()) { @@ -375,14 +383,12 @@ void SignatureReader::tokenTargetRestriction(SignatureData &signatureData) } } -void SignatureReader::tokenEndKeyInfo(SignatureData &signatureData) +void SignatureReader::tokenEndKeyInfo(SignatureData &) { - (void)signatureData; } -void SignatureReader::tokenEndX509Data(SignatureData &signatureData) +void SignatureReader::tokenEndX509Data(SignatureData &) { - (void)signatureData; } void SignatureReader::tokenEndX509Certificate(SignatureData &signatureData) @@ -391,20 +397,11 @@ void SignatureReader::tokenEndX509Certificate(SignatureData &signatureData) if (CertificateLoader::NO_ERROR != loader.loadCertificateFromRawData(m_parserSchema.getText())) { fprintf(stderr, "## [validate error]: Certificate could not be loaded\n"); - LogWarning("Certificate could not be loaded!"); - ThrowMsg(ParserSchemaException::CertificateLoaderError, - "Certificate could not be loaded."); + VcoreThrowMsg(ParserSchemaException::CertificateLoaderError, + "Certificate could not be loaded"); } signatureData.m_certList.push_back(loader.getCertificatePtr()); } -// KW void SignatureReader::tokenEndKeyName(SignatureData &signatureData){ -// KW CertificateLoader loader; -// KW if(CertificateLoader::NO_ERROR != loader.loadCertificateBasedOnSubjectName(m_parserSchema.getText())){ -// KW LogError("Certificate could not be loaded!"); -// KW ThrowMsg(ParserSchemaException::CertificateLoaderError, "Certificate could not be loaded."); -// KW } -// KW signatureData.m_certList.push_back(loader); -// KW } void SignatureReader::tokenEndRSAKeyValue(SignatureData &signatureData) { @@ -413,28 +410,24 @@ void SignatureReader::tokenEndRSAKeyValue(SignatureData &signatureData) loader.loadCertificateBasedOnExponentAndModulus(m_modulus, m_exponent)) { fprintf(stderr, "## [validate error]: Certificate could not be loaded\n"); - LogWarning("Certificate could not be loaded!"); - ThrowMsg(ParserSchemaException::CertificateLoaderError, - "Certificate could not be loaded."); + VcoreThrowMsg(ParserSchemaException::CertificateLoaderError, + "Certificate could not be loaded"); } signatureData.m_certList.push_back(loader.getCertificatePtr()); } -void SignatureReader::tokenEndKeyModulus(SignatureData &signatureData) +void SignatureReader::tokenEndKeyModulus(SignatureData &) { - (void)signatureData; m_modulus = m_parserSchema.getText(); } -void SignatureReader::tokenEndKeyExponent(SignatureData &signatureData) +void SignatureReader::tokenEndKeyExponent(SignatureData &) { - (void)signatureData; m_exponent = m_parserSchema.getText(); } -void SignatureReader::tokenEndPublicKey(SignatureData &signatureData) +void SignatureReader::tokenEndPublicKey(SignatureData &) { - (void)signatureData; m_publicKey = m_parserSchema.getText(); } @@ -444,8 +437,8 @@ void SignatureReader::tokenEndECKeyValue(SignatureData &signatureData) if (CertificateLoader::NO_ERROR != loader.loadCertificateWithECKEY(m_nameCurveURI, m_publicKey)) { fprintf(stderr, "## [validate error]: Certificate could not be loaded\n"); - ThrowMsg(ParserSchemaException::CertificateLoaderError, - "Certificate could not be loaded."); + VcoreThrowMsg(ParserSchemaException::CertificateLoaderError, + "Certificate could not be loaded"); } signatureData.m_certList.push_back(loader.getCertificatePtr()); } @@ -458,60 +451,53 @@ void SignatureReader::tokenEndObject(SignatureData &signatureData) (!signatureData.m_meidList.empty())) && m_targetRestrictionObjectFound) { //WAC 2.0 WR-4650 point 1 - ThrowMsg( - Exception::TargetRestrictionException, - "TargetRestriction should contain exactly one ds:Object containing zero or more wac:TargetRestriction children."); - return; + VcoreThrowMsg(SignatureReader::Exception::TargetRestriction, + "TargetRestriction should contain exactly one ds:Object " + "containing zero or more wac:TargetRestriction children."); } + if ((!signatureData.m_imeiList.empty()) || (!signatureData.m_meidList.empty())) { m_targetRestrictionObjectFound = true; } + } -void SignatureReader::tokenEndDSAPComponent(SignatureData& signatureData) +void SignatureReader::tokenEndDSAPComponent(SignatureData &) { - (void)signatureData; m_dsaKeyPComponent = m_parserSchema.getText(); } -void SignatureReader::tokenEndDSAQComponent(SignatureData& signatureData) +void SignatureReader::tokenEndDSAQComponent(SignatureData &) { - (void)signatureData; m_dsaKeyQComponent = m_parserSchema.getText(); } -void SignatureReader::tokenEndDSAGComponent(SignatureData& signatureData) +void SignatureReader::tokenEndDSAGComponent(SignatureData &) { - (void)signatureData; m_dsaKeyGComponent = m_parserSchema.getText(); } -void SignatureReader::tokenEndDSAYComponent(SignatureData& signatureData) +void SignatureReader::tokenEndDSAYComponent(SignatureData &) { - (void)signatureData; m_dsaKeyYComponent = m_parserSchema.getText(); } -void SignatureReader::tokenEndDSAJComponent(SignatureData& signatureData) +void SignatureReader::tokenEndDSAJComponent(SignatureData &) { - (void)signatureData; m_dsaKeyJComponent = m_parserSchema.getText(); } -void SignatureReader::tokenEndDSASeedComponent(SignatureData& signatureData) +void SignatureReader::tokenEndDSASeedComponent(SignatureData &) { - (void)signatureData; m_dsaKeySeedComponent = m_parserSchema.getText(); } -void SignatureReader::tokenEndDSAPGenCounterComponent( - SignatureData& signatureData) +void SignatureReader::tokenEndDSAPGenCounterComponent(SignatureData &) { - (void)signatureData; m_dsaKeyPGenCounter = m_parserSchema.getText(); } -void SignatureReader::tokenEndDSAKeyValue(SignatureData& signatureData) +void SignatureReader::tokenEndDSAKeyValue(SignatureData &signatureData) { CertificateLoader loader; @@ -524,9 +510,8 @@ void SignatureReader::tokenEndDSAKeyValue(SignatureData& signatureData) m_dsaKeySeedComponent, m_dsaKeyPGenCounter)) { fprintf(stderr, "## [validate error]: Certificate could not be loaded\n"); - LogWarning("Certificate could not be loaded."); - ThrowMsg(ParserSchemaException::CertificateLoaderError, - "Certificate could not be loaded."); + VcoreThrowMsg(ParserSchemaException::CertificateLoaderError, + "Certificate could not be loaded."); } signatureData.m_certList.push_back(loader.getCertificatePtr()); } @@ -535,9 +520,8 @@ void SignatureReader::tokenRole(SignatureData &signatureData) { if (!signatureData.m_roleURI.empty()) { fprintf(stderr, "## [validate error]: Multiple definition of Role is not allowed\n"); - LogWarning("Multiple definition of Role is not allowed."); - ThrowMsg(ParserSchemaException::UnsupportedValue, - "Multiple definition of Role is not allowed."); + VcoreThrowMsg(ParserSchemaException::UnsupportedValue, + "Multiple definition of Role is not allowed."); } signatureData.m_roleURI = m_parserSchema.getReader().attribute(TOKEN_URI); } @@ -546,9 +530,8 @@ void SignatureReader::tokenProfile(SignatureData &signatureData) { if (!signatureData.m_profileURI.empty()) { fprintf(stderr, "## [validate error]: Multiple definition of Profile is not allowed\n"); - LogWarning("Multiple definition of Profile is not allowed."); - ThrowMsg(ParserSchemaException::UnsupportedValue, - "Multiple definition of Profile is not allowed."); + VcoreThrowMsg(ParserSchemaException::UnsupportedValue, + "Multiple definition of Profile is not allowed."); } signatureData.m_profileURI = m_parserSchema.getReader().attribute(TOKEN_URI); } @@ -557,9 +540,8 @@ void SignatureReader::tokenEndIdentifier(SignatureData &signatureData) { if (!signatureData.m_identifier.empty()) { fprintf(stderr, "## [validate error]: Multiple definition of Identifier is not allowed\n"); - LogWarning("Multiple definition of Identifier is not allowed."); - ThrowMsg(ParserSchemaException::UnsupportedValue, - "Multiple definition of Identifier is not allowed."); + VcoreThrowMsg(ParserSchemaException::UnsupportedValue, + "Multiple definition of Identifier is not allowed."); } signatureData.m_identifier = m_parserSchema.getText(); } @@ -570,22 +552,19 @@ void SignatureReader::tokenObject(SignatureData &signatureData) if (id.empty()) { fprintf(stderr, "## [validate error]: Unsupported value of Attribute Id in Object tag\n"); - LogWarning("Unsupported value of Attribute Id in Object tag."); - ThrowMsg(ParserSchemaException::UnsupportedValue, - "Unsupported value of Attribute Id in Object tag."); + VcoreThrowMsg(ParserSchemaException::UnsupportedValue, + "Unsupported value of Attribute Id in Object tag."); } signatureData.m_objectList.push_back(id); } -void SignatureReader::tokenSignatureProperties(SignatureData &signatureData) +void SignatureReader::tokenSignatureProperties(SignatureData &) { - (void)signatureData; if (++m_signaturePropertiesCounter > 1) { fprintf(stderr, "## [validate error]: Only one SignatureProperties tag is allowed in Object\n"); - LogWarning("Only one SignatureProperties tag is allowed in Object"); - ThrowMsg(ParserSchemaException::UnsupportedValue, - "Only one SignatureProperties tag is allowed in Object"); + VcoreThrowMsg(ParserSchemaException::UnsupportedValue, + "Only one SignatureProperties tag is allowed in Object"); } } } // namespace ValidationCore diff --git a/vcore/src/vcore/SignatureReader.h b/vcore/src/vcore/SignatureReader.h index 2f2f9a8..309a915 100644 --- a/vcore/src/vcore/SignatureReader.h +++ b/vcore/src/vcore/SignatureReader.h @@ -22,42 +22,30 @@ #ifndef _VALIDATION_CORE_SIGNATUREREADER_H_ #define _VALIDATION_CORE_SIGNATUREREADER_H_ -#include <map> -#include <dpl/log/log.h> - #include <vcore/SignatureData.h> #include <vcore/ParserSchema.h> +#include <vcore/exception.h> + +#include <map> namespace ValidationCore { -class SignatureReader -{ - public: - class Exception - { - public: - DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) - DECLARE_EXCEPTION_TYPE(Base, TargetRestrictionException) + +class SignatureReader { +public: + class Exception { + public: + VCORE_DECLARE_EXCEPTION_TYPE(ValidationCore::Exception, Base); + VCORE_DECLARE_EXCEPTION_TYPE(Base, TargetRestriction); }; SignatureReader(); - void initialize(SignatureData &data, - const std::string &xmlscheme) - { - m_parserSchema.initialize( - data.getSignatureFileName(), true, SaxReader::VALIDATION_XMLSCHEME, - xmlscheme); - } + void initialize(SignatureData &signatureData, const std::string &xmlscheme); - void read(SignatureData &data) - { - m_parserSchema.read(data); - } + void read(SignatureData &signatureData); - private: - void blankFunction(SignatureData &) - { - } +private: + void blankFunction(SignatureData &signatureData); void tokenKeyInfo(SignatureData &signatureData); void tokenKeyModulus(SignatureData &signatureData); @@ -70,15 +58,20 @@ class SignatureReader void tokenProfile(SignatureData &signatureData); void tokenObject(SignatureData &signatureData); void tokenSignatureProperties(SignatureData &signatureData); + void tokenTargetRestriction(SignatureData &signatureData); void tokenEndKeyInfo(SignatureData &signatureData); // KW void tokenEndKeyName(SignatureData &signatureData); + void tokenEndRSAKeyValue(SignatureData &signatureData); + void tokenEndKeyModulus(SignatureData &signatureData); void tokenEndKeyExponent(SignatureData &signatureData); void tokenEndX509Data(SignatureData &signatureData); + void tokenEndX509Certificate(SignatureData &signatureData); + void tokenEndPublicKey(SignatureData &signatureData); void tokenEndECKeyValue(SignatureData &signatureData); void tokenEndIdentifier(SignatureData &signatureData); diff --git a/vcore/src/vcore/SignatureValidator.cpp b/vcore/src/vcore/SignatureValidator.cpp index 35ffaa3..2a51402 100644 --- a/vcore/src/vcore/SignatureValidator.cpp +++ b/vcore/src/vcore/SignatureValidator.cpp @@ -21,15 +21,16 @@ */ #include <vcore/SignatureValidator.h> #include <vcore/CertificateCollection.h> -#include <dpl/log/log.h> -#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL -#include <vcore/CertificateVerifier.h> -#endif #include <vcore/Certificate.h> #include <vcore/OCSPCertMgrUtil.h> #include <vcore/ReferenceValidator.h> #include <vcore/ValidatorFactories.h> #include <vcore/XmlsecAdapter.h> +#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL +#include <vcore/CertificateVerifier.h> +#endif + +#include <dpl/log/wrt_log.h> namespace { const time_t TIMET_DAY = 60 * 60 * 24; @@ -41,8 +42,6 @@ const std::string TOKEN_ROLE_DISTRIBUTOR_URI = const std::string TOKEN_PROFILE_URI = "http://www.w3.org/ns/widgets-digsig#profile"; -//const char* TIZEN_STORE_CN = "Tizen Store"; //un-used variable - } // namespace anonymouse @@ -56,20 +55,26 @@ static tm _ASN1_GetTimeT(ASN1_TIME* time) if (time->type == V_ASN1_UTCTIME) /* two digit year */ { - t.tm_year = (str[i++] - '0') * 10 + (str[++i] - '0'); + t.tm_year = (str[i] - '0') * 10 + (str[i+1] - '0'); + i += 2; if (t.tm_year < 70) t.tm_year += 100; } else if (time->type == V_ASN1_GENERALIZEDTIME) /* four digit year */ { - t.tm_year = (str[i++] - '0') * 1000 + (str[++i] - '0') * 100 + (str[++i] - '0') * 10 + (str[++i] - '0'); + t.tm_year = + (str[i] - '0') * 1000 + + (str[i+1] - '0') * 100 + + (str[i+2] - '0') * 10 + + (str[i+3] - '0'); + i += 4; t.tm_year -= 1900; } - t.tm_mon = ((str[i++] - '0') * 10 + (str[++i] - '0')) - 1; // -1 since January is 0 not 1. - t.tm_mday = (str[i++] - '0') * 10 + (str[++i] - '0'); - t.tm_hour = (str[i++] - '0') * 10 + (str[++i] - '0'); - t.tm_min = (str[i++] - '0') * 10 + (str[++i] - '0'); - t.tm_sec = (str[i++] - '0') * 10 + (str[++i] - '0'); + t.tm_mon = ((str[i] - '0') * 10 + (str[i+1] - '0')) - 1; // -1 since January is 0 not 1. + t.tm_mday = (str[i+2] - '0') * 10 + (str[i+3] - '0'); + t.tm_hour = (str[i+4] - '0') * 10 + (str[i+5] - '0'); + t.tm_min = (str[i+6] - '0') * 10 + (str[i+7] - '0'); + t.tm_sec = (str[i+8] - '0') * 10 + (str[i+9] - '0'); /* Note: we did not adjust the time based on time zone information */ return t; @@ -93,11 +98,15 @@ public: bool crlEnable, bool complianceMode) : m_complianceModeEnabled(complianceMode) - #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL - , m_ocspEnable(ocspEnable) - , m_crlEnable(crlEnable) - #endif - {} + { +#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL + m_ocspEnable = ocspEnable; + m_crlEnable = crlEnable; +#else + (void) ocspEnable; + (void) crlEnable; +#endif + } virtual ~ImplSignatureValidator(){ } @@ -105,18 +114,18 @@ public: std::string roleURI = data.getRoleURI(); if (roleURI.empty()) { - LogWarning("URI attribute in Role tag couldn't be empty."); + WrtLogW("URI attribute in Role tag couldn't be empty."); return false; } if (roleURI != TOKEN_ROLE_AUTHOR_URI && data.isAuthorSignature()) { - LogWarning("URI attribute in Role tag does not " + WrtLogW("URI attribute in Role tag does not " "match with signature filename."); return false; } if (roleURI != TOKEN_ROLE_DISTRIBUTOR_URI && !data.isAuthorSignature()) { - LogWarning("URI attribute in Role tag does not " + WrtLogW("URI attribute in Role tag does not " "match with signature filename."); return false; } @@ -125,9 +134,8 @@ public: bool checkProfileURI(const SignatureData &data) { if (TOKEN_PROFILE_URI != data.getProfileURI()) { - LogWarning( - "Profile tag contains unsupported value in URI attribute(" << - data.getProfileURI() << ")."); + WrtLogW( + "Profile tag contains unsupported value in URI attribute( %s ).", (data.getProfileURI()).c_str()); return false; } return true; @@ -138,8 +146,7 @@ public: ObjectList::const_iterator iter; for (iter = objectList.begin(); iter != objectList.end(); ++iter) { if (!data.containObjectReference(*iter)) { - LogWarning("Signature does not contain reference for object " << - *iter); + WrtLogW("Signature does not contain reference for object %s", (*iter).c_str()); return false; } } @@ -177,7 +184,6 @@ SignatureValidator::Result ImplTizenSignatureValidator::check( { bool disregard = false; - DPL::Log::LogSystemSingleton::Instance().SetTag("OSP"); if (!checkRoleURI(data)) { return SignatureValidator::SIGNATURE_INVALID; } @@ -193,14 +199,14 @@ SignatureValidator::Result ImplTizenSignatureValidator::check( // First step - sort certificate if (!collection.sort()) { - LogWarning("Certificates do not form valid chain."); - return SignatureValidator::SIGNATURE_INVALID; + WrtLogW("Certificates do not form valid chain."); + return SignatureValidator::SIGNATURE_INVALID_CERT_CHAIN;//SIGNATURE_INVALID; } // Check for error if (collection.empty()) { - LogWarning("Certificate list in signature is empty."); - return SignatureValidator::SIGNATURE_INVALID; + WrtLogW("Certificate list in signature is empty."); + return SignatureValidator::SIGNATURE_INVALID_CERT_CHAIN;//SIGNATURE_INVALID; } CertificateList sortedCertificateList = collection.getChain(); @@ -215,50 +221,46 @@ SignatureValidator::Result ImplTizenSignatureValidator::check( // Is Root CA certificate trusted? CertStoreId::Set storeIdSet = createCertificateIdentifier().find(root); - LogDebug("Is root certificate from TIZEN_DEVELOPER domain: " - << storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER)); - LogDebug("Is root certificate from TIZEN_TEST domain: " - << storeIdSet.contains(CertStoreId::TIZEN_TEST)); - LogDebug("Is root certificate from TIZEN_VERIFY domain: " - << storeIdSet.contains(CertStoreId::TIZEN_VERIFY)); - LogDebug("Is root certificate from TIZEN_PUBLIC domain: " - << storeIdSet.contains(CertStoreId::VIS_PUBLIC)); - LogDebug("Is root certificate from TIZEN_PARTNER domain: " - << storeIdSet.contains(CertStoreId::VIS_PARTNER)); - LogDebug("Is root certificate from TIZEN_PLATFORM domain: " - << storeIdSet.contains(CertStoreId::VIS_PLATFORM)); - - LogDebug("Visibility level is public : " - << storeIdSet.contains(CertStoreId::VIS_PUBLIC)); - LogDebug("Visibility level is partner : " - << storeIdSet.contains(CertStoreId::VIS_PARTNER)); - LogDebug("Visibility level is platform : " - << storeIdSet.contains(CertStoreId::VIS_PLATFORM)); + WrtLogD("Is root certificate from TIZEN_DEVELOPER domain: %d", storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER)); + WrtLogD("Is root certificate from TIZEN_TEST domain: %d", storeIdSet.contains(CertStoreId::TIZEN_TEST)); + WrtLogD("Is root certificate from TIZEN_VERIFY domain: %d", storeIdSet.contains(CertStoreId::TIZEN_VERIFY)); + WrtLogD("Is root certificate from TIZEN_STORE domain: %d", storeIdSet.contains(CertStoreId::TIZEN_STORE)); + WrtLogD("Is root certificate from TIZEN_PUBLIC domain: %d", storeIdSet.contains(CertStoreId::VIS_PUBLIC)); + WrtLogD("Is root certificate from TIZEN_PARTNER domain: %d", storeIdSet.contains(CertStoreId::VIS_PARTNER)); + WrtLogD("Is root certificate from TIZEN_PLATFORM domain: %d", storeIdSet.contains(CertStoreId::VIS_PLATFORM)); - if (data.isAuthorSignature()) - { - if (!storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER)) - { - LogWarning("author-signature.xml has got unrecognized Root CA " - "certificate. Signature will be disregarded."); - disregard = true; - } - LogDebug("Root CA for author signature is correct."); + WrtLogD("Visibility level is public : %d", storeIdSet.contains(CertStoreId::VIS_PUBLIC)); + WrtLogD("Visibility level is partner : %d", storeIdSet.contains(CertStoreId::VIS_PARTNER)); + WrtLogD("Visibility level is platform : %d", storeIdSet.contains(CertStoreId::VIS_PLATFORM)); + + if (data.isAuthorSignature()) + { + if (!storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER)) + { + WrtLogW("author-signature.xml has got unrecognized Root CA " + "certificate. Signature will be disregarded."); + disregard = true; + } } else { -LogDebug("signaturefile name = " << data.getSignatureFileName().c_str()); - //Additional Check for certificate registration + WrtLogD("signaturefile name = %s", data.getSignatureFileName().c_str()); + if (storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER)) + { + WrtLogE("distributor has author level siganture! Signature will be disregarded."); + return SignatureValidator::SIGNATURE_IN_DISTRIBUTOR_CASE_AUTHOR_CERT;//SIGNATURE_INVALID; + } + if (data.getSignatureNumber() == 1) { if (storeIdSet.contains(CertStoreId::VIS_PUBLIC) || storeIdSet.contains(CertStoreId::VIS_PARTNER) || storeIdSet.contains(CertStoreId::VIS_PLATFORM)) { - LogDebug("Root CA for signature1.xml is correct."); + WrtLogD("Root CA for signature1.xml is correct."); } else { - LogWarning("signature1.xml has got unrecognized Root CA " + WrtLogW("signature1.xml has got unrecognized Root CA " "certificate. Signature will be disregarded."); disregard = true; } @@ -278,7 +280,7 @@ LogDebug("signaturefile name = " << data.getSignatureFileName().c_str()); // If the end certificate is not ROOT CA we should disregard signature // but still signature must be valid... Aaaaaa it's so stupid... if (!(root->isSignedBy(root))) { - LogWarning("Root CA certificate not found. Chain is incomplete."); + WrtLogW("Root CA certificate not found. Chain is incomplete."); // context.allowBrokenChain = true; } @@ -297,44 +299,46 @@ LogDebug("signaturefile name = " << data.getSignatureFileName().c_str()); char msg[1024]; t = localtime(&nowTime); + if (!t) + return SignatureValidator::SIGNATURE_INVALID_CERT_TIME; memset(&tc, 0, sizeof(tc)); snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", t->tm_year + 1900, t->tm_mon + 1,t->tm_mday ); - LogDebug("## System's currentTime : " << msg); + WrtLogD("## System's currentTime : %s", msg); fprintf(stderr, "## System's currentTime : %s\n", msg); tb = _ASN1_GetTimeT(notBeforeTime); snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", tb.tm_year + 1900, tb.tm_mon + 1,tb.tm_mday ); - LogDebug("## certificate's notBeforeTime : " << msg); + WrtLogD("## certificate's notBeforeTime : %s", msg); fprintf(stderr, "## certificate's notBeforeTime : %s\n", msg); ta = _ASN1_GetTimeT(notAfterTime); snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", ta.tm_year + 1900, ta.tm_mon + 1,ta.tm_mday ); - LogDebug("## certificate's notAfterTime : " << msg); + WrtLogD("## certificate's notAfterTime : %s", msg); fprintf(stderr, "## certificate's notAfterTime : %s\n", msg); - if (storeIdSet.contains(CertStoreId::TIZEN_VERIFY)) + if (storeIdSet.contains(CertStoreId::TIZEN_TEST) || storeIdSet.contains(CertStoreId::TIZEN_VERIFY)) { - LogDebug("## TIZEN_VERIFY : check certificate Time : FALSE"); + WrtLogD("## TIZEN_VERIFY : check certificate Time : FALSE"); fprintf(stderr, "## TIZEN_VERIFY : check certificate Time : FALSE\n"); - return SignatureValidator::SIGNATURE_INVALID; + return SignatureValidator::SIGNATURE_INVALID_CERT_TIME;//SIGNATURE_INVALID; } int year = (ta.tm_year - tb.tm_year) / 4; if(year == 0) { - tc.tm_year = tb.tm_year; + tc.tm_year = tb.tm_year; tc.tm_mon = tb.tm_mon + 1; tc.tm_mday = tb.tm_mday; if(tc.tm_mon == 12) { - tc.tm_year = ta.tm_year; + tc.tm_year = ta.tm_year; tc.tm_mon = ta.tm_mon - 1; tc.tm_mday = ta.tm_mday; - + if(tc.tm_mon < 0) { tc.tm_year = ta.tm_year; @@ -343,21 +347,21 @@ LogDebug("signaturefile name = " << data.getSignatureFileName().c_str()); if(tc.tm_mday == 0) { - tc.tm_year = tb.tm_year; + tc.tm_year = tb.tm_year; tc.tm_mon = tb.tm_mon; tc.tm_mday = tb.tm_mday +1; } } - } + } } else{ tc.tm_year = tb.tm_year + year; tc.tm_mon = (tb.tm_mon + ta.tm_mon )/2; - tc.tm_mday = (tb.tm_mday + ta.tm_mday)/2; + tc.tm_mday = (tb.tm_mday + ta.tm_mday)/2; } snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", tc.tm_year + 1900, tc.tm_mon + 1,tc.tm_mday ); - LogDebug("## cmp cert with validation time : " << msg); + WrtLogD("## cmp cert with validation time : %s", msg); fprintf(stderr, "## cmp cert with validation time : %s\n", msg); time_t outCurrent = mktime(&tc); @@ -376,36 +380,36 @@ LogDebug("signaturefile name = " << data.getSignatureFileName().c_str()); struct tm *t; if (data.isAuthorSignature()) - { + { // time_t 2038 year bug exist. So, notAtter() cann't check... /* if (notAfter < nowTime) { context.validationTime = notAfter - TIMET_DAY; - LogWarning("Author certificate is expired. notAfter..."); + WrtLogW("Author certificate is expired. notAfter..."); } */ if (notBefore > nowTime) { - LogWarning("Author certificate is expired. notBefore time is greater than system-time."); + WrtLogW("Author certificate is expired. notBefore time is greater than system-time."); t = localtime(&nowTime); - LogDebug("System's current Year : " << t->tm_year + 1900); - LogDebug("System's current month : " << t->tm_mon + 1); - LogDebug("System's current day : " << t->tm_mday); + WrtLogD("System's current Year : %d", (t->tm_year + 1900)); + WrtLogD("System's current month : %d", (t->tm_mon + 1)); + WrtLogD("System's current day : %d", (t->tm_mday)); t = localtime(¬Before); - LogDebug("Author certificate's notBefore Year : " << t->tm_year + 1900); - LogDebug("Author certificate's notBefore month : " << t->tm_mon + 1); - LogDebug("Author certificate's notBefore day : " << t->tm_mday); + WrtLogD("Author certificate's notBefore Year : %d", (t->tm_year + 1900)); + WrtLogD("Author certificate's notBefore month : %d", (t->tm_mon + 1)); + WrtLogD("Author certificate's notBefore day : %d", (t->tm_mday)); context.validationTime = notBefore + TIMET_DAY; t = localtime(&context.validationTime); - LogDebug("Modified current Year : " << t->tm_year + 1900); - LogDebug("Modified current notBefore month : " << t->tm_mon + 1); - LogDebug("Modified current notBefore day : " << t->tm_mday); + WrtLogD("Modified current Year : %d", (t->tm_year + 1900)); + WrtLogD("Modified current notBefore month : %d", (t->tm_mon + 1)); + WrtLogD("Modified current notBefore day : %d", (t->tm_mday)); } } #endif @@ -414,23 +418,28 @@ LogDebug("signaturefile name = " << data.getSignatureFileName().c_str()); // end - if (XmlSec::NO_ERROR != XmlSecSingleton::Instance().validate(&context)) { - LogWarning("Installation break - invalid package! >> validate"); - return SignatureValidator::SIGNATURE_INVALID; - } - - data.setReference(context.referenceSet); - if (!checkObjectReferences(data)) { - return SignatureValidator::SIGNATURE_INVALID; - } - + if (!data.isAuthorSignature()) + { + if (XmlSec::NO_ERROR != XmlSecSingleton::Instance().validate(&context)) { + WrtLogW("Installation break - invalid package!"); + return SignatureValidator::SIGNATURE_INVALID_HASH_SIGNATURE;//SIGNATURE_INVALID; + } + + data.setReference(context.referenceSet); + if (!checkObjectReferences(data)) { + WrtLogW("Failed to check Object References"); + return SignatureValidator::SIGNATURE_INVALID_HASH_SIGNATURE;//SIGNATURE_INVALID; + } + + (void) widgetContentPath; /* ReferenceValidator fileValidator(widgetContentPath); if (ReferenceValidator::NO_ERROR != fileValidator.checkReferences(data)) { - LogWarning("Invalid package - file references broken"); - return SignatureValidator::SIGNATURE_INVALID; + WrtLogW("Invalid package - file references broken"); + return SignatureValidator::SIGNATURE_INVALID_NO_HASH_FILE;//SIGNATURE_INVALID; } */ + } #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL // It is good time to do OCSP check @@ -442,8 +451,8 @@ LogDebug("signaturefile name = " << data.getSignatureFileName().c_str()); coll.load(sortedCertificateList); if (!coll.sort()) { - LogDebug("Collection does not contain chain!"); - return SignatureValidator::SIGNATURE_INVALID; + WrtLogD("Collection does not contain chain!"); + return SignatureValidator::SIGNATURE_INVALID_CERT_CHAIN;//SIGNATURE_INVALID; } CertificateVerifier verificator(m_ocspEnable, m_crlEnable); @@ -464,8 +473,8 @@ LogDebug("signaturefile name = " << data.getSignatureFileName().c_str()); #endif if (disregard) { - LogWarning("Signature is disregard. RootCA is not a member of Tizen."); - return SignatureValidator::SIGNATURE_DISREGARD; + WrtLogW("Signature is disregard. RootCA is not a member of Tizen"); + return SignatureValidator::SIGNATURE_INVALID_DISTRIBUTOR_CERT;//SIGNATURE_DISREGARD; } return SignatureValidator::SIGNATURE_VERIFIED; } @@ -474,13 +483,11 @@ SignatureValidator::Result ImplTizenSignatureValidator::checkList(SignatureData const std::string &widgetContentPath, const std::list<std::string>& uriList) { - DPL::Log::LogSystemSingleton::Instance().SetTag("OSP"); if(uriList.size() == 0 ) - LogWarning("checkList >> no hash"); + WrtLogW("checkList >> no hash"); bool disregard = false; - bool partialHash = false; - + if (!checkRoleURI(data)) { return SignatureValidator::SIGNATURE_INVALID; } @@ -496,13 +503,13 @@ SignatureValidator::Result ImplTizenSignatureValidator::checkList(SignatureData // First step - sort certificate if (!collection.sort()) { - LogWarning("Certificates do not form valid chain."); + WrtLogW("Certificates do not form valid chain."); return SignatureValidator::SIGNATURE_INVALID; } // Check for error if (collection.empty()) { - LogWarning("Certificate list in signature is empty."); + WrtLogW("Certificate list in signature is empty."); return SignatureValidator::SIGNATURE_INVALID; } @@ -518,50 +525,40 @@ SignatureValidator::Result ImplTizenSignatureValidator::checkList(SignatureData // Is Root CA certificate trusted? CertStoreId::Set storeIdSet = createCertificateIdentifier().find(root); - LogDebug("Is root certificate from TIZEN_DEVELOPER domain: " - << storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER)); - LogDebug("Is root certificate from TIZEN_TEST domain: " - << storeIdSet.contains(CertStoreId::TIZEN_TEST)); - LogDebug("Is root certificate from TIZEN_VERIFY domain: " - << storeIdSet.contains(CertStoreId::TIZEN_VERIFY)); - LogDebug("Is root certificate from TIZEN_PUBLIC domain: " - << storeIdSet.contains(CertStoreId::VIS_PUBLIC)); - LogDebug("Is root certificate from TIZEN_PARTNER domain: " - << storeIdSet.contains(CertStoreId::VIS_PARTNER)); - LogDebug("Is root certificate from TIZEN_PLATFORM domain: " - << storeIdSet.contains(CertStoreId::VIS_PLATFORM)); - - LogDebug("Visibility level is public : " - << storeIdSet.contains(CertStoreId::VIS_PUBLIC)); - LogDebug("Visibility level is partner : " - << storeIdSet.contains(CertStoreId::VIS_PARTNER)); - LogDebug("Visibility level is platform : " - << storeIdSet.contains(CertStoreId::VIS_PLATFORM)); + WrtLogD("Is root certificate from TIZEN_DEVELOPER domain: %d", storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER)); + WrtLogD("Is root certificate from TIZEN_TEST domain: %d", storeIdSet.contains(CertStoreId::TIZEN_TEST)); + WrtLogD("Is root certificate from TIZEN_VERIFY domain: %d", storeIdSet.contains(CertStoreId::TIZEN_VERIFY)); + WrtLogD("Is root certificate from TIZEN_PUBLIC domain: %d", storeIdSet.contains(CertStoreId::VIS_PUBLIC)); + WrtLogD("Is root certificate from TIZEN_PARTNER domain: %d", storeIdSet.contains(CertStoreId::VIS_PARTNER)); + WrtLogD("Is root certificate from TIZEN_PLATFORM domain: %d", storeIdSet.contains(CertStoreId::VIS_PLATFORM)); + + WrtLogD("Visibility level is public : %d", storeIdSet.contains(CertStoreId::VIS_PUBLIC)); + WrtLogD("Visibility level is partner : %d", storeIdSet.contains(CertStoreId::VIS_PARTNER)); + WrtLogD("Visibility level is platform : %d", storeIdSet.contains(CertStoreId::VIS_PLATFORM)); if (data.isAuthorSignature()) { if (!storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER)) { - LogWarning("author-signature.xml has got unrecognized Root CA " + WrtLogW("author-signature.xml has got unrecognized Root CA " "certificate. Signature will be disregarded."); disregard = true; } - LogDebug("Root CA for author signature is correct."); + WrtLogD("Root CA for author signature is correct."); } else { - LogDebug("signaturefile name = " << data.getSignatureFileName().c_str()); - //Additional Check for certificate registration + WrtLogD("signaturefile name = %s", data.getSignatureFileName().c_str()); if (data.getSignatureNumber() == 1) { if (storeIdSet.contains(CertStoreId::VIS_PUBLIC) || storeIdSet.contains(CertStoreId::VIS_PARTNER) || storeIdSet.contains(CertStoreId::VIS_PLATFORM)) { - LogDebug("Root CA for signature1.xml is correct."); + WrtLogD("Root CA for signature1.xml is correct."); } else { - LogWarning("signature1.xml has got unrecognized Root CA " + WrtLogW("signature1.xml has got unrecognized Root CA " "certificate. Signature will be disregarded."); disregard = true; } @@ -581,7 +578,7 @@ SignatureValidator::Result ImplTizenSignatureValidator::checkList(SignatureData // If the end certificate is not ROOT CA we should disregard signature // but still signature must be valid... Aaaaaa it's so stupid... if (!(root->isSignedBy(root))) { - LogWarning("Root CA certificate not found. Chain is incomplete."); + WrtLogW("Root CA certificate not found. Chain is incomplete."); // context.allowBrokenChain = true; } @@ -595,7 +592,7 @@ SignatureValidator::Result ImplTizenSignatureValidator::checkList(SignatureData ASN1_TIME* notAfterTime = data.getEndEntityCertificatePtr()->getNotAfterTime(); ASN1_TIME* notBeforeTime = data.getEndEntityCertificatePtr()->getNotBeforeTime(); - + if (X509_cmp_time(notBeforeTime, &nowTime) > 0 || X509_cmp_time(notAfterTime, &nowTime) < 0) { struct tm *t; @@ -603,26 +600,28 @@ SignatureValidator::Result ImplTizenSignatureValidator::checkList(SignatureData char msg[1024]; t = localtime(&nowTime); + if (!t) + return SignatureValidator::SIGNATURE_INVALID_CERT_TIME; memset(&tc, 0, sizeof(tc)); snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", t->tm_year + 1900, t->tm_mon + 1,t->tm_mday ); - LogDebug("## System's currentTime : " << msg); + WrtLogD("## System's currentTime : %s", msg); fprintf(stderr, "## System's currentTime : %s\n", msg); tb = _ASN1_GetTimeT(notBeforeTime); snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", tb.tm_year + 1900, tb.tm_mon + 1,tb.tm_mday ); - LogDebug("## certificate's notBeforeTime : " << msg); + WrtLogD("## certificate's notBeforeTime : %s", msg); fprintf(stderr, "## certificate's notBeforeTime : %s\n", msg); ta = _ASN1_GetTimeT(notAfterTime); snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", ta.tm_year + 1900, ta.tm_mon + 1,ta.tm_mday ); - LogDebug("## certificate's notAfterTime : " << msg); + WrtLogD("## certificate's notAfterTime : %s", msg); fprintf(stderr, "## certificate's notAfterTime : %s\n", msg); if (storeIdSet.contains(CertStoreId::TIZEN_VERIFY)) { - LogDebug("## TIZEN_VERIFY : check certificate Time : FALSE"); + WrtLogD("## TIZEN_VERIFY : check certificate Time : FALSE"); fprintf(stderr, "## TIZEN_VERIFY : check certificate Time : FALSE\n"); return SignatureValidator::SIGNATURE_INVALID; } @@ -633,7 +632,7 @@ SignatureValidator::Result ImplTizenSignatureValidator::checkList(SignatureData tc.tm_mday = (tb.tm_mday + ta.tm_mday)/2; snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", tc.tm_year + 1900, tc.tm_mon + 1,tc.tm_mday ); - LogDebug("## cmp cert with validation time : " << msg); + WrtLogD("## cmp cert with validation time : %s", msg); fprintf(stderr, "## cmp cert with validation time : %s\n", msg); time_t outCurrent = mktime(&tc); @@ -656,30 +655,30 @@ SignatureValidator::Result ImplTizenSignatureValidator::checkList(SignatureData if (notAfter < nowTime) { context.validationTime = notAfter - TIMET_DAY; - LogWarning("Author certificate is expired. notAfter..."); + WrtLogW("Author certificate is expired. notAfter..."); } */ if (notBefore > nowTime) { - LogWarning("Author certificate is expired. notBefore time is greater than system-time."); + WrtLogW("Author certificate is expired. notBefore time is greater than system-time."); t = localtime(&nowTime); - LogDebug("System's current Year : " << t->tm_year + 1900); - LogDebug("System's current month : " << t->tm_mon + 1); - LogDebug("System's current day : " << t->tm_mday); + WrtLogD("System's current Year : %d", (t->tm_year + 1900)); + WrtLogD("System's current month : %d", (t->tm_mon + 1)); + WrtLogD("System's current day : %d", (t->tm_mday)); t = localtime(¬Before); - LogDebug("Author certificate's notBefore Year : " << t->tm_year + 1900); - LogDebug("Author certificate's notBefore month : " << t->tm_mon + 1); - LogDebug("Author certificate's notBefore day : " << t->tm_mday); + WrtLogD("Author certificate's notBefore Year : %d", (t->tm_year + 1900)); + WrtLogD("Author certificate's notBefore month : %d", (t->tm_mon + 1)); + WrtLogD("Author certificate's notBefore day : %d", (t->tm_mday)); context.validationTime = notBefore + TIMET_DAY; t = localtime(&context.validationTime); - LogDebug("Modified current Year : " << t->tm_year + 1900); - LogDebug("Modified current notBefore month : " << t->tm_mon + 1); - LogDebug("Modified current notBefore day : " << t->tm_mday); + WrtLogD("Modified current Year : %d", (t->tm_year + 1900)); + WrtLogD("Modified current notBefore month : %d", (t->tm_mon + 1)); + WrtLogD("Modified current notBefore day : %d", (t->tm_mday)); } } #endif @@ -690,16 +689,15 @@ SignatureValidator::Result ImplTizenSignatureValidator::checkList(SignatureData if(uriList.size() == 0) { if (XmlSec::NO_ERROR != XmlSecSingleton::Instance().validateNoHash(&context)) { - LogWarning("Installation break - invalid package! >> validateNoHash"); + WrtLogW("Installation break - invalid package! >> validateNoHash"); return SignatureValidator::SIGNATURE_INVALID; } } else if(uriList.size() != 0) { - partialHash = true; XmlSecSingleton::Instance().setPartialHashList(uriList); if (XmlSec::NO_ERROR != XmlSecSingleton::Instance().validatePartialHash(&context)) { - LogWarning("Installation break - invalid package! >> validatePartialHash"); + WrtLogW("Installation break - invalid package! >> validatePartialHash"); return SignatureValidator::SIGNATURE_INVALID; } } @@ -709,10 +707,11 @@ SignatureValidator::Result ImplTizenSignatureValidator::checkList(SignatureData // return SignatureValidator::SIGNATURE_INVALID; // } + (void) widgetContentPath; /* ReferenceValidator fileValidator(widgetContentPath); if (ReferenceValidator::NO_ERROR != fileValidator.checkReferences(data)) { - LogWarning("Invalid package - file references broken"); + WrtLogW("Invalid package - file references broken"); return SignatureValidator::SIGNATURE_INVALID; } */ @@ -727,7 +726,7 @@ SignatureValidator::Result ImplTizenSignatureValidator::checkList(SignatureData coll.load(sortedCertificateList); if (!coll.sort()) { - LogDebug("Collection does not contain chain!"); + WrtLogD("Collection does not contain chain!"); return SignatureValidator::SIGNATURE_INVALID; } @@ -749,7 +748,7 @@ SignatureValidator::Result ImplTizenSignatureValidator::checkList(SignatureData #endif if (disregard) { - LogWarning("Signature is disregard. RootCA is not a member of Tizen."); + WrtLogW("Signature is disregard. RootCA is not a member of Tizen."); return SignatureValidator::SIGNATURE_DISREGARD; } return SignatureValidator::SIGNATURE_VERIFIED; @@ -775,9 +774,9 @@ class ImplWacSignatureValidator : public SignatureValidator::ImplSignatureValida SignatureValidator::Result ImplWacSignatureValidator::checkList( - SignatureData &data, - const std::string &widgetContentPath, - const std::list<std::string>& uriList) + SignatureData & /* data */, + const std::string & /* widgetContentPath */, + const std::list<std::string>& /* uriList */) { return SignatureValidator::SIGNATURE_INVALID; } @@ -804,13 +803,13 @@ SignatureValidator::Result ImplWacSignatureValidator::check( // First step - sort certificate if (!collection.sort()) { - LogWarning("Certificates do not form valid chain."); + WrtLogW("Certificates do not form valid chain."); return SignatureValidator::SIGNATURE_INVALID; } // Check for error if (collection.empty()) { - LogWarning("Certificate list in signature is empty."); + WrtLogW("Certificate list in signature is empty."); return SignatureValidator::SIGNATURE_INVALID; } @@ -826,49 +825,43 @@ SignatureValidator::Result ImplWacSignatureValidator::check( // Is Root CA certificate trusted? CertStoreId::Set storeIdSet = createCertificateIdentifier().find(root); - LogDebug("Is root certificate from TIZEN_DEVELOPER domain: " - << storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER)); - LogDebug("Is root certificate from TIZEN_TEST domain: " - << storeIdSet.contains(CertStoreId::TIZEN_TEST)); - LogDebug("Is root certificate from TIZEN_VERIFY domain: " - << storeIdSet.contains(CertStoreId::TIZEN_VERIFY)); - LogDebug("Is root certificate from TIZEN_PUBLIC domain: " - << storeIdSet.contains(CertStoreId::VIS_PUBLIC)); - LogDebug("Is root certificate from TIZEN_PARTNER domain: " - << storeIdSet.contains(CertStoreId::VIS_PARTNER)); - LogDebug("Is root certificate from TIZEN_PLATFORM domain: " - << storeIdSet.contains(CertStoreId::VIS_PLATFORM)); - - LogDebug("Visibility level is public : " - << storeIdSet.contains(CertStoreId::VIS_PUBLIC)); - LogDebug("Visibility level is partner : " - << storeIdSet.contains(CertStoreId::VIS_PARTNER)); - LogDebug("Visibility level is platform : " - << storeIdSet.contains(CertStoreId::VIS_PLATFORM)); + WrtLogD("Is root certificate from TIZEN_DEVELOPER domain: %d", storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER)); + WrtLogD("Is root certificate from TIZEN_TEST domain: %d", storeIdSet.contains(CertStoreId::TIZEN_TEST)); + WrtLogD("Is root certificate from TIZEN_VERIFY domain: %d", storeIdSet.contains(CertStoreId::TIZEN_VERIFY)); + WrtLogD("Is root certificate from TIZEN_PUBLIC domain: %d", storeIdSet.contains(CertStoreId::VIS_PUBLIC)); + WrtLogD("Is root certificate from TIZEN_PARTNER domain: %d", storeIdSet.contains(CertStoreId::VIS_PARTNER)); + WrtLogD("Is root certificate from TIZEN_PLATFORM domain: %d", storeIdSet.contains(CertStoreId::VIS_PLATFORM)); - if (data.isAuthorSignature()) - { - if (!storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER)) - { - LogWarning("author-signature.xml has got unrecognized Root CA " - "certificate. Signature will be disregarded."); - disregard = true; - } - LogDebug("Root CA for author signature is correct."); - } else { - LogDebug("signaturefile name = " << data.getSignatureFileName().c_str()); + WrtLogD("Visibility level is public : %d", storeIdSet.contains(CertStoreId::VIS_PUBLIC)); + WrtLogD("Visibility level is partner : %d", storeIdSet.contains(CertStoreId::VIS_PARTNER)); + WrtLogD("Visibility level is platform : %d", storeIdSet.contains(CertStoreId::VIS_PLATFORM)); + + if (data.isAuthorSignature()) + { + if (!storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER)) + { + WrtLogW("author-signature.xml has got unrecognized Root CA " + "certificate. Signature will be disregarded."); + disregard = true; + } + } else { + WrtLogD("signaturefile name = %s", data.getSignatureFileName().c_str()); + if (storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER)) + { + WrtLogE("distributor has author level siganture! Signature will be disregarded."); + return SignatureValidator::SIGNATURE_INVALID; + } - //Additional Check for certificate registration if (data.getSignatureNumber() == 1) { if (storeIdSet.contains(CertStoreId::VIS_PUBLIC) || storeIdSet.contains(CertStoreId::VIS_PARTNER) || storeIdSet.contains(CertStoreId::VIS_PLATFORM)) { - LogDebug("Root CA for signature1.xml is correct."); + WrtLogD("Root CA for signature1.xml is correct."); } else { - LogWarning("signature1.xml has got unrecognized Root CA " + WrtLogW("signature1.xml has got unrecognized Root CA " "certificate. Signature will be disregarded."); disregard = true; } @@ -888,7 +881,7 @@ SignatureValidator::Result ImplWacSignatureValidator::check( // If the end certificate is not ROOT CA we should disregard signature // but still signature must be valid... Aaaaaa it's so stupid... if (!(root->isSignedBy(root))) { - LogWarning("Root CA certificate not found. Chain is incomplete."); + WrtLogW("Root CA certificate not found. Chain is incomplete."); // context.allowBrokenChain = true; } @@ -908,26 +901,28 @@ SignatureValidator::Result ImplWacSignatureValidator::check( char msg[1024]; t = localtime(&nowTime); + if (!t) + return SignatureValidator::SIGNATURE_INVALID_CERT_TIME; memset(&tc, 0, sizeof(tc)); snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", t->tm_year + 1900, t->tm_mon + 1,t->tm_mday ); - LogDebug("## System's currentTime : " << msg); + WrtLogD("## System's currentTime : %s", msg); fprintf(stderr, "## System's currentTime : %s\n", msg); tb = _ASN1_GetTimeT(notBeforeTime); snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", tb.tm_year + 1900, tb.tm_mon + 1,tb.tm_mday ); - LogDebug("## certificate's notBeforeTime : " << msg); + WrtLogD("## certificate's notBeforeTime : %s", msg); fprintf(stderr, "## certificate's notBeforeTime : %s\n", msg); ta = _ASN1_GetTimeT(notAfterTime); snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", ta.tm_year + 1900, ta.tm_mon + 1,ta.tm_mday ); - LogDebug("## certificate's notAfterTime : " << msg); + WrtLogD("## certificate's notAfterTime : %s", msg); fprintf(stderr, "## certificate's notAfterTime : %s\n", msg); if (storeIdSet.contains(CertStoreId::TIZEN_VERIFY)) { - LogDebug("## TIZEN_VERIFY : check certificate Time : FALSE"); + WrtLogD("## TIZEN_VERIFY : check certificate Time : FALSE"); fprintf(stderr, "## TIZEN_VERIFY : check certificate Time : FALSE\n"); return SignatureValidator::SIGNATURE_INVALID; } @@ -938,14 +933,14 @@ SignatureValidator::Result ImplWacSignatureValidator::check( tc.tm_mday = (tb.tm_mday + ta.tm_mday)/2; snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", tc.tm_year + 1900, tc.tm_mon + 1,tc.tm_mday ); - LogDebug("## cmp cert with validation time : " << msg); + WrtLogD("## cmp cert with validation time : %s", msg); fprintf(stderr, "## cmp cert with validation time : %s\n", msg); time_t outCurrent = mktime(&tc); context.validationTime = outCurrent; //return SignatureValidator::SIGNATURE_INVALID; } - + #endif #if 0 @@ -961,49 +956,52 @@ SignatureValidator::Result ImplWacSignatureValidator::check( if (notAfter < nowTime) { context.validationTime = notAfter - TIMET_DAY; - LogWarning("Author certificate is expired. notAfter..."); + WrtLogW("Author certificate is expired. notAfter..."); } */ if (notBefore > nowTime) { - LogWarning("Author certificate is expired. notBefore time is greater than system-time."); + WrtLogW("Author certificate is expired. notBefore time is greater than system-time."); t = localtime(&nowTime); - LogDebug("System's current Year : " << t->tm_year + 1900); - LogDebug("System's current month : " << t->tm_mon + 1); - LogDebug("System's current day : " << t->tm_mday); + WrtLogD("System's current Year : %d", (t->tm_year + 1900)); + WrtLogD("System's current month : %d", (t->tm_mon + 1)); + WrtLogD("System's current day : %d", (t->tm_mday)); t = localtime(¬Before); - LogDebug("Author certificate's notBefore Year : " << t->tm_year + 1900); - LogDebug("Author certificate's notBefore month : " << t->tm_mon + 1); - LogDebug("Author certificate's notBefore day : " << t->tm_mday); + WrtLogD("Author certificate's notBefore Year : %d", (t->tm_year + 1900)); + WrtLogD("Author certificate's notBefore month : %d", (t->tm_mon + 1)); + WrtLogD("Author certificate's notBefore day : %d", (t->tm_mday)); context.validationTime = notBefore + TIMET_DAY; t = localtime(&context.validationTime); - LogDebug("Modified current Year : " << t->tm_year + 1900); - LogDebug("Modified current notBefore month : " << t->tm_mon + 1); - LogDebug("Modified current notBefore day : " << t->tm_mday); + WrtLogD("Modified current Year : %d", (t->tm_year + 1900)); + WrtLogD("Modified current notBefore month : %d", (t->tm_mon + 1)); + WrtLogD("Modified current notBefore day : %d", (t->tm_mday)); } } #endif - if (XmlSec::NO_ERROR != XmlSecSingleton::Instance().validate(&context)) { - LogWarning("Installation break - invalid package!"); - return SignatureValidator::SIGNATURE_INVALID; - } + if (!data.isAuthorSignature()) + { + if (XmlSec::NO_ERROR != XmlSecSingleton::Instance().validate(&context)) { + WrtLogW("Installation break - invalid package!"); + return SignatureValidator::SIGNATURE_INVALID; + } - data.setReference(context.referenceSet); + data.setReference(context.referenceSet); - if (!checkObjectReferences(data)) { - return SignatureValidator::SIGNATURE_INVALID; - } + if (!checkObjectReferences(data)) { + return SignatureValidator::SIGNATURE_INVALID; + } - ReferenceValidator fileValidator(widgetContentPath); - if (ReferenceValidator::NO_ERROR != fileValidator.checkReferences(data)) { - LogWarning("Invalid package - file references broken"); - return SignatureValidator::SIGNATURE_INVALID; - } + ReferenceValidator fileValidator(widgetContentPath); + if (ReferenceValidator::NO_ERROR != fileValidator.checkReferences(data)) { + WrtLogW("Invalid package - file references broken"); + return SignatureValidator::SIGNATURE_INVALID; + } + } #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL // It is good time to do OCSP check @@ -1015,7 +1013,7 @@ SignatureValidator::Result ImplWacSignatureValidator::check( coll.load(sortedCertificateList); if (!coll.sort()) { - LogDebug("Collection does not contain chain!"); + WrtLogD("Collection does not contain chain!"); return SignatureValidator::SIGNATURE_INVALID; } @@ -1037,7 +1035,7 @@ SignatureValidator::Result ImplWacSignatureValidator::check( #endif if (disregard) { - LogWarning("Signature is disregard. RootCA is not a member of Tizen."); + WrtLogW("Signature is disregard. RootCA is not a member of Tizen."); return SignatureValidator::SIGNATURE_DISREGARD; } return SignatureValidator::SIGNATURE_VERIFIED; @@ -1052,7 +1050,7 @@ SignatureValidator::SignatureValidator( bool complianceMode) : m_impl(0) { - LogDebug( "appType :" << appType ); + WrtLogD( "appType :%d", appType ); if(appType == TIZEN) { diff --git a/vcore/src/vcore/SignatureValidator.h b/vcore/src/vcore/SignatureValidator.h index 512cd6b..1f3900c 100644 --- a/vcore/src/vcore/SignatureValidator.h +++ b/vcore/src/vcore/SignatureValidator.h @@ -22,15 +22,18 @@ #ifndef _VALIDATION_CORE_SIGNATUREVALIDATOR_H_ #define _VALIDATION_CORE_SIGNATUREVALIDATOR_H_ -#include <string> +#ifndef LOG_TAG +#undef LOG_TAG +#define LOG_TAG "OSP" +#endif -#include <dpl/noncopyable.h> +#include <string> #include <vcore/SignatureData.h> namespace ValidationCore { -class SignatureValidator : public DPL::Noncopyable { +class SignatureValidator { public: class ImplSignatureValidator; @@ -46,9 +49,22 @@ public: SIGNATURE_INVALID, SIGNATURE_VERIFIED, SIGNATURE_DISREGARD, // no ocsp response or ocsp return unknown status - SIGNATURE_REVOKED + SIGNATURE_REVOKED, + SIGNATURE_INVALID_CERT_CHAIN, //5, from here, new error enum + SIGNATURE_INVALID_DISTRIBUTOR_CERT, + SIGNATURE_INVALID_SDK_DEFAULT_AUTHOR_CERT, + SIGNATURE_IN_DISTRIBUTOR_CASE_AUTHOR_CERT, + SIGNATURE_INVALID_CERT_TIME, + SIGNATURE_NO_DEVICE_PROFILE, + SIGNATURE_INVALID_DEVICE_UNIQUE_ID, + SIGNATURE_INVALID_NO_HASH_FILE, + SIGNATURE_INVALID_HASH_SIGNATURE }; + SignatureValidator() = delete; + SignatureValidator(const SignatureValidator &) = delete; + const SignatureValidator &operator=(const SignatureValidator &) = delete; + explicit SignatureValidator( AppType appType, bool ocspEnable, diff --git a/vcore/src/vcore/SoupMessageSendAsync.h b/vcore/src/vcore/SoupMessageSendAsync.h deleted file mode 100644 index 07fcad5..0000000 --- a/vcore/src/vcore/SoupMessageSendAsync.h +++ /dev/null @@ -1,172 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/*! - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 0.1 - * @file SoupMessageSendAsync.h - * @brief Routines for certificate validation over OCSP - */ -#ifndef _SRC_VALIDATION_CORE_SOUP_MESSAGE_SEND_ASYNC_H_ -#define _SRC_VALIDATION_CORE_SOUP_MESSAGE_SEND_ASYNC_H_ - -#include <map> -#include <vector> - -#include <dpl/assert.h> - -#include <dpl/event/inter_context_delegate.h> - -#include <vcore/SoupMessageSendBase.h> - -namespace SoupWrapper { - -class SoupMessageSendAsync - : public SoupMessageSendBase - , public DPL::Event::ICDelegateSupport<SoupMessageSendAsync> -{ - typedef DPL::Event::ICDelegate<SoupSession*, SoupMessage*, void*> SoupDelegate; - public: - void sendAsync() { - Assert(m_status == STATUS_IDLE); - Assert(!m_soupSession); - Assert(!m_soupMessage); - - m_status = STATUS_SEND_ASYNC; - m_tryLeft = m_tryCount; - m_mainContext = g_main_context_new(); - - if (!m_mainContext){ - m_status = STATUS_IDLE; - - // call the delegate to outside with error! - return; - } - - m_soupSession = soup_session_async_new_with_options( - SOUP_SESSION_ASYNC_CONTEXT, - m_mainContext, - SOUP_SESSION_TIMEOUT, - m_timeout, - NULL); - - if (!m_soupSession){ - m_status = STATUS_IDLE; - g_object_unref(m_mainContext); - m_mainContext = 0; - - // call the deletage to outside with error! - return; - } - - m_soupMessage = createRequest(); - - if (!m_soupMessage){ - m_status = STATUS_IDLE; - g_object_unref(m_soupSession); - m_soupSession = 0; - g_object_unref(m_mainContext); - m_mainContext = 0; - - // call the delegate to outsize with error! - return; - } - - sendAsyncIterationStart(); - } - - protected: - - struct SoupDelegateOpaque { - SoupDelegate dlg; - }; - - void sendAsyncIterationStart(){ - // ICDelegate could be called only once. - // We can set user data only once. - // We need nasty hack because we will call ICDelegate m_tryCount times. - SoupDelegateOpaque *opaq = new SoupDelegateOpaque; - opaq->dlg = makeICDelegate(&SoupMessageSendAsync::requestReceiver); - - soup_session_queue_message(m_soupSession, - m_soupMessage, - soupSessionCallback, - reinterpret_cast<gpointer>(opaq)); - } - - void sendAsyncIteration(SoupDelegateOpaque *opaq){ - // Replace used ICDelegate with new one without changing - // userdata ;-) - opaq->dlg = makeICDelegate(&SoupMessageSendAsync::requestReceiver); - soup_session_requeue_message(m_soupSession, - m_soupMessage); - } - - void requestReceiver(SoupSession *session, SoupMessage *msg, void *opaque){ - // We are in thread which called sendAsync function. - Assert(session == m_soupSession); - Assert(msg == m_soupMessage); - Assert(opaque != 0); - Assert(m_status == STATUS_SEND_ASYNC); - - m_tryLeft--; - - if (msg->status_code == SOUP_STATUS_OK) { - m_responseBuffer.resize(msg->response_body->length); - memcpy(&m_responseBuffer[0], - msg->response_body->data, - msg->response_body->length); - // We are done. - m_status = STATUS_IDLE; - delete static_cast<SoupDelegateOpaque*>(opaque); - - // call the delegate to outside! - return; - } - - // Error protocol // - if (m_tryLeft <= 0) { - m_status = STATUS_IDLE; - delete static_cast<SoupDelegateOpaque*>(opaque); - - // call the delegate to outside with error! - return; - } - - // create delegate and send the request once again. - sendAsyncIteration(reinterpret_cast<SoupDelegateOpaque*>(opaque)); - } - - static void soupSessionCallback(SoupSession *session, - SoupMessage *msg, - gpointer userdata) - { - // We are in main thread. We need to switch context. - // This delegate can switch context to dpl thread or main thread. - SoupDelegateOpaque *opaque; - opaque = reinterpret_cast<SoupDelegateOpaque*>(userdata); - opaque->dlg(session, msg, userdata); - } - - int m_tryLeft; - - GMainContext *m_mainContext; - SoupSession *m_soupSession; - SoupMessage *m_soupMessage; -}; - -} // namespace ValidationCore - -#endif diff --git a/vcore/src/vcore/SoupMessageSendBase.cpp b/vcore/src/vcore/SoupMessageSendBase.cpp index e7f4742..a361c18 100644 --- a/vcore/src/vcore/SoupMessageSendBase.cpp +++ b/vcore/src/vcore/SoupMessageSendBase.cpp @@ -23,7 +23,7 @@ #include <dpl/assert.h> #include <dpl/foreach.h> -#include <dpl/log/log.h> +#include <dpl/log/wrt_log.h> namespace SoupWrapper { @@ -74,7 +74,7 @@ void SoupMessageSendBase::setRetry(int retry) { SoupMessage* SoupMessageSendBase::createRequest(){ SoupMessage *message; - LogInfo("Soup message will be send to: " << m_host.c_str()); + WrtLogI("Soup message will be send to: %s", m_host.c_str()); if (!m_requestBuffer.empty()) { message = soup_message_new("POST", m_host.c_str()); @@ -83,7 +83,7 @@ SoupMessage* SoupMessageSendBase::createRequest(){ } if (!message) { - LogError("Error creating request!"); + WrtLogE("Error creating request!"); return 0; } diff --git a/vcore/src/vcore/SoupMessageSendSync.cpp b/vcore/src/vcore/SoupMessageSendSync.cpp index e3f3ee4..8c7343c 100644 --- a/vcore/src/vcore/SoupMessageSendSync.cpp +++ b/vcore/src/vcore/SoupMessageSendSync.cpp @@ -26,7 +26,7 @@ #include <vconf.h> -#include <dpl/log/log.h> +#include <dpl/log/wrt_log.h> namespace SoupWrapper { @@ -43,11 +43,10 @@ SoupMessageSendBase::RequestStatus SoupMessageSendSync::sendSync() std::unique_ptr <SoupURI, std::function<void(SoupURI*)> > proxyURI(soup_uri_new (proxy.get()), soup_uri_free); - LogDebug("Proxy ptr:" << (void*)proxy.get() << - " Proxy addr: " << proxy.get()); + WrtLogD("Proxy ptr: %s Proxy addr: %s", (void*)proxy.get(), proxy.get()); for(int tryCount = 0; tryCount < m_tryCount; ++ tryCount){ - LogDebug("Try(" << tryCount << ") to download " << m_host); + WrtLogD("Try(%d) to download %s", tryCount, m_host.c_str()); ScopedSoupSession session(soup_session_async_new_with_options( SOUP_SESSION_ASYNC_CONTEXT, @@ -63,7 +62,7 @@ SoupMessageSendBase::RequestStatus SoupMessageSendSync::sendSync() msg.Reset(createRequest()); if (!msg) { - LogError("Unable to send HTTP request."); + WrtLogE("Unable to send HTTP request."); m_status = STATUS_IDLE; return REQUEST_STATUS_CONNECTION_ERROR; } @@ -80,10 +79,7 @@ SoupMessageSendBase::RequestStatus SoupMessageSendSync::sendSync() m_status = STATUS_IDLE; return REQUEST_STATUS_OK; } else { - LogWarning("Soup failed with code " << msg->status_code - << " message \n------------\n" - << msg->response_body->data - << "\n--------------\n"); + WrtLogW("Soup failed with code [%d] message [%s]", msg->status_code, msg->response_body->data); } } diff --git a/vcore/src/vcore/TimeConversion.cpp b/vcore/src/vcore/TimeConversion.cpp index 98c80f3..803f582 100644 --- a/vcore/src/vcore/TimeConversion.cpp +++ b/vcore/src/vcore/TimeConversion.cpp @@ -17,7 +17,7 @@ #include <string.h> -#include <dpl/log/log.h> +#include <dpl/log/wrt_log.h> #include <dpl/assert.h> namespace ValidationCore { @@ -97,12 +97,12 @@ int asn1GeneralizedTimeToTimeT(ASN1_GENERALIZEDTIME *tm, time_t *res) const int DATE_BUFFER_LENGTH = 15; // YYYYMMDDHHMMSSZ if (NULL == res || NULL == tm) { - LogError("NULL pointer"); + WrtLogE("NULL pointer"); return -1; } if (DATE_BUFFER_LENGTH != tm->length || NULL == tm->data) { - LogError("Invalid ASN1_GENERALIZEDTIME"); + WrtLogE("Invalid ASN1_GENERALIZEDTIME"); return -1; } @@ -116,7 +116,7 @@ int asn1GeneralizedTimeToTimeT(ASN1_GENERALIZEDTIME *tm, time_t *res) &time_s.tm_min, &time_s.tm_sec) < 6) { - LogError("Could not extract time data from ASN1_GENERALIZEDTIME"); + WrtLogE("Could not extract time data from ASN1_GENERALIZEDTIME"); return -1; } diff --git a/vcore/src/vcore/VCore.cpp b/vcore/src/vcore/VCore.cpp index fe1aa76..7788584 100644 --- a/vcore/src/vcore/VCore.cpp +++ b/vcore/src/vcore/VCore.cpp @@ -30,21 +30,13 @@ #include <glib-object.h> #include <dpl/assert.h> -#include <dpl/log/log.h> - -#include <tzplatform_config.h> - -namespace { +#include <dpl/log/wrt_log.h> #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL -DPL::DB::ThreadDatabaseSupport *threadInterface = NULL; -const std::string DatabasePath = tzplatform_mkpath(TZ_SYS_DB, ".cert_svc_vcore.db"); -#endif - -const std::string FingerprintListPath = tzplatform_mkpath(TZ_SYS_SHARE, "ca-certificates/fingerprint/fingerprint_list.xml"); -const std::string FingerprintListSchemaPath = tzplatform_mkpath(TZ_SYS_SHARE, "ca-certificates/fingerprint/fingerprint_list.xsd"); - +namespace { +VcoreDPL::DB::ThreadDatabaseSupport *threadInterface = NULL; } // namespace anonymous +#endif namespace ValidationCore { @@ -54,24 +46,24 @@ void AttachToThreadRO(void) Assert(threadInterface); static bool check = true; threadInterface->AttachToThread( - DPL::DB::SqlConnection::Flag::RO); + VcoreDPL::DB::SqlConnection::Flag::RO); // We can have race condition here but CheckTableExist // is thread safe and nothing bad will happend. if (check) { check = false; Assert(ThreadInterface().CheckTableExist(DB_CHECKSUM_STR) && - "Not a valid vcore database version"); + "Not a valid vcore database version"); } #endif } void AttachToThreadRW(void) { -#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL +#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL Assert(threadInterface); static bool check = true; threadInterface->AttachToThread( - DPL::DB::SqlConnection::Flag::RW); + VcoreDPL::DB::SqlConnection::Flag::RW); // We can have race condition here but CheckTableExist // is thread safe and nothing bad will happend. if (check) { @@ -89,31 +81,31 @@ void DetachFromThread(void){ #endif } #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL -DPL::DB::ThreadDatabaseSupport& ThreadInterface(void) { +VcoreDPL::DB::ThreadDatabaseSupport& ThreadInterface(void) { Assert(threadInterface); return *threadInterface; } #endif + void VCoreInit() { -#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL - if (threadInterface) { - LogDebug("Already Initialized"); - return; +#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL + if (threadInterface) { + WrtLogD("Already Initialized"); + return true; } - threadInterface = new DPL::DB::ThreadDatabaseSupport( - DatabasePath.c_str(), - DPL::DB::SqlConnection::Flag::UseLucene); + threadInterface = new VcoreDPL::DB::ThreadDatabaseSupport( + CERTSVC_VCORE_DB, + VcoreDPL::DB::SqlConnection::Flag::UseLucene); #endif SSL_library_init(); - g_type_init(); Config &globalConfig = ConfigSingleton::Instance(); - globalConfig.setXMLConfigPath(FingerprintListPath); - globalConfig.setXMLSchemaPath(FingerprintListSchemaPath); + globalConfig.setXMLConfigPath(std::string(FINGERPRINT_LIST_PATH)); + globalConfig.setXMLSchemaPath(std::string(FINGERPRINT_LIST_SCHEMA_PATH)); } void VCoreDeinit() diff --git a/vcore/src/vcore/VCorePrivate.h b/vcore/src/vcore/VCorePrivate.h index a2955b1..802d3fa 100644 --- a/vcore/src/vcore/VCorePrivate.h +++ b/vcore/src/vcore/VCorePrivate.h @@ -31,7 +31,7 @@ namespace ValidationCore { #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL -DPL::DB::ThreadDatabaseSupport& ThreadInterface(void); +VcoreDPL::DB::ThreadDatabaseSupport& ThreadInterface(void); #endif } // namespace ValidationCore diff --git a/vcore/src/vcore/ValidatorFactories.cpp b/vcore/src/vcore/ValidatorFactories.cpp index c068df7..93238c6 100644 --- a/vcore/src/vcore/ValidatorFactories.cpp +++ b/vcore/src/vcore/ValidatorFactories.cpp @@ -21,12 +21,12 @@ */ #include <vcore/ValidatorFactories.h> -#include <string> -#include <dpl/log/log.h> - #include <vcore/Certificate.h> #include <vcore/CertificateConfigReader.h> #include <vcore/Config.h> +#include <dpl/log/wrt_log.h> + +#include <string> namespace ValidationCore { @@ -38,12 +38,13 @@ const CertificateIdentifier& createCertificateIdentifier() CertificateConfigReader reader; std::string file = ConfigSingleton::Instance().getXMLConfigPath(); - LogDebug("File with fingerprint list is: " << file); + WrtLogD("File with fingerprint list is: %s", file.c_str()); std::string schema = ConfigSingleton::Instance().getXMLSchemaPath(); - LogDebug("File with fingerprint list schema is: " << schema); + WrtLogD("File with fingerprint list schema is: %s", schema.c_str()); reader.initialize(file, schema); reader.read(certificateIdentifier); + initialized = true; } return certificateIdentifier; diff --git a/vcore/src/vcore/WacOrigin.cpp b/vcore/src/vcore/WacOrigin.cpp index 7ca0174..304f0e8 100644 --- a/vcore/src/vcore/WacOrigin.cpp +++ b/vcore/src/vcore/WacOrigin.cpp @@ -113,7 +113,7 @@ void WacOrigin::parse(const char *url) char *output = NULL; if (IDNA_SUCCESS != idna_to_ascii_lz(m_host.c_str(), &output, IDNA_USE_STD3_ASCII_RULES)) { - LogError("libidn error"); + WrtLogE("libidn error"); m_parseFailed = true; free(output); return; @@ -144,7 +144,7 @@ void WacOrigin::setPort() m_port = PORT_HTTPS; return; } else { - LogDebug("Scheme " << m_scheme << " is not support by WAC2.0"); + WrtLogD("Scheme %s is not support by WAC2.0 ", m_scheme.c_str()); m_parseFailed = true; } } diff --git a/vcore/src/vcore/WrtSignatureValidator.cpp b/vcore/src/vcore/WrtSignatureValidator.cpp index 654b05b..81fc201 100644 --- a/vcore/src/vcore/WrtSignatureValidator.cpp +++ b/vcore/src/vcore/WrtSignatureValidator.cpp @@ -21,7 +21,6 @@ */ #include <vcore/WrtSignatureValidator.h> -#include <dpl/log/log.h> #include <vcore/CertificateVerifier.h> #include <vcore/Certificate.h> #include <vcore/OCSPCertMgrUtil.h> @@ -29,6 +28,8 @@ #include <vcore/ValidatorFactories.h> #include <vcore/XmlsecAdapter.h> +#include <dpl/log/wrt_log.h> + namespace { const time_t TIMET_DAY = 60 * 60 * 24; @@ -38,6 +39,7 @@ const std::string TOKEN_ROLE_DISTRIBUTOR_URI = "http://www.w3.org/ns/widgets-digsig#role-distributor"; const std::string TOKEN_PROFILE_URI = "http://www.w3.org/ns/widgets-digsig#profile"; + } // namespace anonymouse static tm _ASN1_GetTimeT(ASN1_TIME* time) @@ -50,20 +52,26 @@ static tm _ASN1_GetTimeT(ASN1_TIME* time) if (time->type == V_ASN1_UTCTIME) /* two digit year */ { - t.tm_year = (str[i++] - '0') * 10 + (str[++i] - '0'); + t.tm_year = (str[i] - '0') * 10 + (str[i+1] - '0'); + i += 2; if (t.tm_year < 70) t.tm_year += 100; } else if (time->type == V_ASN1_GENERALIZEDTIME) /* four digit year */ { - t.tm_year = (str[i++] - '0') * 1000 + (str[++i] - '0') * 100 + (str[++i] - '0') * 10 + (str[++i] - '0'); + t.tm_year = + (str[i] - '0') * 1000 + + (str[i+1] - '0') * 100 + + (str[i+2] - '0') * 10 + + (str[i+3] - '0'); + i += 4; t.tm_year -= 1900; } - t.tm_mon = ((str[i++] - '0') * 10 + (str[++i] - '0')) - 1; // -1 since January is 0 not 1. - t.tm_mday = (str[i++] - '0') * 10 + (str[++i] - '0'); - t.tm_hour = (str[i++] - '0') * 10 + (str[++i] - '0'); - t.tm_min = (str[i++] - '0') * 10 + (str[++i] - '0'); - t.tm_sec = (str[i++] - '0') * 10 + (str[++i] - '0'); + t.tm_mon = ((str[i] - '0') * 10 + (str[i+1] - '0')) - 1; // -1 since January is 0 not 1. + t.tm_mday = (str[i+2] - '0') * 10 + (str[i+3] - '0'); + t.tm_hour = (str[i+4] - '0') * 10 + (str[i+5] - '0'); + t.tm_min = (str[i+6] - '0') * 10 + (str[i+7] - '0'); + t.tm_sec = (str[i+8] - '0') * 10 + (str[i+9] - '0'); /* Note: we did not adjust the time based on time zone information */ return t; @@ -82,30 +90,34 @@ public: bool crlEnable, bool complianceMode) : m_complianceModeEnabled(complianceMode) - #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL - , m_ocspEnable(ocspEnable) - , m_crlEnable(crlEnable) - #endif - {} + { +#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL + m_ocspEnable = ocspEnable; + m_crlEnable = crlEnable; +#else + (void) ocspEnable; + (void) crlEnable; +#endif + } - virtual ~Impl(){} + virtual ~Impl() {} bool checkRoleURI(const SignatureData &data) { std::string roleURI = data.getRoleURI(); if (roleURI.empty()) { - LogWarning("URI attribute in Role tag couldn't be empty."); + WrtLogW("URI attribute in Role tag couldn't be empty."); return false; } if (roleURI != TOKEN_ROLE_AUTHOR_URI && data.isAuthorSignature()) { - LogWarning("URI attribute in Role tag does not " + WrtLogW("URI attribute in Role tag does not " "match with signature filename."); return false; } if (roleURI != TOKEN_ROLE_DISTRIBUTOR_URI && !data.isAuthorSignature()) { - LogWarning("URI attribute in Role tag does not " + WrtLogW("URI attribute in Role tag does not " "match with signature filename."); return false; } @@ -114,9 +126,7 @@ public: bool checkProfileURI(const SignatureData &data) { if (TOKEN_PROFILE_URI != data.getProfileURI()) { - LogWarning( - "Profile tag contains unsupported value in URI attribute(" << - data.getProfileURI() << ")."); + WrtLogW("Profile tag contains unsupported value in URI attribute (%s).", (data.getProfileURI()).c_str()); return false; } return true; @@ -127,8 +137,7 @@ public: ObjectList::const_iterator iter; for (iter = objectList.begin(); iter != objectList.end(); ++iter) { if (!data.containObjectReference(*iter)) { - LogWarning("Signature does not contain reference for object " << - *iter); + WrtLogW("Signature does not contain reference for object %s", (*iter).c_str()); return false; } } @@ -143,9 +152,8 @@ protected: }; -class ImplTizen : public WrtSignatureValidator::Impl -{ - public: +class ImplTizen : public WrtSignatureValidator::Impl { +public: WrtSignatureValidator::Result check(SignatureData &data, const std::string &widgetContentPath); @@ -179,14 +187,14 @@ WrtSignatureValidator::Result ImplTizen::check( // First step - sort certificate if (!collection.sort()) { - LogWarning("Certificates do not form valid chain."); - return WrtSignatureValidator::SIGNATURE_INVALID; + WrtLogW("Certificates do not form valid chain."); + return WrtSignatureValidator::SIGNATURE_INVALID_CERT_CHAIN;//SIGNATURE_INVALID; } // Check for error if (collection.empty()) { - LogWarning("Certificate list in signature is empty."); - return WrtSignatureValidator::SIGNATURE_INVALID; + WrtLogW("Certificate list in signature is empty."); + return WrtSignatureValidator::SIGNATURE_INVALID_CERT_CHAIN;//SIGNATURE_INVALID; } CertificateList sortedCertificateList = collection.getChain(); @@ -201,48 +209,44 @@ WrtSignatureValidator::Result ImplTizen::check( // Is Root CA certificate trusted? CertStoreId::Set storeIdSet = createCertificateIdentifier().find(root); - LogDebug("Is root certificate from TIZEN_DEVELOPER domain: " - << storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER)); - LogDebug("Is root certificate from TIZEN_TEST domain: " - << storeIdSet.contains(CertStoreId::TIZEN_TEST)); - LogDebug("Is root certificate from TIZEN_VERIFY domain: " - << storeIdSet.contains(CertStoreId::TIZEN_VERIFY)); - LogDebug("Is root certificate from TIZEN_PUBLIC domain: " - << storeIdSet.contains(CertStoreId::VIS_PUBLIC)); - LogDebug("Is root certificate from TIZEN_PARTNER domain: " - << storeIdSet.contains(CertStoreId::VIS_PARTNER)); - LogDebug("Is root certificate from TIZEN_PLATFORM domain: " - << storeIdSet.contains(CertStoreId::VIS_PLATFORM)); - LogDebug("Visibility level is public : " - << storeIdSet.contains(CertStoreId::VIS_PUBLIC)); - LogDebug("Visibility level is partner : " - << storeIdSet.contains(CertStoreId::VIS_PARTNER)); - LogDebug("Visibility level is platform : " - << storeIdSet.contains(CertStoreId::VIS_PLATFORM)); + WrtLogD("Is root certificate from TIZEN_DEVELOPER domain: %d", storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER)); + WrtLogD("Is root certificate from TIZEN_TEST domain: %d", storeIdSet.contains(CertStoreId::TIZEN_TEST)); + WrtLogD("Is root certificate from TIZEN_VERIFY domain: %d", storeIdSet.contains(CertStoreId::TIZEN_VERIFY)); + WrtLogD("Is root certificate from TIZEN_PUBLIC domain: %d", storeIdSet.contains(CertStoreId::VIS_PUBLIC)); + WrtLogD("Is root certificate from TIZEN_PARTNER domain: %d", storeIdSet.contains(CertStoreId::VIS_PARTNER)); + WrtLogD("Is root certificate from TIZEN_PLATFORM domain: %d", storeIdSet.contains(CertStoreId::VIS_PLATFORM)); + WrtLogD("Visibility level is public : %d", storeIdSet.contains(CertStoreId::VIS_PUBLIC)); + WrtLogD("Visibility level is partner : %d", storeIdSet.contains(CertStoreId::VIS_PARTNER)); + WrtLogD("Visibility level is platform : %d", storeIdSet.contains(CertStoreId::VIS_PLATFORM)); if (data.isAuthorSignature()) { if (!storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER)) { - LogWarning("author-signature.xml has got unrecognized Root CA " - "certificate. Signature will be disregarded."); - disregard = true; + WrtLogW("author-signature.xml has got unrecognized Root CA " + "certificate. Signature will be disregarded."); + disregard = true; } - LogDebug("Root CA for author signature is correct."); } - else + else // distributor { - LogDebug("signaturefile name = " << data.getSignatureFileName().c_str()); + if (storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER)) + { + WrtLogW("distributor has author level siganture! Signature will be disregarded."); + return WrtSignatureValidator::SIGNATURE_IN_DISTRIBUTOR_CASE_AUTHOR_CERT;//SIGNATURE_INVALID; + } + WrtLogD("signaturefile name = %s", data.getSignatureFileName().c_str()); + if (data.getSignatureNumber() == 1) { if (storeIdSet.contains(CertStoreId::VIS_PUBLIC) || storeIdSet.contains(CertStoreId::VIS_PARTNER) || storeIdSet.contains(CertStoreId::VIS_PLATFORM)) { - LogDebug("Root CA for signature1.xml is correct."); + WrtLogD("Root CA for signature1.xml is correct."); } else { - LogWarning("signature1.xml has got unrecognized Root CA " + WrtLogW("signature1.xml has got unrecognized Root CA " "certificate. Signature will be disregarded."); disregard = true; } @@ -262,7 +266,7 @@ WrtSignatureValidator::Result ImplTizen::check( // If the end certificate is not ROOT CA we should disregard signature // but still signature must be valid... Aaaaaa it's so stupid... if (!(root->isSignedBy(root))) { - LogWarning("Root CA certificate not found. Chain is incomplete."); + WrtLogW("Root CA certificate not found. Chain is incomplete."); //context.allowBrokenChain = true; } @@ -282,44 +286,46 @@ WrtSignatureValidator::Result ImplTizen::check( char msg[1024]; t = localtime(&nowTime); + if (!t) + return WrtSignatureValidator::SIGNATURE_INVALID_CERT_TIME; memset(&tc, 0, sizeof(tc)); snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", t->tm_year + 1900, t->tm_mon + 1,t->tm_mday ); - LogDebug("## System's currentTime : " << msg); + WrtLogD("## System's currentTime : %s", msg); fprintf(stderr, "## System's currentTime : %s\n", msg); tb = _ASN1_GetTimeT(notBeforeTime); snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", tb.tm_year + 1900, tb.tm_mon + 1,tb.tm_mday ); - LogDebug("## certificate's notBeforeTime : " << msg); + WrtLogD("## certificate's notBeforeTime : %s", msg); fprintf(stderr, "## certificate's notBeforeTime : %s\n", msg); ta = _ASN1_GetTimeT(notAfterTime); snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", ta.tm_year + 1900, ta.tm_mon + 1,ta.tm_mday ); - LogDebug("## certificate's notAfterTime : " << msg); + WrtLogD("## certificate's notAfterTime : %s", msg); fprintf(stderr, "## certificate's notAfterTime : %s\n", msg); - if (storeIdSet.contains(CertStoreId::TIZEN_VERIFY)) - { - LogDebug("## TIZEN_VERIFY : check certificate Time : FALSE"); + if (storeIdSet.contains(CertStoreId::TIZEN_TEST) || storeIdSet.contains(CertStoreId::TIZEN_VERIFY)) + { + WrtLogD("## TIZEN_VERIFY : check certificate Time : FALSE"); fprintf(stderr, "## TIZEN_VERIFY : check certificate Time : FALSE\n"); - return WrtSignatureValidator::SIGNATURE_INVALID; + return WrtSignatureValidator::SIGNATURE_INVALID_CERT_TIME;//SIGNATURE_INVALID; } int year = (ta.tm_year - tb.tm_year) / 4; if(year == 0) { - tc.tm_year = tb.tm_year; + tc.tm_year = tb.tm_year; tc.tm_mon = tb.tm_mon + 1; tc.tm_mday = tb.tm_mday; if(tc.tm_mon == 12) { - tc.tm_year = ta.tm_year; + tc.tm_year = ta.tm_year; tc.tm_mon = ta.tm_mon - 1; tc.tm_mday = ta.tm_mday; - + if(tc.tm_mon < 0) { tc.tm_year = ta.tm_year; @@ -328,21 +334,21 @@ WrtSignatureValidator::Result ImplTizen::check( if(tc.tm_mday == 0) { - tc.tm_year = tb.tm_year; + tc.tm_year = tb.tm_year; tc.tm_mon = tb.tm_mon; tc.tm_mday = tb.tm_mday +1; } } - } + } } else{ tc.tm_year = tb.tm_year + year; tc.tm_mon = (tb.tm_mon + ta.tm_mon )/2; - tc.tm_mday = (tb.tm_mday + ta.tm_mday)/2; + tc.tm_mday = (tb.tm_mday + ta.tm_mday)/2; } snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", tc.tm_year + 1900, tc.tm_mon + 1,tc.tm_mday ); - LogDebug("## cmp cert with validation time : " << msg); + WrtLogD("## cmp cert with validation time : %s", msg); fprintf(stderr, "## cmp cert with validation time : %s\n", msg); time_t outCurrent = mktime(&tc); @@ -351,7 +357,7 @@ WrtSignatureValidator::Result ImplTizen::check( fprintf(stderr, "## cmp outCurrent time : %ld\n", outCurrent); //return WrtSignatureValidator::SIGNATURE_INVALID; - } + } #endif @@ -368,30 +374,30 @@ WrtSignatureValidator::Result ImplTizen::check( if (notAfter < nowTime) { context.validationTime = notAfter - TIMET_DAY; - LogWarning("Author certificate is expired. notAfter..."); + WrtLogW("Author certificate is expired. notAfter..."); } */ if (notBefore > nowTime) { - LogWarning("Author certificate is expired. notBefore time is greater than system-time."); + WrtLogW("Author certificate is expired. notBefore time is greater than system-time."); t = localtime(&nowTime); - LogDebug("System's current Year : " << t->tm_year + 1900); - LogDebug("System's current month : " << t->tm_mon + 1); - LogDebug("System's current day : " << t->tm_mday); + WrtLogD("System's current Year : %d", (t->tm_year + 1900)); + WrtLogD("System's current month : %d", (t->tm_mon + 1)); + WrtLogD("System's current day : %d", (t->tm_mday)); t = localtime(¬Before); - LogDebug("Author certificate's notBefore Year : " << t->tm_year + 1900); - LogDebug("Author certificate's notBefore month : " << t->tm_mon + 1); - LogDebug("Author certificate's notBefore day : " << t->tm_mday); + WrtLogD("Author certificate's notBefore Year : %d", (t->tm_year + 1900)); + WrtLogD("Author certificate's notBefore month : %d", (t->tm_mon + 1)); + WrtLogD("Author certificate's notBefore day : %d", (t->tm_mday)); context.validationTime = notBefore + TIMET_DAY; t = localtime(&context.validationTime); - LogDebug("Modified current Year : " << t->tm_year + 1900); - LogDebug("Modified current notBefore month : " << t->tm_mon + 1); - LogDebug("Modified current notBefore day : " << t->tm_mday); + WrtLogD("Modified current Year : %d", (t->tm_year + 1900)); + WrtLogD("Modified current notBefore month : %d", (t->tm_mon + 1)); + WrtLogD("Modified current notBefore day : %d", (t->tm_mday)); } } #endif @@ -399,22 +405,26 @@ WrtSignatureValidator::Result ImplTizen::check( //context.allowBrokenChain = true; // end - if (XmlSec::NO_ERROR != XmlSecSingleton::Instance().validate(&context)) { - LogWarning("Installation break - invalid package!"); - return WrtSignatureValidator::SIGNATURE_INVALID; - } + if (!data.isAuthorSignature()) + { + if (XmlSec::NO_ERROR != XmlSecSingleton::Instance().validate(&context)) { + WrtLogW("Installation break - invalid package!"); + return WrtSignatureValidator::SIGNATURE_INVALID_HASH_SIGNATURE;//SIGNATURE_INVALID; + } - data.setReference(context.referenceSet); + data.setReference(context.referenceSet); - if (!checkObjectReferences(data)) { - return WrtSignatureValidator::SIGNATURE_INVALID; - } + if (!checkObjectReferences(data)) { + WrtLogW("Failed to check Object References"); + return WrtSignatureValidator::SIGNATURE_INVALID_HASH_SIGNATURE;//SIGNATURE_INVALID; + } - ReferenceValidator fileValidator(widgetContentPath); - if (ReferenceValidator::NO_ERROR != fileValidator.checkReferences(data)) { - LogWarning("Invalid package - file references broken"); - return WrtSignatureValidator::SIGNATURE_INVALID; - } + ReferenceValidator fileValidator(widgetContentPath); + if (ReferenceValidator::NO_ERROR != fileValidator.checkReferences(data)) { + WrtLogW("Invalid package - file references broken"); + return WrtSignatureValidator::SIGNATURE_INVALID_NO_HASH_FILE;//SIGNATURE_INVALID; + } + } #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL // It is good time to do OCSP check @@ -426,8 +436,8 @@ WrtSignatureValidator::Result ImplTizen::check( coll.load(sortedCertificateList); if (!coll.sort()) { - LogDebug("Collection does not contain chain!"); - return WrtSignatureValidator::SIGNATURE_INVALID; + WrtLogD("Collection does not contain chain!"); + return WrtSignatureValidator::SIGNATURE_INVALID_CERT_CHAIN;//SIGNATURE_INVALID; } CertificateVerifier verificator(m_ocspEnable, m_crlEnable); @@ -440,23 +450,23 @@ WrtSignatureValidator::Result ImplTizen::check( if (result == VERIFICATION_STATUS_UNKNOWN || result == VERIFICATION_STATUS_ERROR) { - #ifdef _OCSP_POLICY_DISREGARD_UNKNOWN_OR_ERROR_CERTS_ +#ifdef _OCSP_POLICY_DISREGARD_UNKNOWN_OR_ERROR_CERTS_ disregard = true; - #endif +#endif } } #endif if (disregard) { - LogWarning("Signature is disregard. RootCA is not a member of Tizen"); - return WrtSignatureValidator::SIGNATURE_DISREGARD; + WrtLogW("Signature is disregard. RootCA is not a member of Tizen"); + return WrtSignatureValidator::SIGNATURE_INVALID_DISTRIBUTOR_CERT;//SIGNATURE_DISREGARD; } return WrtSignatureValidator::SIGNATURE_VERIFIED; } class ImplWac : public WrtSignatureValidator::Impl { - public: +public: WrtSignatureValidator::Result check(SignatureData &data, const std::string &widgetContentPath); @@ -490,13 +500,13 @@ WrtSignatureValidator::Result ImplWac::check( // First step - sort certificate if (!collection.sort()) { - LogWarning("Certificates do not form valid chain."); + WrtLogW("Certificates do not form valid chain."); return WrtSignatureValidator::SIGNATURE_INVALID; } // Check for error if (collection.empty()) { - LogWarning("Certificate list in signature is empty."); + WrtLogW("Certificate list in signature is empty."); return WrtSignatureValidator::SIGNATURE_INVALID; } @@ -512,50 +522,44 @@ WrtSignatureValidator::Result ImplWac::check( // Is Root CA certificate trusted? CertStoreId::Set storeIdSet = createCertificateIdentifier().find(root); - LogDebug("Is root certificate from TIZEN_DEVELOPER domain: " - << storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER)); - LogDebug("Is root certificate from TIZEN_TEST domain: " - << storeIdSet.contains(CertStoreId::TIZEN_TEST)); - LogDebug("Is root certificate from TIZEN_VERIFY domain: " - << storeIdSet.contains(CertStoreId::TIZEN_VERIFY)); - LogDebug("Is root certificate from TIZEN_PUBLIC domain: " - << storeIdSet.contains(CertStoreId::VIS_PUBLIC)); - LogDebug("Is root certificate from TIZEN_PARTNER domain: " - << storeIdSet.contains(CertStoreId::VIS_PARTNER)); - LogDebug("Is root certificate from TIZEN_PLATFORM domain: " - << storeIdSet.contains(CertStoreId::VIS_PLATFORM)); - - LogDebug("Visibility level is public : " - << storeIdSet.contains(CertStoreId::VIS_PUBLIC)); - LogDebug("Visibility level is partner : " - << storeIdSet.contains(CertStoreId::VIS_PARTNER)); - LogDebug("Visibility level is platform : " - << storeIdSet.contains(CertStoreId::VIS_PLATFORM)); + WrtLogD("Is root certificate from TIZEN_DEVELOPER domain: %d", storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER)); + WrtLogD("Is root certificate from TIZEN_TEST domain: %d", storeIdSet.contains(CertStoreId::TIZEN_TEST)); + WrtLogD("Is root certificate from TIZEN_VERIFY domain: %d", storeIdSet.contains(CertStoreId::TIZEN_VERIFY)); + WrtLogD("Is root certificate from TIZEN_PUBLIC domain: %d", storeIdSet.contains(CertStoreId::VIS_PUBLIC)); + WrtLogD("Is root certificate from TIZEN_PARTNER domain: %d", storeIdSet.contains(CertStoreId::VIS_PARTNER)); + WrtLogD("Is root certificate from TIZEN_PLATFORM domain: %d", storeIdSet.contains(CertStoreId::VIS_PLATFORM)); + + WrtLogD("Visibility level is public : %d", storeIdSet.contains(CertStoreId::VIS_PUBLIC)); + WrtLogD("Visibility level is partner : %d", storeIdSet.contains(CertStoreId::VIS_PARTNER)); + WrtLogD("Visibility level is platform : %d", storeIdSet.contains(CertStoreId::VIS_PLATFORM)); if (data.isAuthorSignature()) { if (!storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER)) { - LogWarning("author-signature.xml has got unrecognized Root CA " - "certificate. Signature will be disregarded."); - disregard = true; + WrtLogW("author-signature.xml has got unrecognized Root CA " + "certificate. Signature will be disregarded."); + disregard = true; } - LogDebug("Root CA for author signature is correct."); } else { - LogDebug("signaturefile name = " << data.getSignatureFileName().c_str()); - //Additional Check for certificate registration + if (storeIdSet.contains(CertStoreId::TIZEN_DEVELOPER)) + { + WrtLogW("distributor has author level siganture! Signature will be disregarded."); + return WrtSignatureValidator::SIGNATURE_INVALID; + } + WrtLogD("signaturefile name = %s", data.getSignatureFileName().c_str()); if (data.getSignatureNumber() == 1) { if (storeIdSet.contains(CertStoreId::VIS_PUBLIC) || storeIdSet.contains(CertStoreId::VIS_PARTNER) || storeIdSet.contains(CertStoreId::VIS_PLATFORM)) { - LogDebug("Root CA for signature1.xml is correct."); + WrtLogD("Root CA for signature1.xml is correct."); } else { - LogWarning("signature1.xml has got unrecognized Root CA " + WrtLogW("signature1.xml has got unrecognized Root CA " "certificate. Signature will be disregarded."); disregard = true; } @@ -575,7 +579,7 @@ WrtSignatureValidator::Result ImplWac::check( // If the end certificate is not ROOT CA we should disregard signature // but still signature must be valid... Aaaaaa it's so stupid... if (!(root->isSignedBy(root))) { - LogWarning("Root CA certificate not found. Chain is incomplete."); + WrtLogW("Root CA certificate not found. Chain is incomplete."); // context.allowBrokenChain = true; } @@ -595,26 +599,28 @@ WrtSignatureValidator::Result ImplWac::check( char msg[1024]; t = localtime(&nowTime); + if (!t) + return WrtSignatureValidator::SIGNATURE_INVALID_CERT_TIME; memset(&tc, 0, sizeof(tc)); snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", t->tm_year + 1900, t->tm_mon + 1,t->tm_mday ); - LogDebug("## System's currentTime : " << msg); + WrtLogD("## System's currentTime : %s", msg); fprintf(stderr, "## System's currentTime : %s\n", msg); tb = _ASN1_GetTimeT(notBeforeTime); snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", tb.tm_year + 1900, tb.tm_mon + 1,tb.tm_mday ); - LogDebug("## certificate's notBeforeTime : " << msg); + WrtLogD("## certificate's notBeforeTime : %s", msg); fprintf(stderr, "## certificate's notBeforeTime : %s\n", msg); ta = _ASN1_GetTimeT(notAfterTime); snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", ta.tm_year + 1900, ta.tm_mon + 1,ta.tm_mday ); - LogDebug("## certificate's notAfterTime : " << msg); + WrtLogD("## certificate's notAfterTime : %s", msg); fprintf(stderr, "## certificate's notAfterTime : %s\n", msg); if (storeIdSet.contains(CertStoreId::TIZEN_VERIFY)) { - LogDebug("## TIZEN_VERIFY : check certificate Time : FALSE"); + WrtLogD("## TIZEN_VERIFY : check certificate Time : FALSE"); fprintf(stderr, "## TIZEN_VERIFY : check certificate Time : FALSE\n"); return WrtSignatureValidator::SIGNATURE_INVALID; } @@ -623,16 +629,16 @@ WrtSignatureValidator::Result ImplWac::check( if(year == 0) { - tc.tm_year = tb.tm_year; + tc.tm_year = tb.tm_year; tc.tm_mon = tb.tm_mon + 1; tc.tm_mday = tb.tm_mday; if(tc.tm_mon == 12) { - tc.tm_year = ta.tm_year; + tc.tm_year = ta.tm_year; tc.tm_mon = ta.tm_mon - 1; tc.tm_mday = ta.tm_mday; - + if(tc.tm_mon < 0) { tc.tm_year = ta.tm_year; @@ -641,21 +647,21 @@ WrtSignatureValidator::Result ImplWac::check( if(tc.tm_mday == 0) { - tc.tm_year = tb.tm_year; + tc.tm_year = tb.tm_year; tc.tm_mon = tb.tm_mon; tc.tm_mday = tb.tm_mday +1; } } - } + } } else{ tc.tm_year = tb.tm_year + year; tc.tm_mon = (tb.tm_mon + ta.tm_mon )/2; - tc.tm_mday = (tb.tm_mday + ta.tm_mday)/2; + tc.tm_mday = (tb.tm_mday + ta.tm_mday)/2; } snprintf(msg, sizeof(msg), "Year: %d, month: %d, day : %d", tc.tm_year + 1900, tc.tm_mon + 1,tc.tm_mday ); - LogDebug("## cmp cert with validation time : " << msg); + WrtLogD("## cmp cert with validation time : %s", msg); fprintf(stderr, "## cmp cert with validation time : %s\n", msg); time_t outCurrent = mktime(&tc); @@ -664,7 +670,7 @@ WrtSignatureValidator::Result ImplWac::check( context.validationTime = outCurrent; //return WrtSignatureValidator::SIGNATURE_INVALID; - } + } #endif @@ -681,49 +687,53 @@ WrtSignatureValidator::Result ImplWac::check( if (notAfter < nowTime) { context.validationTime = notAfter - TIMET_DAY; - LogWarning("Author certificate is expired. notAfter..."); + WrtLogW("Author certificate is expired. notAfter..."); } */ if (notBefore > nowTime) { - LogWarning("Author certificate is expired. notBefore time is greater than system-time."); + WrtLogW("Author certificate is expired. notBefore time is greater than system-time."); t = localtime(&nowTime); - LogDebug("System's current Year : " << t->tm_year + 1900); - LogDebug("System's current month : " << t->tm_mon + 1); - LogDebug("System's current day : " << t->tm_mday); + WrtLogD("System's current Year : %d", (t->tm_year + 1900)); + WrtLogD("System's current month : %d", (t->tm_mon + 1)); + WrtLogD("System's current day : %d", (t->tm_mday)); t = localtime(¬Before); - LogDebug("Author certificate's notBefore Year : " << t->tm_year + 1900); - LogDebug("Author certificate's notBefore month : " << t->tm_mon + 1); - LogDebug("Author certificate's notBefore day : " << t->tm_mday); + WrtLogD("Author certificate's notBefore Year : %d", (t->tm_year + 1900)); + WrtLogD("Author certificate's notBefore month : %d", (t->tm_mon + 1)); + WrtLogD("Author certificate's notBefore day : %d", (t->tm_mday)); context.validationTime = notBefore + TIMET_DAY; t = localtime(&context.validationTime); - LogDebug("Modified current Year : " << t->tm_year + 1900); - LogDebug("Modified current notBefore month : " << t->tm_mon + 1); - LogDebug("Modified current notBefore day : " << t->tm_mday); + WrtLogD("Modified current Year : %d", (t->tm_year + 1900)); + WrtLogD("Modified current notBefore month : %d", (t->tm_mon + 1)); + WrtLogD("Modified current notBefore day : %d", (t->tm_mday)); } } #endif - if (XmlSec::NO_ERROR != XmlSecSingleton::Instance().validate(&context)) { - LogWarning("Installation break - invalid package!"); - return WrtSignatureValidator::SIGNATURE_INVALID; - } - data.setReference(context.referenceSet); + if (!data.isAuthorSignature()) + { + if (XmlSec::NO_ERROR != XmlSecSingleton::Instance().validate(&context)) { + WrtLogW("Installation break - invalid package!"); + return WrtSignatureValidator::SIGNATURE_INVALID; + } - if (!checkObjectReferences(data)) { - return WrtSignatureValidator::SIGNATURE_INVALID; - } + data.setReference(context.referenceSet); - ReferenceValidator fileValidator(widgetContentPath); - if (ReferenceValidator::NO_ERROR != fileValidator.checkReferences(data)) { - LogWarning("Invalid package - file references broken"); - return WrtSignatureValidator::SIGNATURE_INVALID; - } + if (!checkObjectReferences(data)) { + return WrtSignatureValidator::SIGNATURE_INVALID; + } + + ReferenceValidator fileValidator(widgetContentPath); + if (ReferenceValidator::NO_ERROR != fileValidator.checkReferences(data)) { + WrtLogW("Invalid package - file references broken"); + return WrtSignatureValidator::SIGNATURE_INVALID; + } + } #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL // It is good time to do OCSP check @@ -735,7 +745,7 @@ WrtSignatureValidator::Result ImplWac::check( coll.load(sortedCertificateList); if (!coll.sort()) { - LogDebug("Collection does not contain chain!"); + WrtLogD("Collection does not contain chain!"); return WrtSignatureValidator::SIGNATURE_INVALID; } @@ -757,7 +767,7 @@ WrtSignatureValidator::Result ImplWac::check( #endif if (disregard) { - LogWarning("Signature is disregard. RootCA is not a member of Tizen."); + WrtLogW("Signature is disregard. RootCA is not a member of Tizen."); return WrtSignatureValidator::SIGNATURE_DISREGARD; } return WrtSignatureValidator::SIGNATURE_VERIFIED; @@ -778,7 +788,8 @@ WrtSignatureValidator::WrtSignatureValidator( m_impl = new ImplWac(ocspEnable,crlEnable,complianceMode); } -WrtSignatureValidator::~WrtSignatureValidator() { +WrtSignatureValidator::~WrtSignatureValidator() +{ delete m_impl; } diff --git a/vcore/src/vcore/WrtSignatureValidator.h b/vcore/src/vcore/WrtSignatureValidator.h index 5ff8752..04a8434 100644 --- a/vcore/src/vcore/WrtSignatureValidator.h +++ b/vcore/src/vcore/WrtSignatureValidator.h @@ -24,14 +24,13 @@ #include <string> -#include <dpl/noncopyable.h> - #include <vcore/SignatureData.h> namespace ValidationCore { -class WrtSignatureValidator : public DPL::Noncopyable { +class WrtSignatureValidator { public: + class Impl; enum AppType @@ -46,9 +45,22 @@ public: SIGNATURE_INVALID, SIGNATURE_VERIFIED, SIGNATURE_DISREGARD, // no ocsp response or ocsp return unknown status - SIGNATURE_REVOKED + SIGNATURE_REVOKED, + SIGNATURE_INVALID_CERT_CHAIN, //5, from here, new error enum + SIGNATURE_INVALID_DISTRIBUTOR_CERT, + SIGNATURE_INVALID_SDK_DEFAULT_AUTHOR_CERT, + SIGNATURE_IN_DISTRIBUTOR_CASE_AUTHOR_CERT, + SIGNATURE_INVALID_CERT_TIME, + SIGNATURE_NO_DEVICE_PROFILE, + SIGNATURE_INVALID_DEVICE_UNIQUE_ID, + SIGNATURE_INVALID_NO_HASH_FILE, + SIGNATURE_INVALID_HASH_SIGNATURE }; + WrtSignatureValidator() = delete; + WrtSignatureValidator(const WrtSignatureValidator &) = delete; + const WrtSignatureValidator &operator=(const WrtSignatureValidator &) = delete; + explicit WrtSignatureValidator( AppType appType, bool ocspEnable, @@ -63,6 +75,7 @@ public: private: Impl *m_impl; + }; } // namespace ValidationCore diff --git a/vcore/src/vcore/XmlsecAdapter.cpp b/vcore/src/vcore/XmlsecAdapter.cpp index c1d4529..93fc498 100644 --- a/vcore/src/vcore/XmlsecAdapter.cpp +++ b/vcore/src/vcore/XmlsecAdapter.cpp @@ -39,7 +39,7 @@ #include <xmlsec/errors.h> #include <dpl/assert.h> -#include <dpl/log/log.h> +#include <dpl/log/wrt_log.h> #include <vcore/XmlsecAdapter.h> @@ -78,7 +78,7 @@ void* XmlSec::fileOpenCallback(const char *filename) { std::string path = s_prefixPath + filename; - // LogDebug("Xmlsec opening: " << path); + // WrtLogD("Xmlsec opening: %s", path); return new FileWrapper(xmlFileOpen(path.c_str()),false); } @@ -100,7 +100,7 @@ int XmlSec::fileReadCallback(void *context, int XmlSec::fileCloseCallback(void *context) { - //LogDebug("Xmlsec closing: "); + //WrtLogD("Xmlsec closing: "); FileWrapper *fw = static_cast<FileWrapper*>(context); int output = 0; if (!(fw->released)) { @@ -126,21 +126,21 @@ void XmlSec::fileExtractPrefix(XmlSecContext *context) } } -void LogDebugPrint(const char* file, int line, const char* func, - const char* errorObject, const char* errorSubject, +void LogDebugPrint(const char* file, int line, const char* func, + const char* errorObject, const char* errorSubject, int reason, const char* msg) { char total[1024]; - snprintf(total, sizeof(total), "[%s(%d)] : [%s] : [%s] : [%s]", func, line, errorObject, errorSubject, msg); + snprintf(total, sizeof(total), "[%s:%d][%s] : [%s] : [%s] : [%s]", file, line, func, errorObject, errorSubject, msg); if(reason != 256) { fprintf(stderr, "## [validate error]: %s\n", total); - LogError(" " << total); + WrtLogE(" %s", total); } else { - LogDebug(" " << total); + WrtLogD(" %s", total); } } @@ -158,13 +158,13 @@ XmlSec::XmlSec() : #endif if (xmlSecInit() < 0) { - LogError("Xmlsec initialization failed."); + WrtLogE("Xmlsec initialization failed."); ThrowMsg(Exception::InternalError, "Xmlsec initialization failed."); } if (xmlSecCheckVersion() != 1) { xmlSecShutdown(); - LogError("Loaded xmlsec library version is not compatible."); + WrtLogE("Loaded xmlsec library version is not compatible."); ThrowMsg(Exception::InternalError, "Loaded xmlsec library version is not compatible."); } @@ -172,7 +172,7 @@ XmlSec::XmlSec() : #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING if (xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { xmlSecShutdown(); - LogError( + WrtLogE( "Error: unable to load default xmlsec-crypto library. Make sure " "that you have it installed and check shared libraries path " "(LD_LIBRARY_PATH) envornment variable."); @@ -183,14 +183,14 @@ XmlSec::XmlSec() : if (xmlSecCryptoAppInit(NULL) < 0) { xmlSecShutdown(); - LogError("Crypto initialization failed."); + WrtLogE("Crypto initialization failed."); ThrowMsg(Exception::InternalError, "Crypto initialization failed."); } if (xmlSecCryptoInit() < 0) { xmlSecCryptoAppShutdown(); xmlSecShutdown(); - LogError("Xmlsec-crypto initialization failed."); + WrtLogE("Xmlsec-crypto initialization failed."); ThrowMsg(Exception::InternalError, "Xmlsec-crypto initialization failed."); } @@ -238,7 +238,7 @@ XmlSec::Result XmlSec::validateFile(XmlSecContext *context, int size, res = -1; fileExtractPrefix(context); - LogDebug("Prefix path: " << s_prefixPath); + WrtLogD("Prefix path: %s", s_prefixPath.c_str()); xmlSecIOCleanupCallbacks(); @@ -251,7 +251,7 @@ XmlSec::Result XmlSec::validateFile(XmlSecContext *context, /* load file */ doc = xmlParseFile(context->signatureFile.c_str()); if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)) { - LogWarning("Unable to parse file " << context->signatureFile); + WrtLogW("Unable to parse file %s", (context->signatureFile).c_str()); goto done; } @@ -259,14 +259,14 @@ XmlSec::Result XmlSec::validateFile(XmlSecContext *context, node = xmlSecFindNode(xmlDocGetRootElement( doc), xmlSecNodeSignature, xmlSecDSigNs); if (node == NULL) { - LogWarning("Start node not found in " << context->signatureFile); + WrtLogW("Start node not found in %s", (context->signatureFile).c_str()); goto done; } /* create signature context */ dsigCtx = xmlSecDSigCtxCreate(mngr); if (dsigCtx == NULL) { - LogError("Failed to create signature context."); + WrtLogE("Failed to create signature context."); goto done; } @@ -276,14 +276,14 @@ XmlSec::Result XmlSec::validateFile(XmlSecContext *context, } if (context->validationTime) { - LogDebug("Setting validation time."); + WrtLogD("Setting validation time."); dsigCtx->keyInfoReadCtx.certsVerificationTime = context->validationTime; } if( m_noHash == true || m_partialHash == true ) { - LogDebug("SignatureEx start >> "); + WrtLogD("SignatureEx start >> "); if( m_pList == NULL ) { - LogWarning("## [validate]: uriList does not exist" ); + WrtLogW("## [validate]: uriList does not exist" ); fprintf(stderr, "## [validate]: uriList does not exist\n"); res = xmlSecDSigCtxVerifyEx(dsigCtx, node, 1, NULL); } else { @@ -292,7 +292,7 @@ XmlSec::Result XmlSec::validateFile(XmlSecContext *context, if(m_pList == NULL) { - LogWarning("## [validate]: uriList does not exist" ); + WrtLogW("## [validate]: uriList does not exist" ); fprintf(stderr, "## [validate]: uriList does not exist\n"); res = -1; goto done; @@ -300,7 +300,7 @@ XmlSec::Result XmlSec::validateFile(XmlSecContext *context, n = m_pList->size(); - char* pList[n]; + char* pList[n + 1]; std::list<std::string>::const_iterator itr = m_pList->begin(); std::string tmpString; char* uri = NULL; @@ -327,17 +327,17 @@ XmlSec::Result XmlSec::validateFile(XmlSecContext *context, } if(res < 0) { - LogError("SignatureEx verify error."); + WrtLogE("SignatureEx verify error."); fprintf(stderr, "## [validate error]: SignatureEx verify error\n"); res = -1; goto done; } } else { - LogDebug("Signature start >> "); + WrtLogD("Signature start >> "); /* Verify signature */ if (xmlSecDSigCtxVerify(dsigCtx, node) < 0) { - LogError("Signature verify error."); + WrtLogE("Signature verify error."); fprintf(stderr, "## [validate error]: Signature verify error\n"); res = -1; goto done; @@ -346,25 +346,24 @@ XmlSec::Result XmlSec::validateFile(XmlSecContext *context, if (dsigCtx->keyInfoReadCtx.flags2 & XMLSEC_KEYINFO_ERROR_FLAGS_BROKEN_CHAIN) { - LogWarning("XMLSEC_KEYINFO_FLAGS_ALLOW_BROKEN_CHAIN was set to true!"); - LogWarning("Signature contains broken chain!"); + WrtLogW("XMLSEC_KEYINFO_FLAGS_ALLOW_BROKEN_CHAIN was set to true!"); + WrtLogW("Signature contains broken chain!"); context->errorBrokenChain = true; } /* print verification result to stdout */ if (dsigCtx->status == xmlSecDSigStatusSucceeded) { - LogDebug("Signature is OK"); + WrtLogD("Signature is OK"); res = 0; } else { - LogDebug("Signature is INVALID"); + WrtLogD("Signature is INVALID"); res = -1; goto done; } if (dsigCtx->c14nMethod && dsigCtx->c14nMethod->id && dsigCtx->c14nMethod->id->name) { - // LogInfo("Canonicalization method: " << - // reinterpret_cast<const char *>(dsigCtx->c14nMethod->id->name)); + // WrtLogI("Canonicalization method: %s", (reinterpret_cast<const char *>(dsigCtx->c14nMethod->id->name)).c_str()); } size = xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences)); @@ -380,12 +379,9 @@ XmlSec::Result XmlSec::validateFile(XmlSecContext *context, reinterpret_cast<const char *>(dsigRefCtx->digestMethod->id ->name); std::string strDigest(pDigest); - /*LogInfo("reference digest method: " << - reinterpret_cast<const char *>(dsigRefCtx->digestMethod - ->id - ->name));*/ + /*WrtLogI("reference digest method: %s" (reinterpret_cast<const char *>(dsigRefCtx->digestMethod->id->name)).c_str());*/ if (strDigest == DIGEST_MD5) { - LogWarning("MD5 digest method used! Please use sha"); + WrtLogW("MD5 digest method used! Please use sha"); res = -1; break; } @@ -422,7 +418,7 @@ void XmlSec::loadDERCertificateMemory(XmlSecContext *context, int size = i2d_X509(context->certificatePtr->getX509(), &derCertificate); if (!derCertificate) { - LogError("Failed during x509 conversion to der format."); + WrtLogE("Failed during x509 conversion to der format."); ThrowMsg(Exception::InternalError, "Failed during x509 conversion to der format."); } @@ -433,7 +429,7 @@ void XmlSec::loadDERCertificateMemory(XmlSecContext *context, xmlSecKeyDataFormatDer, xmlSecKeyDataTypeTrusted) < 0) { OPENSSL_free(derCertificate); - LogError("Failed to load der certificate from memory."); + WrtLogE("Failed to load der certificate from memory."); ThrowMsg(Exception::InternalError, "Failed to load der certificate from memory."); } @@ -448,7 +444,7 @@ void XmlSec::loadPEMCertificateFile(XmlSecContext *context, context->certificatePath.c_str(), xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) { - LogError("Failed to load PEM certificate from file."); + WrtLogE("Failed to load PEM certificate from file."); ThrowMsg(Exception::InternalError, "Failed to load PEM certificate from file."); } @@ -463,19 +459,19 @@ XmlSec::Result XmlSec::validate(XmlSecContext *context) xmlSecErrorsSetCallback(LogDebugPrint); if (!m_initialized) { - LogError("XmlSec is not initialized."); + WrtLogE("XmlSec is not initialized."); ThrowMsg(Exception::InternalError, "XmlSec is not initialized"); } AutoPtr<xmlSecKeysMngr> mngr(xmlSecKeysMngrCreate()); if (!mngr.get()) { - LogError("Failed to create keys manager."); + WrtLogE("Failed to create keys manager."); ThrowMsg(Exception::InternalError, "Failed to create keys manager."); } if (xmlSecCryptoAppDefaultKeysMngrInit(mngr.get()) < 0) { - LogError("Failed to initialize keys manager."); + WrtLogE("Failed to initialize keys manager."); ThrowMsg(Exception::InternalError, "Failed to initialize keys manager."); } context->referenceSet.clear(); diff --git a/vcore/src/vcore/XmlsecAdapter.h b/vcore/src/vcore/XmlsecAdapter.h index 3deba63..3c8d94f 100644 --- a/vcore/src/vcore/XmlsecAdapter.h +++ b/vcore/src/vcore/XmlsecAdapter.h @@ -32,7 +32,7 @@ #include <vcore/SignatureData.h> namespace ValidationCore { -class XmlSec : public DPL::Noncopyable +class XmlSec : public VcoreDPL::Noncopyable { public: @@ -97,7 +97,7 @@ class XmlSec : public DPL::Noncopyable class Exception { public: - DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base) DECLARE_EXCEPTION_TYPE(Base, InternalError) }; @@ -137,7 +137,7 @@ class XmlSec : public DPL::Noncopyable static void fileExtractPrefix(XmlSecContext *context); }; -typedef DPL::Singleton<XmlSec> XmlSecSingleton; +typedef VcoreDPL::Singleton<XmlSec> XmlSecSingleton; } // namespace ValidationCore diff --git a/vcore/src/vcore/api.cpp b/vcore/src/vcore/api.cpp index 34ee76b..cb6797f 100644 --- a/vcore/src/vcore/api.cpp +++ b/vcore/src/vcore/api.cpp @@ -1,5 +1,5 @@ /** - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -45,15 +45,12 @@ #include <openssl/evp.h> #include <openssl/bio.h> -#include <dlog.h> - #include <dpl/foreach.h> -#include <dpl/log/log.h> +#include <dpl/log/wrt_log.h> #include <cert-svc/cinstance.h> #include <cert-svc/ccert.h> #include <cert-svc/cpkcs12.h> -#include <cert-svc/cpkcs12.h> #include <cert-svc/cprimitives.h> #include <vcore/Base64.h> @@ -61,7 +58,7 @@ #include <vcore/CertificateCollection.h> #include <vcore/pkcs12.h> -#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL +#ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL #include <cert-svc/ccrl.h> #include <cert-svc/cocsp.h> #include <vcore/OCSP.h> @@ -72,7 +69,15 @@ #include <libxml/parser.h> #include <libxml/tree.h> +#define START_CERT "-----BEGIN CERTIFICATE-----" +#define END_CERT "-----END CERTIFICATE-----" +#define START_TRUSTED "-----BEGIN TRUSTED CERTIFICATE-----" +#define END_TRUSTED "-----END TRUSTED CERTIFICATE-----" + +#ifndef LOG_TAG #define LOG_TAG "CERT_SVC" +#endif + using namespace ValidationCore; namespace { @@ -243,15 +248,14 @@ public: } auto certPtr = iter->second; - - DPL::String result; - switch(field) { + std::string result; + switch (field) { case CERTSVC_SUBJECT: result = certPtr->getOneLine(); break; case CERTSVC_ISSUER: result = certPtr->getOneLine(Certificate::FIELD_ISSUER); - break; + break; case CERTSVC_SUBJECT_COMMON_NAME: result = certPtr->getCommonName(); break; @@ -283,12 +287,12 @@ public: result = certPtr->getOrganizationalUnitName(Certificate::FIELD_ISSUER); break; case CERTSVC_VERSION: - { - std::stringstream stream; - stream << (certPtr->getVersion()+1); - result = DPL::FromUTF8String(stream.str()); - break; - } + { + std::stringstream stream; + stream << (certPtr->getVersion()+1); + result = stream.str(); + break; + } case CERTSVC_SERIAL_NUMBER: result = certPtr->getSerialNumberString(); break; @@ -311,9 +315,8 @@ public: buffer->privateInstance = cert.privateInstance; return CERTSVC_SUCCESS; } - std::string output = DPL::ToUTF8String(result); - char *cstring = new char[output.size()+1]; + char *cstring = new char[result.size()+1]; if (cstring == NULL) { buffer->privateHandler = NULL; buffer->privateLength = 0; @@ -321,10 +324,10 @@ public: return CERTSVC_BAD_ALLOC; } - strncpy(cstring, output.c_str(), output.size()+1); + strncpy(cstring, result.c_str(), result.size()+1); buffer->privateHandler = cstring; - buffer->privateLength = output.size(); + buffer->privateLength = result.size(); buffer->privateInstance = cert.privateInstance; m_allocatedStringSet.insert(cstring); @@ -466,7 +469,7 @@ public: fieldId = SUBJECT_COMMONNAME; break; default: - LogError("Not implemented!"); + WrtLogE("Not implemented!"); return CERTSVC_WRONG_ARGUMENT; } @@ -474,16 +477,16 @@ public: cert_svc_cert_context_final); if (ctx.get() == NULL) { - LogWarning("Error in cert_svc_cert_context_init."); + WrtLogW("Error in cert_svc_cert_context_init."); return CERTSVC_FAIL; } - LogDebug("Match string: " << value); + WrtLogD("Match string: %s", value); result = cert_svc_search_certificate(ctx.get(), fieldId, const_cast<char*>(value)); - LogDebug("Search finished!"); + WrtLogD("Search finished!"); if (CERT_SVC_ERR_NO_ERROR != result) { - LogWarning("Error during certificate search"); + WrtLogW("Error during certificate search"); return CERTSVC_FAIL; } @@ -498,7 +501,7 @@ public: ScopedCertCtx ctx2(cert_svc_cert_context_init(), cert_svc_cert_context_final); if (ctx2.get() == NULL) { - LogWarning("Error in cert_svc_cert_context_init."); + WrtLogW("Error in cert_svc_cert_context_init."); return CERTSVC_FAIL; } @@ -506,7 +509,7 @@ public: if (CERT_SVC_ERR_NO_ERROR != cert_svc_load_file_to_context(ctx2.get(), fileList->filename)) { - LogWarning("Error in cert_svc_load_file_to_context"); + WrtLogW("Error in cert_svc_load_file_to_context"); return CERTSVC_FAIL; } int certId = addCert(CertificatePtr(new Certificate(*(ctx2.get()->certBuf)))); @@ -980,34 +983,34 @@ public: int getVisibility(CertSvcCertificate certificate, int* visibility) { int ret = CERTSVC_FAIL; - xmlChar *xmlPathCertificateSet = (xmlChar*) "CertificateSet"; - xmlChar *xmlPathCertificateDomain = (xmlChar*) "CertificateDomain";// name=\"tizen-platform\""; + //xmlChar *xmlPathCertificateSet = (xmlChar*) "CertificateSet"; /*unused variable*/ + //xmlChar *xmlPathCertificateDomain = (xmlChar*) "CertificateDomain";// name=\"tizen-platform\""; /*unused variable*/ xmlChar *xmlPathDomainPlatform = (xmlChar*) "tizen-platform"; xmlChar *xmlPathDomainPublic = (xmlChar*) "tizen-public"; xmlChar *xmlPathDomainPartner = (xmlChar*) "tizen-partner"; xmlChar *xmlPathDomainDeveloper = (xmlChar*) "tizen-developer"; - xmlChar *xmlPathFingerPrintSHA1 = (xmlChar*) "FingerprintSHA1"; + //xmlChar *xmlPathFingerPrintSHA1 = (xmlChar*) "FingerprintSHA1"; /*unused variable*/ - CertificatePtr certPtr = m_certificateMap[0]; - if(certPtr == NULL) - { - LOGE("Invalid Parameter. certificate is not initialized"); + auto iter = m_certificateMap.find(certificate.privateHandler); + if (iter == m_certificateMap.end()) { return CERTSVC_FAIL; - } + } + CertificatePtr certPtr = iter->second; + std::string fingerprint = Certificate::FingerprintToColonHex(certPtr->getFingerprint(Certificate::FINGERPRINT_SHA1)); /* load file */ - xmlDocPtr doc = xmlParseFile(tzplatform_mkpath(TZ_SYS_SHARE, "ca-certificates/fingerprint/fingerprint_list.xml")); + xmlDocPtr doc = xmlParseFile(FINGERPRINT_LIST_PATH); if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)) { - LOGE("Failed to prase fingerprint_list.xml\n"); + WrtLogE("Failed to prase fingerprint_list.xml"); return CERTSVC_IO_ERROR; } xmlNodePtr curPtr = xmlFirstElementChild(xmlDocGetRootElement(doc)); if(curPtr == NULL) { - LOGE("Can not find root"); + WrtLogE("Can not find root"); ret = CERTSVC_IO_ERROR; goto out; } @@ -1017,7 +1020,7 @@ public: xmlAttr* attr = curPtr->properties; if(!attr->children || !attr->children->content) { - LOGE("Failed to get fingerprints from list"); + WrtLogE("Failed to get fingerprints from list"); ret = CERTSVC_FAIL; goto out; } @@ -1026,18 +1029,18 @@ public: xmlNodePtr FpPtr = xmlFirstElementChild(curPtr); if(FpPtr == NULL) { - LOGE("Could not find fingerprint"); + WrtLogE("Could not find fingerprint"); ret = CERTSVC_FAIL; goto out; } - LOGD("Retrieve level : %s", strLevel); + WrtLogD("Retrieve level : %s", strLevel); while(FpPtr) { xmlChar *content = xmlNodeGetContent(FpPtr); if(xmlStrcmp(content, (xmlChar*)fingerprint.c_str()) == 0) { - LOGD("fingerprint : %s are %s", content, strLevel); + WrtLogD("fingerprint : %s are %s", content, strLevel); if(!xmlStrcmp(strLevel, xmlPathDomainPlatform)) { *visibility = CERTSVC_VISIBILITY_PLATFORM; @@ -1092,6 +1095,31 @@ out: return c_certsvc_pkcs12_import(path.privateHandler, pass.privateHandler, pfxIdString.privateHandler); } + inline int pkcsNameIsUniqueInStore( + CertStoreType storeType, + CertSvcString pfxIdString, + int *is_unique) + { + int result = c_certsvc_pkcs12_alias_exists_in_store(storeType, pfxIdString.privateHandler, is_unique); + return result; + } + + inline int getCertDetailFromStore(CertStoreType storeType, + CertSvcString gname, + char** certBuffer, + size_t* certSize) + { + return c_certsvc_pkcs12_get_certificate_buffer_from_store(storeType, gname.privateHandler, certBuffer, certSize); + } + + inline int pkcsDeleteCertFromStore( + CertStoreType storeType, + CertSvcString gname + ) + { + return c_certsvc_pkcs12_delete_certificate_from_store(storeType, gname.privateHandler); + } + inline int getPkcsIdList( CertSvcInstance &instance, CertSvcStringList *handler) @@ -1175,6 +1203,180 @@ out: return c_certsvc_pkcs12_delete(pfxIdString.privateHandler); } + inline int pkcsImportToStore( + CertStoreType storeType, + CertSvcString path, + CertSvcString pass, + CertSvcString pfxIdString) + { + return c_certsvc_pkcs12_import_from_file_to_store(storeType, path.privateHandler, pass.privateHandler, pfxIdString.privateHandler); + } + + inline int pkcsGetAliasNameForCertInStore(CertStoreType storeType, + CertSvcString gname, + char **alias) + { + return c_certsvc_pkcs12_get_certificate_alias_from_store(storeType, gname.privateHandler, alias); + } + + inline int pkcsSetCertStatusToStore(CertStoreType storeType, + int is_root_app, + CertSvcString gname, + CertStatus status) + { + return c_certsvc_pkcs12_set_certificate_status_to_store(storeType, is_root_app, gname.privateHandler, status); + } + + inline int pkcsGetCertStatusFromStore( + CertStoreType storeType, + CertSvcString gname, + int *status) + { + return c_certsvc_pkcs12_get_certificate_status_from_store(storeType, gname.privateHandler, status); + } + + inline int getCertFromStore(CertSvcInstance instance, + CertStoreType storeType, + char *gname, + CertSvcCertificate *certificate) + { + return certsvc_get_certificate(instance, storeType, gname, certificate); + } + + inline int freePkcsIdListFromStore( + CertSvcStoreCertList** certList) + { + return c_certsvc_pkcs12_free_aliases_loaded_from_store(certList); + } + + inline int getPkcsIdListFromStore( + CertStoreType storeType, + int is_root_app, + CertSvcStoreCertList** certList, + int* length) + { + return c_certsvc_pkcs12_get_certificate_list_from_store(storeType, is_root_app, certList, length); + } + + inline int getPkcsIdEndUserListFromStore( + CertStoreType storeType, + CertSvcStoreCertList** certList, + int* length) + { + return c_certsvc_pkcs12_get_end_user_certificate_list_from_store(storeType, certList, length); + } + + inline int getPkcsIdRootListFromStore( + CertStoreType storeType, + CertSvcStoreCertList** certList, + int* length) + { + return c_certsvc_pkcs12_get_root_certificate_list_from_store(storeType, certList, length); + } + + inline int getPkcsPrivateKeyFromStore( + CertStoreType storeType, + CertSvcString gname, + char **certBuffer, + size_t *certSize) + { + return c_certsvc_pkcs12_private_key_load_from_store(storeType, gname.privateHandler, certBuffer, certSize); + } + + inline int getPkcsCertificateListFromStore( + CertSvcInstance &instance, + CertStoreType storeType, + CertSvcString &pfxIdString, + CertSvcCertificateList *handler) + { + char **certs; + gsize i, ncerts; + std::vector<CertificatePtr> certPtrVector; + std::vector<int> listId; + char *certBuffer = NULL; + size_t certLength = 0; + CertSvcString Alias; + char* header = NULL; + char* trailer = NULL; + const char* headEnd = NULL; + const char* tailEnd = NULL; + int length = 0; + int result; + + result = c_certsvc_pkcs12_load_certificates_from_store(storeType, pfxIdString.privateHandler, &certs, &ncerts); + if (result != CERTSVC_SUCCESS) { + WrtLogE("Unable to load certificates from store."); + return result; + } + + for (i = 0; i < ncerts; i++) { + Alias.privateHandler = certs[i]; + Alias.privateLength = strlen(certs[i]); + result = certsvc_pkcs12_get_certificate_info_from_store(instance, storeType, Alias, &certBuffer, &certLength); + if (result != CERTSVC_SUCCESS || !certBuffer) { + WrtLogE("Failed to get certificate buffer."); + return CERTSVC_FAIL; + } + + header = strstr(certBuffer, START_CERT); + headEnd = START_CERT; + if (!header) { + // START_CERT not found. let's find START_TRUSTED. + header = strstr(certBuffer, START_TRUSTED); + headEnd = START_TRUSTED; + } + + if (header) { + // START_something found. let's find END_CERT first. + trailer = strstr(header, END_CERT); + tailEnd = END_CERT; + } + + if (!trailer) { + // END_CERT not found. let's find END_TRUSTED. + trailer = strstr(header, END_TRUSTED); + tailEnd = END_TRUSTED; + } + + if (!trailer) { + WrtLogE("Failed the get the certificate."); + return CERTSVC_FAIL; + } + + length = ((1 + strlen(header)) - (strlen(headEnd) + strlen(tailEnd) + 1)); + std::string tmpBuffer(certBuffer); + tmpBuffer = tmpBuffer.substr(strlen(headEnd),length); + std::string binary(tmpBuffer.c_str(), length); + Certificate::FormType formType = Certificate::FORM_BASE64; + certPtrVector.push_back(CertificatePtr(new Certificate(binary, formType))); + free(certBuffer); + certBuffer = NULL; + } + + if (ncerts > 0) + c_certsvc_pkcs12_free_certificates(certs); + + FOREACH(it, certPtrVector) { + listId.push_back(addCert(*it)); + } + + int position = m_idListCounter++; + m_idListMap[position] = listId; + + handler->privateInstance = instance; + handler->privateHandler = position; + + return result; + } + + inline bool checkValidStoreType(CertStoreType storeType) + { + if (storeType >= VPN_STORE && storeType <= ALL_STORE) + return true; + else + return false; + } + private: int m_certificateCounter; std::map<int, CertificatePtr> m_certificateMap; @@ -1186,7 +1388,7 @@ private: std::map<int, std::vector<std::string> > m_stringListMap; std::set<char *> m_allocatedStringSet; - + #ifdef TIZEN_FEATURE_CERT_SVC_OCSP_CRL CertSvcCrlCacheWrite m_crlWrite; CertSvcCrlCacheRead m_crlRead; @@ -1205,7 +1407,6 @@ int certsvc_instance_new(CertSvcInstance *instance) { if (init) { SSL_library_init(); // required by message verification OpenSSL_add_all_digests(); - g_type_init(); // required by libsoup/ocsp init = 0; } try { @@ -1488,14 +1689,14 @@ int certsvc_pkcs12_dup_evp_pkey( &size); if (result != CERTSVC_SUCCESS) { - LogError("Error in certsvc_pkcs12_private_key_dup"); + WrtLogE("Error in certsvc_pkcs12_private_key_dup"); return result; } BIO *b = BIO_new(BIO_s_mem()); if ((int)size != BIO_write(b, buffer, size)) { - LogError("Error in BIO_write"); + WrtLogE("Error in BIO_write"); BIO_free_all(b); certsvc_pkcs12_private_key_free(buffer); return CERTSVC_FAIL; @@ -1511,8 +1712,7 @@ int certsvc_pkcs12_dup_evp_pkey( return CERTSVC_SUCCESS; } - LogError("Result is null. Openssl REASON code is: " - << ERR_GET_REASON(ERR_peek_last_error())); + WrtLogE("Result is null. Openssl REASON code is: %d", ERR_GET_REASON(ERR_peek_last_error())); return CERTSVC_FAIL; } @@ -1691,7 +1891,7 @@ int certsvc_certificate_get_visibility(CertSvcCertificate certificate, int* visi return impl(certificate.privateInstance)->getVisibility(certificate, visibility); } catch (...) { - LOGE("exception occur"); + WrtLogE("exception occur"); } return CERTSVC_FAIL; } @@ -1717,6 +1917,368 @@ int certsvc_pkcs12_import_from_file(CertSvcInstance instance, return CERTSVC_FAIL; } +int certsvc_get_certificate(CertSvcInstance instance, + CertStoreType storeType, + char *gname, + CertSvcCertificate *certificate) +{ + int result = CERTSVC_SUCCESS; + char* certBuffer = NULL; + std::string fileName; + size_t length = 0; + FILE* fp_write = NULL; + BIO* pBio = NULL; + X509* x509Struct = NULL; + + try { + result = c_certsvc_pkcs12_get_certificate_buffer_from_store(storeType, gname, &certBuffer, &length); + if (result != CERTSVC_SUCCESS) { + WrtLogE("Failed to get certificate buffer from store."); + return result; + } + + pBio = BIO_new(BIO_s_mem()); + if (pBio == NULL) { + WrtLogE("Failed to allocate memory."); + result = CERTSVC_BAD_ALLOC; + } + + length = BIO_write(pBio, (const void*) certBuffer, length); + if (length < 1) { + WrtLogE("Failed to load cert into bio."); + result = CERTSVC_BAD_ALLOC; + } + + x509Struct = PEM_read_bio_X509(pBio, NULL, 0, NULL); + if (x509Struct != NULL) { + CertificatePtr cert(new Certificate(x509Struct)); + certificate->privateInstance = instance; + certificate->privateHandler = impl(instance)->addCert(cert); + if (certBuffer!=NULL) free(certBuffer); + } + else { + fileName.append(CERTSVC_PKCS12_STORAGE_DIR); + fileName.append(gname); + if (!(fp_write = fopen(fileName.c_str(), "w"))) { + WrtLogE("Failed to open the file for writing, [%s].", fileName.c_str()); + result = CERTSVC_FAIL; + goto error; + } + + if (fwrite(certBuffer, sizeof(char), (size_t)length, fp_write) != (size_t)length) { + WrtLogE("Fail to write certificate."); + result = CERTSVC_FAIL; + goto error; + } + + fclose(fp_write); + result = certsvc_certificate_new_from_file(instance, fileName.c_str(), certificate); + if (result != CERTSVC_SUCCESS) { + WrtLogE("Failed to construct certificate from buffer."); + goto error; + } + unlink(fileName.c_str()); + } + result = CERTSVC_SUCCESS; + } catch (std::bad_alloc &) { + return CERTSVC_BAD_ALLOC; + } catch (...) {} + +error: + if (x509Struct) X509_free(x509Struct); + if (pBio) BIO_free(pBio); + return result; +} + +int certsvc_pkcs12_check_alias_exists_in_store(CertSvcInstance instance, + CertStoreType storeType, + CertSvcString pfxIdString, + int *is_unique) +{ + if (pfxIdString.privateHandler == NULL || pfxIdString.privateLength<=0) { + WrtLogE("Invalid input parameter."); + return CERTSVC_WRONG_ARGUMENT; + } + + try { + if (!impl(instance)->checkValidStoreType(storeType)) { + WrtLogE("Invalid input parameter."); + return CERTSVC_INVALID_STORE_TYPE; + } + + return impl(instance)->pkcsNameIsUniqueInStore(storeType, pfxIdString, is_unique); + } catch (...) {} + return CERTSVC_FAIL; +} + +int certsvc_pkcs12_free_certificate_list_loaded_from_store(CertSvcInstance instance, + CertSvcStoreCertList** certList) +{ + if (*certList == NULL) { + WrtLogE("Invalid input parameter."); + return CERTSVC_WRONG_ARGUMENT; + } + + try { + return impl(instance)->freePkcsIdListFromStore(certList); + } catch (...) {} + return CERTSVC_FAIL; +} + +int certsvc_pkcs12_get_certificate_list_from_store(CertSvcInstance instance, + CertStoreType storeType, + int is_root_app, + CertSvcStoreCertList** certList, + int* length) +{ + if (*certList != NULL) { + WrtLogE("Invalid input parameter."); + return CERTSVC_WRONG_ARGUMENT; + } + + try { + if (!impl(instance)->checkValidStoreType(storeType)) { + WrtLogE("Invalid input parameter."); + return CERTSVC_INVALID_STORE_TYPE; + } + + return impl(instance)->getPkcsIdListFromStore(storeType, is_root_app, certList, length); + } catch (...) {} + + return CERTSVC_FAIL; +} + +int certsvc_pkcs12_get_end_user_certificate_list_from_store(CertSvcInstance instance, + CertStoreType storeType, + CertSvcStoreCertList** certList, + int* length) +{ + if (*certList != NULL) { + WrtLogE("Invalid input parameter."); + return CERTSVC_WRONG_ARGUMENT; + } + + try { + if (!impl(instance)->checkValidStoreType(storeType)) { + WrtLogE("Invalid input parameter."); + return CERTSVC_INVALID_STORE_TYPE; + } + + return impl(instance)->getPkcsIdEndUserListFromStore(storeType, certList, length); + } catch (...) {} + return CERTSVC_FAIL; +} + +int certsvc_pkcs12_get_root_certificate_list_from_store(CertSvcInstance instance, + CertStoreType storeType, + CertSvcStoreCertList** certList, + int* length) +{ + if (*certList != NULL) { + WrtLogE("Invalid input parameter."); + return CERTSVC_WRONG_ARGUMENT; + } + + try { + if (!impl(instance)->checkValidStoreType(storeType)) { + WrtLogE("Invalid input parameter."); + return CERTSVC_INVALID_STORE_TYPE; + } + + return impl(instance)->getPkcsIdRootListFromStore(storeType, certList, length); + } catch (...) {} + return CERTSVC_FAIL; +} + +int certsvc_pkcs12_get_certificate_info_from_store(CertSvcInstance instance, + CertStoreType storeType, + CertSvcString gname, + char** certBuffer, + size_t* certSize) +{ + if (*certBuffer != NULL) { + WrtLogE("Invalid input parameter."); + return CERTSVC_WRONG_ARGUMENT; + } + + try { + if (!impl(instance)->checkValidStoreType(storeType)) { + WrtLogE("Invalid input parameter."); + return CERTSVC_INVALID_STORE_TYPE; + } + + return impl(instance)->getCertDetailFromStore(storeType, gname, certBuffer, certSize); + } catch (...) {} + return CERTSVC_FAIL; +} + +int certsvc_pkcs12_delete_certificate_from_store(CertSvcInstance instance, + CertStoreType storeType, + CertSvcString gname) +{ + try { + if (!impl(instance)->checkValidStoreType(storeType)) { + WrtLogE("Invalid input parameter."); + return CERTSVC_INVALID_STORE_TYPE; + } + return impl(instance)->pkcsDeleteCertFromStore(storeType, gname); + } catch (...) {} + return CERTSVC_FAIL; +} + +int certsvc_pkcs12_import_from_file_to_store(CertSvcInstance instance, + CertStoreType storeType, + CertSvcString path, + CertSvcString password, + CertSvcString pfxIdString) +{ + try { + if (path.privateHandler != NULL) { + if (!impl(instance)->checkValidStoreType(storeType)) { + WrtLogE("Invalid input parameter."); + return CERTSVC_INVALID_STORE_TYPE; + } + return impl(instance)->pkcsImportToStore(storeType, path, password, pfxIdString); + } + else + return CERTSVC_FAIL; + } catch (...) {} + return CERTSVC_FAIL; +} + +int certsvc_pkcs12_get_alias_name_for_certificate_in_store(CertSvcInstance instance, + CertStoreType storeType, + CertSvcString gname, + char **alias) +{ + if (gname.privateHandler == NULL || gname.privateLength<=0) { + WrtLogE("Invalid input parameter."); + return CERTSVC_WRONG_ARGUMENT; + } + + try { + if (!impl(instance)->checkValidStoreType(storeType)) { + WrtLogE("Invalid input parameter."); + return CERTSVC_INVALID_STORE_TYPE; + } + return impl(instance)->pkcsGetAliasNameForCertInStore(storeType, gname, alias); + } catch (...) {} + return CERTSVC_FAIL; +} + +int certsvc_pkcs12_set_certificate_status_to_store(CertSvcInstance instance, + CertStoreType storeType, + int is_root_app, + CertSvcString gname, + CertStatus status) +{ + try { + if (!impl(instance)->checkValidStoreType(storeType)) { + WrtLogE("Invalid input parameter."); + return CERTSVC_INVALID_STORE_TYPE; + } + return impl(instance)->pkcsSetCertStatusToStore(storeType, is_root_app, gname, status); + } catch (...) {} + return CERTSVC_FAIL; +} + +int certsvc_pkcs12_get_certificate_status_from_store( + CertSvcInstance instance, + CertStoreType storeType, + CertSvcString gname, + int *status) +{ + try { + if (!impl(instance)->checkValidStoreType(storeType)) { + WrtLogE("Invalid input parameter."); + return CERTSVC_INVALID_STORE_TYPE; + } + return impl(instance)->pkcsGetCertStatusFromStore(storeType, gname, status); + } catch (...) {} + return CERTSVC_FAIL; +} + +int certsvc_pkcs12_get_certificate_from_store(CertSvcInstance instance, + CertStoreType storeType, + char *gname, + CertSvcCertificate *certificate) +{ + try { + if (!impl(instance)->checkValidStoreType(storeType)) { + WrtLogE("Invalid input parameter."); + return CERTSVC_INVALID_STORE_TYPE; + } + return impl(instance)->getCertFromStore(instance, storeType, gname, certificate); + } catch (...) {} + return CERTSVC_FAIL; +} + +int certsvc_pkcs12_load_certificate_list_from_store( + CertSvcInstance instance, + CertStoreType storeType, + CertSvcString pfxIdString, + CertSvcCertificateList *certificateList) +{ + try { + if (!impl(instance)->checkValidStoreType(storeType)) { + WrtLogE("Invalid input parameter."); + return CERTSVC_INVALID_STORE_TYPE; + } + return impl(instance)->getPkcsCertificateListFromStore(instance, storeType, pfxIdString, certificateList); + } catch (...) {} + return CERTSVC_FAIL; +} + +int certsvc_pkcs12_private_key_dup_from_store( + CertSvcInstance instance, + CertStoreType storeType, + CertSvcString gname, + char **certBuffer, + size_t *certSize) +{ + try { + if (!impl(instance)->checkValidStoreType(storeType)) { + WrtLogE("Invalid input parameter."); + return CERTSVC_INVALID_STORE_TYPE; + } + return impl(instance)->getPkcsPrivateKeyFromStore(storeType, gname, certBuffer, certSize); + } catch (...) {} + return CERTSVC_FAIL; +} + +int certsvc_pkcs12_dup_evp_pkey_from_store( + CertSvcInstance instance, + CertStoreType storeType, + CertSvcString gname, + EVP_PKEY** pkey) +{ + char *buffer = NULL; + size_t size; + + int result = certsvc_pkcs12_private_key_dup_from_store(instance, storeType, gname, &buffer, &size); + if (result != CERTSVC_SUCCESS) { + WrtLogE("Error in certsvc_pkcs12_private_key_dup"); + return result; + } + + BIO *b = BIO_new(BIO_s_mem()); + if ((int)size != BIO_write(b, buffer, size)) { + WrtLogE("Error in BIO_write"); + BIO_free_all(b); + certsvc_pkcs12_private_key_free(buffer); + return CERTSVC_FAIL; + } + + certsvc_pkcs12_private_key_free(buffer); + *pkey = PEM_read_bio_PrivateKey(b, NULL, NULL, NULL); + BIO_free_all(b); + if (*pkey) + return CERTSVC_SUCCESS; + + WrtLogE("Result is null. Openssl REASON code is: %d", ERR_GET_REASON(ERR_peek_last_error())); + return CERTSVC_FAIL; +} + int certsvc_pkcs12_get_id_list( CertSvcInstance instance, CertSvcStringList *pfxIdStringList) @@ -1771,7 +2333,7 @@ int certsvc_pkcs12_private_key_dup( void certsvc_pkcs12_private_key_free( char *buffer) { - delete[] buffer; + free(buffer); } int certsvc_pkcs12_delete( @@ -1783,3 +2345,4 @@ int certsvc_pkcs12_delete( } catch (...) {} return CERTSVC_FAIL; } + diff --git a/vcore/src/vcore/cert-svc-client.c b/vcore/src/vcore/cert-svc-client.c new file mode 100644 index 0000000..1935518 --- /dev/null +++ b/vcore/src/vcore/cert-svc-client.c @@ -0,0 +1,582 @@ +/** + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file cert-svc-client.c + * @author Madhan A K (madhan.ak@samsung.com) + * Kyungwook Tak (k.tak@samsung.com) + * @version 1.0 + * @brief cert-svc client interface for cert-server. + */ + +#include <sys/stat.h> +#include <sys/un.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <errno.h> +#include <string.h> +#include <stdlib.h> +#include <unistd.h> + +#include <cert-service-debug.h> + +#include <cert-svc-client.h> + +void initialize_res_data(VcoreResponseData *pData) +{ + memset(pData->dataBlock, 0, VCORE_MAX_RECV_DATA_SIZE); + memset(pData->common_name, 0, VCORE_MAX_FILENAME_SIZE * 2 + 1); + pData->dataBlockLen = 0; + pData->certStatus = 0; + pData->result = 0; + pData->certList = NULL; + pData->certCount = 0; + pData->certBlockList = NULL; + pData->certBlockCount = 0; +} + +void initialize_req_data(VcoreRequestData *pData) +{ + memset(pData->gname, 0, VCORE_MAX_FILENAME_SIZE+1); + memset(pData->common_name, 0, VCORE_MAX_FILENAME_SIZE+1); + memset(pData->private_key_gname, 0, VCORE_MAX_FILENAME_SIZE+1); + memset(pData->associated_gname, 0, VCORE_MAX_FILENAME_SIZE+1); + memset(pData->dataBlock, 0, VCORE_MAX_SEND_DATA_SIZE); + pData->certStatus = 0; + pData->storeType = -1; + pData->reqType = -1; + pData->dataBlockLen = -1; + pData->is_root_app = -1; +} + +int _recv_fixed_lenghth(int sockfd, char *buff, int length) +{ + int offset = 0; + int remaining = length; + int read_len = 0; + while(remaining > 0) { + read_len = recv(sockfd, buff + offset, remaining, 0); + if(read_len <= 0) + return offset; + remaining -= read_len; + offset += read_len; + } + return offset; +} + +VcoreRequestData* set_request_data( + int reqType, + CertStoreType storeType, + int is_root_app, + const char *pGroupName, + const char *common_name, + const char *private_key_gname, + const char *associated_gname, + const char *pData, + size_t dataLen, + CertType certType, + int certStatus) +{ + VcoreRequestData* pReqData = (VcoreRequestData*)malloc(sizeof(VcoreRequestData)); + if (!pReqData) { + LOGE("Failed to malloc VcoreRequestData"); + return NULL; + } + initialize_req_data(pReqData); + + pReqData->reqType = reqType; + pReqData->storeType = (CertStoreType) storeType; + pReqData->dataBlockLen = dataLen; + pReqData->certType = certType; + pReqData->certStatus = certStatus; + pReqData->is_root_app = is_root_app; + + if (pGroupName) { + if (strlen(pGroupName) > VCORE_MAX_FILENAME_SIZE) { + LOGE("The data name is too long"); + free(pReqData); + return NULL; + } + strncpy(pReqData->gname, pGroupName, VCORE_MAX_FILENAME_SIZE); + pReqData->gname[strlen(pGroupName)] = '\0'; + } + + if (common_name) { + if (strlen(common_name) > VCORE_MAX_FILENAME_SIZE) { + LOGE("The length of the path specified is too long"); + free(pReqData); + return NULL; + } + strncpy(pReqData->common_name, common_name, VCORE_MAX_FILENAME_SIZE); + pReqData->common_name[strlen(common_name)] = '\0'; + } + + if (private_key_gname) { + if (strlen(private_key_gname) > VCORE_MAX_FILENAME_SIZE) { + LOGE("The private key gname is too long"); + free(pReqData); + return NULL; + } + strncpy(pReqData->private_key_gname, private_key_gname, VCORE_MAX_FILENAME_SIZE); + pReqData->private_key_gname[strlen(private_key_gname)] = '\0'; + } + + if (associated_gname) { + if (strlen(associated_gname) > VCORE_MAX_FILENAME_SIZE) { + LOGE("The associated gname is too long"); + free(pReqData); + return NULL; + } + strncpy(pReqData->associated_gname, associated_gname, VCORE_MAX_FILENAME_SIZE); + pReqData->associated_gname[strlen(associated_gname)] = '\0'; + } + + if (dataLen != 0 && pData != NULL) { + if (dataLen > VCORE_MAX_SEND_DATA_SIZE) { + LOGE("The data length is too long [%d]", dataLen); + free(pReqData); + return NULL; + } + memcpy(pReqData->dataBlock, pData, dataLen); + } + return pReqData; +} + + +VcoreResponseData cert_svc_client_comm(VcoreRequestData* pClientData) { + + int sockfd = 0; + int clientLen = 0; + int tempSockLen = 0; + int read_len = 0; + int i = 0; + struct sockaddr_un clientaddr; + VcoreResponseData recvData; + initialize_res_data(&recvData); + + if ((sockfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) { + LOGE("Error in function socket().."); + recvData.result = VCORE_SOCKET_ERROR; + goto Error_exit; + } + + tempSockLen = strlen(VCORE_SOCK_PATH); + bzero(&clientaddr, sizeof(clientaddr)); + clientaddr.sun_family = AF_UNIX; + strncpy(clientaddr.sun_path, VCORE_SOCK_PATH, tempSockLen); + clientaddr.sun_path[tempSockLen] = '\0'; + clientLen = sizeof(clientaddr); + + struct timeval timeout; + timeout.tv_sec = 10; + timeout.tv_usec = 0; + + if (setsockopt (sockfd, SOL_SOCKET, SO_RCVTIMEO, (char *)&timeout, sizeof(timeout)) < 0) { + LOGE("Error in Set SO_RCVTIMEO Socket Option"); + recvData.result = VCORE_SOCKET_ERROR; + goto Error_close_exit; + } + + if (setsockopt (sockfd, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeout, sizeof(timeout)) < 0) { + LOGE("Error in Set SO_SNDTIMEO Socket Option"); + recvData.result = VCORE_SOCKET_ERROR; + goto Error_close_exit; + } + + if (connect(sockfd, (struct sockaddr*)&clientaddr, clientLen) < 0) { + LOGE("Error in function connect().."); + recvData.result = VCORE_SOCKET_ERROR; + goto Error_close_exit; + } + + if (write(sockfd, (char*)pClientData, sizeof(VcoreRequestData)) < 0) { + LOGE("Error in function write().."); + recvData.result = VCORE_SOCKET_ERROR; + goto Error_close_exit; + } + + read_len = _recv_fixed_lenghth(sockfd, (char*)&recvData, sizeof(recvData)); + if (read_len < 0) { + LOGE("Error in function read().."); + recvData.result = VCORE_SOCKET_ERROR; + goto Error_close_exit; + } + + if(recvData.certCount > 0) { + recvData.certList = (VcoreCertResponseData *) malloc(recvData.certCount * sizeof(VcoreCertResponseData)); + if (!recvData.certList) { + LOGE("Failed to allocate memory"); + recvData.result = VCORE_SOCKET_ERROR; + goto Error_close_exit; + } + memset(recvData.certList, 0x00, recvData.certCount * sizeof(VcoreCertResponseData)); + for(i=0; i<recvData.certCount; i++) { + read_len = _recv_fixed_lenghth(sockfd, (char*)(recvData.certList + i), sizeof(VcoreCertResponseData)); + if (read_len < 0) { + LOGE("Error in function read().."); + recvData.result = VCORE_SOCKET_ERROR; + goto Error_close_exit; + } + } + } + + if(recvData.certBlockCount > 0) { + recvData.certBlockList = (ResponseCertBlock *) malloc(recvData.certBlockCount * sizeof(ResponseCertBlock)); + if (!recvData.certBlockList) { + LOGE("Failed to allocate memory"); + recvData.result = VCORE_SOCKET_ERROR; + goto Error_close_exit; + } + memset(recvData.certBlockList, 0x00, recvData.certBlockCount * sizeof(ResponseCertBlock)); + for(i=0; i<recvData.certBlockCount; i++) { + read_len = _recv_fixed_lenghth(sockfd, (char*)(recvData.certBlockList + i), sizeof(ResponseCertBlock)); + if (read_len < 0) { + LOGE("Error in function read().."); + recvData.result = VCORE_SOCKET_ERROR; + goto Error_close_exit; + } + } + } + +Error_close_exit: + close(sockfd); + if (recvData.result == VCORE_SOCKET_ERROR) { + free(recvData.certList); + recvData.certList = NULL; + recvData.certCount = 0; + + free(recvData.certBlockList); + recvData.certBlockList = NULL; + recvData.certBlockCount = 0; + } + +Error_exit: + return recvData; +} + +int vcore_client_install_certificate_to_store( + CertStoreType storeType, + const char *gname, + const char *common_name, + const char *private_key_gname, + const char *associated_gname, + const char *certData, + size_t certSize, + CertType certType) +{ + VcoreRequestData* pSendData = NULL; + VcoreResponseData recvData; + initialize_res_data(&recvData); + + if (!gname && !certData) { + LOGE("Invalid input argument."); + return CERTSVC_WRONG_ARGUMENT; + } + + pSendData = set_request_data( + CERTSVC_INSTALL_CERTIFICATE, + storeType, + DISABLED, + gname, + common_name, + private_key_gname, + associated_gname, + certData, + certSize, + certType, 0); + if (pSendData == NULL) { + LOGE("Failed to set request data"); + return CERTSVC_WRONG_ARGUMENT; + } + + recvData = cert_svc_client_comm(pSendData); + free(pSendData); + return recvData.result; +} + +int vcore_client_set_certificate_status_to_store(CertStoreType storeType, int is_root_app, const char* gname, CertStatus status) { + + VcoreRequestData* pSendData = NULL; + VcoreResponseData recvData; + initialize_res_data(&recvData); + + if (gname == NULL) { + LOGE("Invalid input parameter."); + return CERTSVC_WRONG_ARGUMENT; + } + + pSendData = set_request_data(CERTSVC_SET_CERTIFICATE_STATUS, storeType, is_root_app, gname, NULL, NULL, NULL, NULL, 0, 0, status); + if (pSendData == NULL) { + LOGE("Failed to set request data"); + return CERTSVC_WRONG_ARGUMENT; + } + + recvData = cert_svc_client_comm(pSendData); + free(pSendData); + + return recvData.result; +} + +int vcore_client_get_certificate_status_from_store(CertStoreType storeType, const char* gname, int *status) { + + VcoreRequestData* pSendData = NULL; + VcoreResponseData recvData; + initialize_res_data(&recvData); + + if (gname == NULL) { + LOGE("Invalid input parameter."); + return CERTSVC_WRONG_ARGUMENT; + } + + pSendData = set_request_data(CERTSVC_GET_CERTIFICATE_STATUS, storeType, DISABLED, gname, NULL, NULL, NULL, NULL, 0, 0, 0); + if (pSendData == NULL) { + LOGE("Failed to set request data"); + return CERTSVC_WRONG_ARGUMENT; + } + + recvData = cert_svc_client_comm(pSendData); + free(pSendData); + *status = recvData.certStatus; + return recvData.result; +} + +int vcore_client_check_alias_exist_in_store(CertStoreType storeType, const char* alias, int *status) { + + VcoreRequestData* pSendData = NULL; + VcoreResponseData recvData; + initialize_res_data(&recvData); + + if (alias == NULL) { + LOGE("Invalid input parameter."); + return CERTSVC_WRONG_ARGUMENT; + } + + pSendData = set_request_data(CERTSVC_CHECK_ALIAS_EXISTS, storeType, DISABLED,alias, NULL, NULL, NULL, NULL, 0, 0, 0); + if (pSendData == NULL) { + LOGE("Failed to set request data"); + return CERTSVC_WRONG_ARGUMENT; + } + + recvData = cert_svc_client_comm(pSendData); + free(pSendData); + *status = recvData.certStatus; + return recvData.result; +} + +int vcore_client_get_certificate_from_store(CertStoreType storeType, const char* gname, char** certData, size_t* certSize, CertType certType) { + + char* outData = NULL; + VcoreRequestData* pSendData = NULL; + VcoreResponseData recvData; + + if (!gname || !certData || !certSize) { + LOGE("Invalid input argument."); + return CERTSVC_WRONG_ARGUMENT; + } + + initialize_res_data(&recvData); + + if (storeType == SYSTEM_STORE) /* for extracting certificate from system store */ + pSendData = set_request_data(CERTSVC_EXTRACT_SYSTEM_CERT, storeType, DISABLED, gname, NULL, NULL, NULL, NULL, 0, certType, 0); + else /* for extracting certificate from other stores */ + pSendData = set_request_data(CERTSVC_EXTRACT_CERT, storeType, DISABLED, gname, NULL, NULL, NULL, NULL, 0, certType, 0); + + if (pSendData == NULL) { + LOGE("Failed to set request data."); + return CERTSVC_WRONG_ARGUMENT; + } + + recvData = cert_svc_client_comm(pSendData); + if (recvData.result < 0) { + LOGE("An error occurred from server side err[%d]", recvData.result); + free(pSendData); + return recvData.result; + } + free(pSendData); + + if (recvData.dataBlockLen > 0 && recvData.dataBlockLen <= VCORE_MAX_RECV_DATA_SIZE) { + outData = (char*)malloc(recvData.dataBlockLen + 1); + memset(outData, 0x00, recvData.dataBlockLen +1); + memcpy(outData, recvData.dataBlock, recvData.dataBlockLen); + *certData = outData; + *certSize = recvData.dataBlockLen; + } + else { + LOGE("revcData length is wrong : %d", recvData.dataBlockLen); + return CERTSVC_WRONG_ARGUMENT; + } + + return recvData.result; +} + +int vcore_client_delete_certificate_from_store(CertStoreType storeType, const char* gname) { + + VcoreRequestData* pSendData = NULL; + VcoreResponseData recvData; + initialize_res_data(&recvData); + + if (gname == NULL) { + LOGE("Invalid input parameter."); + return CERTSVC_WRONG_ARGUMENT; + } + + pSendData = set_request_data(CERTSVC_DELETE_CERT, storeType, DISABLED, gname, NULL, NULL, NULL, NULL, 0, 0, 0); + if (pSendData == NULL) { + LOGE("Failed to set request data"); + return CERTSVC_WRONG_ARGUMENT; + } + + recvData = cert_svc_client_comm(pSendData); + free(pSendData); + return recvData.result; +} + +int _vcore_client_get_certificate_list_from_store(int reqType, CertStoreType storeType, int is_root_app, + CertSvcStoreCertList** certList, int* length) +{ + VcoreRequestData* pSendData = NULL; + VcoreResponseData recvData; + CertSvcStoreCertList* curr = NULL; + CertSvcStoreCertList* prev = NULL; + VcoreCertResponseData* cert = NULL; + int tmplen = 0; + int i=0; + initialize_res_data(&recvData); + + + pSendData = set_request_data(reqType, storeType, is_root_app, NULL, NULL, NULL, NULL, NULL, 0, 0, 0); + if (pSendData == NULL) { + LOGE("Failed to set request data"); + return CERTSVC_WRONG_ARGUMENT; + } + + recvData = cert_svc_client_comm(pSendData); + + if(recvData.certCount > 0) { + for(i=0; i<recvData.certCount; i++) { + cert = recvData.certList + i ; + curr = (CertSvcStoreCertList*) malloc(sizeof(CertSvcStoreCertList)); + memset(curr, 0x00, sizeof(CertSvcStoreCertList)); + + tmplen = strlen(cert->gname); + curr->gname = (char*) malloc (sizeof(char) * (tmplen+ 1)); + memset(curr->gname, 0x00, tmplen + 1); + memcpy(curr->gname, cert->gname, tmplen); + + tmplen = strlen(cert->title); + curr->title = (char*) malloc (sizeof(char) * (tmplen+ 1)); + memset(curr->title, 0x00, tmplen + 1); + memcpy(curr->title, cert->title, tmplen); + + curr->status = cert->status; + curr->storeType = cert->storeType; + + if(prev == NULL) { + *certList = curr; + }else { + prev->next = curr; + } + prev = curr; + } + } + + *length = recvData.certCount; + + LOGI("get_certificate_list_from_store: result=%d", recvData.result); + if(recvData.certList != NULL) + free(recvData.certList); + free(pSendData); + return recvData.result; +} + +int vcore_client_get_certificate_list_from_store(CertStoreType storeType, int is_root_app, + CertSvcStoreCertList** certList, int* length) +{ + return _vcore_client_get_certificate_list_from_store(CERTSVC_GET_CERTIFICATE_LIST, storeType, is_root_app, + certList, length); +} + +int vcore_client_get_root_certificate_list_from_store(CertStoreType storeType, + CertSvcStoreCertList** certList, int* length) +{ + return _vcore_client_get_certificate_list_from_store(CERTSVC_GET_ROOT_CERTIFICATE_LIST, storeType, 0, + certList, length); +} + +int vcore_client_get_end_user_certificate_list_from_store(CertStoreType storeType, + CertSvcStoreCertList** certList, int* length) +{ + return _vcore_client_get_certificate_list_from_store(CERTSVC_GET_USER_CERTIFICATE_LIST, storeType, 0, + certList, length); +} + +int vcore_client_get_certificate_alias_from_store(CertStoreType storeType, const char *gname, char **alias) +{ + VcoreRequestData* pSendData = NULL; + VcoreResponseData recvData; + initialize_res_data(&recvData); + + if (gname == NULL) { + LOGE("Invalid input parameter."); + return CERTSVC_WRONG_ARGUMENT; + } + + pSendData = set_request_data(CERTSVC_GET_CERTIFICATE_ALIAS, storeType, DISABLED, gname, NULL, NULL, NULL, NULL, 0, 0, 0); + if (pSendData == NULL) { + LOGE("Failed to set request data"); + return CERTSVC_WRONG_ARGUMENT; + } + + recvData = cert_svc_client_comm(pSendData); + + *alias = strndup(recvData.common_name, sizeof(recvData.common_name)); + free(pSendData); + return recvData.result; +} + +int vcore_client_load_certificates_from_store(CertStoreType storeType, const char *gname, char ***certs, int *ncerts) +{ + VcoreRequestData* pSendData = NULL; + VcoreResponseData recvData; + ResponseCertBlock* cert = NULL; + int i=0; + initialize_res_data(&recvData); + + pSendData = set_request_data(CERTSVC_LOAD_CERTIFICATES, storeType, DISABLED, gname, NULL, NULL, NULL, NULL, 0, 0, 0); + if (pSendData == NULL) { + LOGE("Failed to set request data"); + return CERTSVC_WRONG_ARGUMENT; + } + + recvData = cert_svc_client_comm(pSendData); + + *ncerts = recvData.certBlockCount; + *certs = (char**)malloc((recvData.certBlockCount+1) * sizeof(char *)); + (*certs)[recvData.certBlockCount] = NULL; + LOGD("vcore_client_load_certificates_from_store. result=%d, ncerts=%d", recvData.result, *ncerts); + if(recvData.certBlockCount > 0) { + for(i=0; i<recvData.certBlockCount; i++) { + cert = recvData.certBlockList + i ; + (*certs)[i] = strndup(cert->dataBlock, cert->dataBlockLen); + LOGD("vcore_client_load_certificates_from_store. cert=%s", (*certs)[i]); + } + } + + if(recvData.certBlockList != NULL) + free(recvData.certBlockList); + free(pSendData); + return recvData.result; + +} diff --git a/vcore/src/vcore/cert-svc-client.h b/vcore/src/vcore/cert-svc-client.h new file mode 100644 index 0000000..9c5b595 --- /dev/null +++ b/vcore/src/vcore/cert-svc-client.h @@ -0,0 +1,116 @@ +/** + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file cert-svc-client.h + * @author Madhan A K (madhan.ak@samsung.com) + * @version 1.0 + * @brief cert-svc client interface for cert-svc server present in secure-storage module. + */ + +#ifndef CERT_SVC_CLIENT_H_ +#define CERT_SVC_CLIENT_H_ + +#include <cert-svc/cerror.h> +#include <cert-svc/ccert.h> + +#ifdef __cplusplus +extern "C" { +#endif + +#define VCORE_MAX_FILENAME_SIZE 128 +#define VCORE_MAX_RECV_DATA_SIZE 8192 //4096, internal buffer = 4KB*2. /*Note:system store cert size is bigger than 4KB*/ +#define VCORE_MAX_SEND_DATA_SIZE 8192 //4096, internal buffer = 4KB*2. +#define VCORE_MAX_GROUP_ID_SIZE 32 +#define VCORE_MAX_APPID_SIZE 32 +#define VCORE_MAX_PASSWORD_SIZE 32 +#define VCORE_SOCKET_ERROR (-0x01C10000) // TIZEN_ERROR_CONNECTION /*Connection error*/ +#define VCORE_SOCK_PATH "/tmp/CertSocket" +#define VCORE_PKEY_TEMP_PATH "/tmp/tmpData" + +typedef enum { + CERTSVC_EXTRACT_CERT, + CERTSVC_EXTRACT_SYSTEM_CERT, + CERTSVC_DELETE_CERT, + CERTSVC_INSTALL_CERTIFICATE, + CERTSVC_GET_CERTIFICATE_STATUS, + CERTSVC_SET_CERTIFICATE_STATUS, + CERTSVC_CHECK_ALIAS_EXISTS, + CERTSVC_GET_CERTIFICATE_LIST, + CERTSVC_GET_CERTIFICATE_ALIAS, + CERTSVC_GET_USER_CERTIFICATE_LIST, + CERTSVC_GET_ROOT_CERTIFICATE_LIST, + CERTSVC_LOAD_CERTIFICATES, +} VcoreRequestType; + +typedef struct { + VcoreRequestType reqType; + CertStoreType storeType; + char gname[VCORE_MAX_FILENAME_SIZE * 2 + 1]; /* for gname */ + char common_name[VCORE_MAX_FILENAME_SIZE * 2 + 1]; /* for common_name */ + char private_key_gname[VCORE_MAX_FILENAME_SIZE * 2 + 1]; /* for private_key_gname */ + char associated_gname[VCORE_MAX_FILENAME_SIZE * 2 + 1]; /* for associated_gname */ + char dataBlock[VCORE_MAX_SEND_DATA_SIZE]; /* for cert & key buffer */ + size_t dataBlockLen; + int certStatus; + int is_root_app; + CertType certType; +} VcoreRequestData; + +typedef struct { + char gname[VCORE_MAX_FILENAME_SIZE * 2 + 1]; + char title[VCORE_MAX_FILENAME_SIZE * 2 + 1]; + int status; + CertStoreType storeType; +} VcoreCertResponseData; + + +typedef struct { + char dataBlock[VCORE_MAX_RECV_DATA_SIZE]; + size_t dataBlockLen; +} ResponseCertBlock; + +typedef struct { + char dataBlock[VCORE_MAX_RECV_DATA_SIZE]; + size_t dataBlockLen; + int certStatus; + char common_name[VCORE_MAX_FILENAME_SIZE* 2 + 1]; /*for common_name*/ + int result; + int certCount; + VcoreCertResponseData* certList; + int certBlockCount; + ResponseCertBlock* certBlockList; // array +} VcoreResponseData; + + + +int vcore_client_set_certificate_status_to_store(CertStoreType storeType, int is_root_app, const char* gname, CertStatus status); +int vcore_client_get_certificate_status_from_store(CertStoreType storeType, const char* gname, int *status); +int vcore_client_check_alias_exist_in_store(CertStoreType storeType, const char* alias, int *status); +int vcore_client_install_certificate_to_store(CertStoreType storeType, const char *gname, const char *common_name, const char *private_key_gname, const char *associated_gname, const char *dataBlock, size_t dataBlockLen, CertType certType); +int vcore_client_get_certificate_from_store(CertStoreType storeType, const char* gname, char** certData, size_t* certSize, CertType certType); +int vcore_client_delete_certificate_from_store(CertStoreType storeType, const char* gname); +VcoreResponseData cert_svc_client_comm(VcoreRequestData* client_data); +int vcore_client_get_certificate_list_from_store(CertStoreType storeType, int is_root_app, CertSvcStoreCertList** certList, int* length); +int vcore_client_get_root_certificate_list_from_store(CertStoreType storeType, CertSvcStoreCertList** certList, int* length); +int vcore_client_get_end_user_certificate_list_from_store(CertStoreType storeType, CertSvcStoreCertList** certList, int* length); +int vcore_client_get_certificate_alias_from_store(CertStoreType storeType, const char *gname, char **alias); +int vcore_client_load_certificates_from_store(CertStoreType storeType, const char *gname, char ***certs, int *ncerts); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/vcore/src/vcore/exception.cpp b/vcore/src/vcore/exception.cpp new file mode 100644 index 0000000..20d359f --- /dev/null +++ b/vcore/src/vcore/exception.cpp @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file exception.cpp + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file is the implementation of exception system + */ +#include <vcore/exception.h> + +#include <dpl/log/vcore_log.h> + +#include <stddef.h> +#include <cstdio> + +namespace ValidationCore { +Exception* Exception::m_lastException = NULL; +unsigned int Exception::m_exceptionCount = 0; +void (*Exception::m_terminateHandler)() = NULL; + +void LogUnhandledException(const std::string &str) +{ + // Logging to dlog + VcoreLogD("%s", str.c_str()); +} + +void LogUnhandledException(const std::string &str, + const char *filename, + int line, + const char *function) +{ + // Logging to dlog + VcoreLogE("[%s:%d][%s]%s", filename, line, function, str.c_str()); +} +} // namespace ValidationCore diff --git a/vcore/src/vcore/exception.h b/vcore/src/vcore/exception.h new file mode 100644 index 0000000..dae719e --- /dev/null +++ b/vcore/src/vcore/exception.h @@ -0,0 +1,390 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file exception.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief Header file for base exception + */ +#ifndef ValidationCore_EXCEPTION_H +#define ValidationCore_EXCEPTION_H + +#include <string> +#include <cstring> +#include <cstdio> +#include <exception> +#include <cstdlib> +#include <sstream> + +namespace ValidationCore { +void LogUnhandledException(const std::string &str); +void LogUnhandledException(const std::string &str, + const char *filename, + int line, + const char *function); +} + +namespace ValidationCore { +class Exception { +private: + static unsigned int m_exceptionCount; + static Exception* m_lastException; + static void (*m_terminateHandler)(); + + static void AddRef(Exception* exception) + { + if (!m_exceptionCount) { + m_terminateHandler = std::set_terminate(&TerminateHandler); + } + + ++m_exceptionCount; + m_lastException = exception; + } + + static void UnRef(Exception* e) + { + if (m_lastException == e) { + m_lastException = NULL; + } + + --m_exceptionCount; + + if (!m_exceptionCount) { + std::set_terminate(m_terminateHandler); + m_terminateHandler = NULL; + } + } + + static void TerminateHandler() + { + if (m_lastException != NULL) { + DisplayKnownException(*m_lastException); + abort(); + } else { + DisplayUnknownException(); + abort(); + } + } + + Exception *m_reason; + std::string m_path; + std::string m_function; + int m_line; + +protected: + std::string m_message; + std::string m_className; + +public: + static std::string KnownExceptionToString(const Exception &e) + { + std::ostringstream message; + message << + "\033[1;5;31m\n=== Unhandled DPL exception occurred ===\033[m\n\n"; + message << "\033[1;33mException trace:\033[m\n\n"; + message << e.DumpToString(); + message << "\033[1;31m\n=== Will now abort ===\033[m\n"; + + return message.str(); + } + + static std::string UnknownExceptionToString() + { + std::ostringstream message; + message << + "\033[1;5;31m\n=== Unhandled non-DPL exception occurred ===\033[m\n\n"; + message << "\033[1;31m\n=== Will now abort ===\033[m\n"; + + return message.str(); + } + + static void DisplayKnownException(const Exception& e) + { + LogUnhandledException(KnownExceptionToString(e).c_str()); + } + + static void DisplayUnknownException() + { + LogUnhandledException(UnknownExceptionToString().c_str()); + } + + Exception(const Exception &other) + { + // Deep copy + if (other.m_reason != NULL) { + m_reason = new Exception(*other.m_reason); + } else { + m_reason = NULL; + } + + m_message = other.m_message; + m_path = other.m_path; + m_function = other.m_function; + m_line = other.m_line; + + m_className = other.m_className; + + AddRef(this); + } + + const Exception &operator =(const Exception &other) + { + if (this == &other) { + return *this; + } + + // Deep copy + if (other.m_reason != NULL) { + m_reason = new Exception(*other.m_reason); + } else { + m_reason = NULL; + } + + m_message = other.m_message; + m_path = other.m_path; + m_function = other.m_function; + m_line = other.m_line; + + m_className = other.m_className; + + AddRef(this); + + return *this; + } + + Exception(const char *path, + const char *function, + int line, + const std::string &message) : + m_reason(NULL), + m_path(path), + m_function(function), + m_line(line), + m_message(message) + { + AddRef(this); + } + + Exception(const char *path, + const char *function, + int line, + const Exception &reason, + const std::string &message) : + m_reason(new Exception(reason)), + m_path(path), + m_function(function), + m_line(line), + m_message(message) + { + AddRef(this); + } + + virtual ~Exception() throw() + { + if (m_reason != NULL) { + delete m_reason; + m_reason = NULL; + } + + UnRef(this); + } + + void Dump() const + { + // Show reason first + if (m_reason != NULL) { + m_reason->Dump(); + } + + // Afterward, dump exception + const char *file = strchr(m_path.c_str(), '/'); + + if (file == NULL) { + file = m_path.c_str(); + } else { + ++file; + } + + printf("\033[0;36m[%s:%i]\033[m %s() \033[4;35m%s\033[m: %s\033[m\n", + file, m_line, + m_function.c_str(), + m_className.c_str(), + m_message.empty() ? "<EMPTY>" : m_message.c_str()); + } + + std::string DumpToString() const + { + std::string ret; + if (m_reason != NULL) { + ret = m_reason->DumpToString(); + } + + const char *file = strchr(m_path.c_str(), '/'); + + if (file == NULL) { + file = m_path.c_str(); + } else { + ++file; + } + + char buf[1024]; + snprintf(buf, + sizeof(buf), + "\033[0;36m[%s:%i]\033[m %s() \033[4;35m%s\033[m: %s\033[m\n", + file, + m_line, + m_function.c_str(), + m_className.c_str(), + m_message.empty() ? "<EMPTY>" : m_message.c_str()); + + buf[sizeof(buf) - 1] = '\n'; + ret += buf; + + return ret; + } + + Exception *GetReason() const + { + return m_reason; + } + + std::string GetPath() const + { + return m_path; + } + + std::string GetFunction() const + { + return m_function; + } + + int GetLine() const + { + return m_line; + } + + std::string GetMessage() const + { + return m_message; + } + + std::string GetClassName() const + { + return m_className; + } +}; +} // namespace ValidationCore + +#define VcoreTry try + +#define VcoreThrow(ClassName) \ + throw ClassName(__FILE__, __FUNCTION__, __LINE__) + +#define VcoreThrowMsg(ClassName, Message) \ + do \ + { \ + std::ostringstream dplLoggingStream; \ + dplLoggingStream << Message; \ + throw ClassName(__FILE__, __FUNCTION__, __LINE__, dplLoggingStream.str()); \ + } while (0) + +#define VcoreReThrow(ClassName) \ + throw ClassName(__FILE__, __FUNCTION__, __LINE__, _rethrown_exception) + +#define VcoreReThrowMsg(ClassName, Message) \ + throw ClassName(__FILE__, \ + __FUNCTION__, \ + __LINE__, \ + _rethrown_exception, \ + Message) + +#define VcoreCatch(ClassName) \ + catch (const ClassName &_rethrown_exception) + +#define VCORE_DECLARE_EXCEPTION_TYPE(BaseClass, Class) \ + class Class : public BaseClass { \ + public: \ + Class(const char *path, \ + const char *function, \ + int line, \ + const std::string & message = std::string()) \ + : BaseClass(path, function, line, message) { \ + \ + BaseClass::m_className = #Class; \ + } \ + \ + Class(const char *path, \ + const char *function, \ + int line, \ + const ValidationCore::Exception & reason, \ + const std::string & message = std::string()) \ + : BaseClass(path, function, line, reason, message) { \ + BaseClass::m_className = #Class; \ + } \ + }; + +#define VCORE_UNHANDLED_EXCEPTION_HANDLER_BEGIN try + +#define VCORE_UNHANDLED_EXCEPTION_HANDLER_END \ + catch (const ValidationCore::Exception &exception) \ + { \ + std::ostringstream msg; \ + msg << ValidationCore::Exception::KnownExceptionToString(exception); \ + ValidationCore::LogUnhandledException(msg.str(), \ + __FILE__, \ + __LINE__, \ + __FUNCTION__); \ + abort(); \ + } \ + catch (std::exception& e) \ + { \ + std::ostringstream msg; \ + msg << e.what(); \ + msg << "\n"; \ + msg << ValidationCore::Exception::UnknownExceptionToString(); \ + ValidationCore::LogUnhandledException(msg.str(), \ + __FILE__, \ + __LINE__, \ + __FUNCTION__); \ + abort(); \ + } \ + catch (...) \ + { \ + std::ostringstream msg; \ + msg << ValidationCore::Exception::UnknownExceptionToString(); \ + ValidationCore::LogUnhandledException(msg.str(), \ + __FILE__, \ + __LINE__, \ + __FUNCTION__); \ + abort(); \ + } + +namespace ValidationCore { +namespace CommonException { +/** + * Internal exception definitions + * + * These should normally not happen. + * Usually, exception trace with internal error includes + * important messages. + */ +VCORE_DECLARE_EXCEPTION_TYPE(Exception, InternalError) ///< Unexpected error from + // underlying libraries or + // kernel +} +} + +#endif // ValidationCore_EXCEPTION_H diff --git a/vcore/src/vcore/pkcs12.c b/vcore/src/vcore/pkcs12.c deleted file mode 100755 index 1239dda..0000000 --- a/vcore/src/vcore/pkcs12.c +++ /dev/null @@ -1,946 +0,0 @@ -/** - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file pkcs12.h - * @author Jacek Migacz (j.migacz@samsung.com) - * @version 1.0 - * @brief PKCS#12 container manipulation routines. - */ -#define _GNU_SOURCE -#define _CERT_SVC_VERIFY_PKCS12 - -#include <cert-service.h> -#include "cert-service-util.h" -#include "pkcs12.h" -#include <cert-svc/cerror.h> -#include <unistd.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> -#include <errno.h> -#include <string.h> -#include <openssl/err.h> -#include <openssl/pkcs12.h> -#include <openssl/sha.h> -#include <openssl/x509.h> -#include <openssl/pem.h> -#include <ss_manager.h> -#include <dlfcn.h> -#include <cert-service-debug.h> -#include <tzplatform_config.h> -#include <tizen.h> - -#define SYSCALL(call) while(((call) == -1) && (errno == EINTR)) - -#define CERTSVC_PKCS12_STORAGE_DIR tzplatform_mkpath(TZ_SYS_SHARE, "cert-svc/pkcs12") -#define CERTSVC_PKCS12_STORAGE_FILE "storage" -#define CERTSVC_PKCS12_STORAGE_PATH tzplatform_mkpath3(TZ_SYS_SHARE,"cert-svc/pkcs12", CERTSVC_PKCS12_STORAGE_FILE) -#define MAX_PASSWORD_SIZE 32 -#define MAX_SEND_DATA_SIZE 4096 // internal buffer = 4KB - -typedef enum -{ - SSA_PARAM_ERROR = TIZEN_ERROR_SYSTEM_CLASS | 0x01, /** < Invalid parameters */ - SSA_AUTHENTICATION_ERROR = TIZEN_ERROR_SYSTEM_CLASS | 0x02, /** < Authentication error */ - SSA_TZ_ERROR = TIZEN_ERROR_SYSTEM_CLASS | 0x03, /** < Trust zone error */ - SSA_SOCKET_ERROR = TIZEN_ERROR_CONNECTION, /** < Connection error */ - SSA_PERMISSION_ERROR = TIZEN_ERROR_PERMISSION_DENIED, /** < Permission denied */ - SSA_SECURITY_SERVER_ERROR = TIZEN_ERROR_SYSTEM_CLASS | 0x04,/** < Security server error */ - SSA_CIPHER_ERROR = TIZEN_ERROR_SYSTEM_CLASS | 0x05, /** < Encryption / Decryption error */ - SSA_IO_ERROR = TIZEN_ERROR_IO_ERROR, /** < I/O error */ - SSA_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, /** < Out of memory */ - SSA_UNKNOWN_ERROR = TIZEN_ERROR_UNKNOWN, /** < Unknown error */ -} ssa_error_e; - -static const char CERTSVC_PKCS12_STORAGE_KEY_PKEY[] = "pkey"; -static const char CERTSVC_PKCS12_STORAGE_KEY_CERTS[] = "certs"; -static const gchar CERTSVC_PKCS12_STORAGE_SEPARATOR = ';'; -static const char CERTSVC_PKCS12_UNIX_GROUP[] = "secure-storage::pkcs12"; - -static gboolean keyfile_check(const char *pathname) { - int result; - if(access(pathname, F_OK | R_OK | W_OK) == 0) - return TRUE; - SYSCALL(result = creat(pathname, S_IRUSR | S_IWUSR)); - if (result != -1) { - close(result); - return TRUE; - } else { - return FALSE; - } -} - -static GKeyFile *keyfile_load(const char *pathname) { - GKeyFile *keyfile; - GError *error; - - if(!keyfile_check(pathname)) - return NULL; - keyfile = g_key_file_new(); - error = NULL; - if(!g_key_file_load_from_file(keyfile, pathname, G_KEY_FILE_KEEP_COMMENTS, &error)) { - g_key_file_free(keyfile); - return NULL; - } - return keyfile; -} - -static int generate_random_filepath(char **filepath) { - int generator; - int64_t random; - SHA_CTX ctx; - unsigned char d[SHA_DIGEST_LENGTH]; - int result; - - if(!filepath) - return CERTSVC_WRONG_ARGUMENT; - - SYSCALL(generator = open("/dev/urandom", O_RDONLY)); - if(generator == -1) - return CERTSVC_FAIL; - SYSCALL(result = read(generator, &random, sizeof(random))); - if(result == -1) { - SYSCALL(close(generator)); - return CERTSVC_FAIL; - } - SYSCALL(result = close(generator)); - if(result == -1) - return CERTSVC_FAIL; - - SHA1_Init(&ctx); - SHA1_Update(&ctx, &random, sizeof(random)); - SHA1_Final(d, &ctx); - - result = asprintf(filepath, "%s/" \ - "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x" \ - "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", - CERTSVC_PKCS12_STORAGE_DIR, - d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7], d[8], d[9], - d[10], d[11], d[12], d[13], d[14], d[15], d[16], d[17], d[18], d[19]); - return (result != -1) ? CERTSVC_SUCCESS : CERTSVC_BAD_ALLOC; -} - -static int unique_filename(char **filepath, gboolean with_secure_storage) { - const unsigned attempts = 0xFFU; - unsigned trial; - int result; - ssm_file_info_t sfi; - gboolean exists; - char* data = NULL; - char* tempfilepath = NULL; - - trial = 0U; - try_again: - ++trial; - result = generate_random_filepath(&tempfilepath); - if(result != CERTSVC_SUCCESS) - return result; - if(with_secure_storage) - exists = (access(*tempfilepath, F_OK) == 0 || ssm_getinfo(*filepath, &sfi, SSM_FLAG_DATA, CERTSVC_PKCS12_UNIX_GROUP) == 0); - else - exists = (access(*tempfilepath, F_OK) == 0); - - if(!exists) { - *filepath = tempfilepath; - } - else { - if(data){ - free(data); - data = NULL; - } - free(tempfilepath); - if(trial + 1 > attempts) - return CERTSVC_FAIL; - else - goto try_again; - } - return CERTSVC_SUCCESS; -} - -static char *bare_filename(char *filepath) { - char *needle; - if(!filepath) - return NULL; - needle = strrchr(filepath, '/'); - if(!needle) - return NULL; - return *(++needle) ? needle : NULL; -} - -int c_certsvc_pkcs12_alias_exists(const gchar *alias, gboolean *exists) { - GKeyFile *keyfile; - - if(exists == NULL) - return CERTSVC_WRONG_ARGUMENT; - keyfile = keyfile_load(CERTSVC_PKCS12_STORAGE_PATH); - if(!keyfile) - return CERTSVC_IO_ERROR; - *exists = g_key_file_has_group(keyfile, alias); - g_key_file_free(keyfile); - return CERTSVC_SUCCESS; -} - -int c_certsvc_pkcs12_import(const char *path, const char *password, const gchar *alias) { - int exists; - FILE *stream; - PKCS12 *container; - EVP_PKEY *key; - X509 *cert; - STACK_OF(X509) *certv; - int nicerts; - char *unique; - int result = 0; - struct stat st; - int wr_res; - void* dlHandle = NULL; - GKeyFile *keyfile; - gchar *bare; - gchar *pkvalue; - gchar **cvaluev; - gsize i, n; - gchar *data; - gsize length; - static int initFlag = 0; - const char appInfo[] = "certsvcp12"; - int readLen = 0; - char fileBuffer[4096] = {0,}; - - certv = NULL; - pkvalue = NULL; - if(!alias || strlen(alias) < 1) - return CERTSVC_WRONG_ARGUMENT; - result = c_certsvc_pkcs12_alias_exists(alias, &exists); - if(result != CERTSVC_SUCCESS) - return result; - if(exists == TRUE) - return CERTSVC_DUPLICATED_ALIAS; - - keyfile = keyfile_load(CERTSVC_PKCS12_STORAGE_PATH); - if(!keyfile) - return CERTSVC_IO_ERROR; - if(stat(CERTSVC_PKCS12_STORAGE_PATH, &st) == -1) { - if(mkdir(CERTSVC_PKCS12_STORAGE_PATH, S_IRWXU | S_IRWXG | S_IRWXO) == -1) { - result = CERTSVC_FAIL; - goto free_keyfile; - } - } - - if((stream = fopen(path, "rb")) == NULL) { - result = CERTSVC_IO_ERROR; - goto free_keyfile; - } - container = d2i_PKCS12_fp(stream, NULL); - fclose(stream); - if(container == NULL) { - result = CERTSVC_FAIL; - goto free_keyfile; - } - -#ifdef TIZEN_FEATURE_OSP_DISABLE - LOGD("TIZEN_FEAT_OSP_DISABLE is 1"); -#endif - -#ifndef TIZEN_FEATURE_OSP_DISABLE - LOGD("TIZEN_FEAT_OSP_DISABLE is 0"); -#endif - -#ifndef TIZEN_FEATURE_OSP_DISABLE - dlHandle = dlopen("/usr/lib/osp/libosp-appfw.so", RTLD_LAZY); - if (!dlHandle) - { - LOGD("Failed to open so with reason : %s", dlerror()); - goto free_keyfile; - } -#endif - result = PKCS12_parse(container, password, &key, &cert, &certv); - PKCS12_free(container); - if (result == 0) - { - LOGD("Failed to parse PKCS12"); - result = CERTSVC_FAIL; - goto free_keyfile; - } - -#define _CERT_SVC_VERIFY_PKCS12 -#ifdef _CERT_SVC_VERIFY_PKCS12 - - if (certv == NULL) - { - char* pSubject = NULL; - char* pIssuerName = NULL; - int isSelfSigned = 0; - - pSubject = X509_NAME_oneline(cert->cert_info->subject, NULL, 0); - if (!pSubject) - { - LOGD("Failed to get subject name"); - result = CERTSVC_FAIL; - goto free_keyfile; - } - - pIssuerName = X509_NAME_oneline(cert->cert_info->issuer, NULL, 0); - if (!pIssuerName) - { - LOGD("Failed to get issuer name"); - free(pSubject); - result = CERTSVC_FAIL; - goto free_keyfile; - } - - if (strcmp((const char*)pSubject, (const char*)pIssuerName) == 0) - { - //self signed.. - //isSelfSigned = 1; - - EVP_PKEY* pKey = X509_get_pubkey(cert); - if (!pKey) - { - LOGD("Failed to get public key"); - result = CERTSVC_FAIL; - free(pSubject); - free(pIssuerName); - goto free_keyfile; - } - - if (X509_verify(cert, pKey) <= 0) - { - LOGD("P12 verification failed"); - result = CERTSVC_FAIL; - EVP_PKEY_free(pKey); - free(pSubject); - free(pIssuerName); - goto free_keyfile; - } - LOGD("P12 verification Success"); - EVP_PKEY_free(pKey); - } - else - { - //isSelfSigned = 0; - int res = 0; - X509_STORE_CTX *cert_ctx = NULL; - X509_STORE *cert_store = NULL; - - cert_store = X509_STORE_new(); - if (!cert_store) - { - LOGD("Memory allocation failed"); - free(pSubject); - free(pIssuerName); - result = CERTSVC_FAIL; - goto free_keyfile; - } - - res = X509_STORE_load_locations(cert_store, NULL, tzplatform_mkpath(TZ_SYS_ETC, "ssl/certs/")); - if (res != 1) - { - LOGD("P12 load certificate store failed"); - free(pSubject); - free(pIssuerName); - X509_STORE_free(cert_store); - result = CERTSVC_FAIL; - goto free_keyfile; - } - - res = X509_STORE_set_default_paths(cert_store); - if (res != 1) - { - LOGD("P12 load certificate store path failed"); - free(pSubject); - free(pIssuerName); - X509_STORE_free(cert_store); - result = CERTSVC_FAIL; - goto free_keyfile; - } - - // initialize store and store context - cert_ctx = X509_STORE_CTX_new(); - if (cert_ctx == NULL) - { - LOGD("Memory allocation failed"); - free(pSubject); - free(pIssuerName); - X509_STORE_free(cert_store); - result = CERTSVC_FAIL; - goto free_keyfile; - } - - // construct store context - if (!X509_STORE_CTX_init(cert_ctx, cert_store, cert, NULL)) - { - LOGD("Memory allocation failed"); - free(pSubject); - free(pIssuerName); - X509_STORE_free(cert_store); - X509_STORE_CTX_free(cert_ctx); - result = CERTSVC_FAIL; - goto free_keyfile; - } - - res = X509_verify_cert(cert_ctx); - if (res != 1) - { - LOGD("P12 verification failed"); - free(pSubject); - free(pIssuerName); - X509_STORE_free(cert_store); - X509_STORE_CTX_free(cert_ctx); - result = CERTSVC_FAIL; - goto free_keyfile; - } - X509_STORE_free(cert_store); - X509_STORE_CTX_free(cert_ctx); - LOGD("P12 verification Success"); - } - free(pSubject); - free(pIssuerName); - } - else if (certv != NULL) - { - // Cert Chain - int res = 0; - X509_STORE_CTX *cert_ctx = NULL; - X509_STORE *cert_store = NULL; - - cert_store = X509_STORE_new(); - if (!cert_store) - { - LOGD("Memory allocation failed"); - result = CERTSVC_FAIL; - goto free_keyfile; - } - - res = X509_STORE_load_locations(cert_store, NULL, tzplatform_mkpath(TZ_SYS_SHARE, "cert-svc/certs/ssl/")); - if (res != 1) - { - LOGD("P12 load certificate store failed"); - result = CERTSVC_FAIL; - X509_STORE_free(cert_store); - goto free_keyfile; - } - - res = X509_STORE_set_default_paths(cert_store); - if (res != 1) - { - LOGD("P12 load certificate path failed"); - result = CERTSVC_FAIL; - X509_STORE_free(cert_store); - goto free_keyfile; - } - - // initialize store and store context - cert_ctx = X509_STORE_CTX_new(); - if (cert_ctx == NULL) - { - LOGD("Memory allocation failed"); - result = CERTSVC_FAIL; - X509_STORE_free(cert_store); - goto free_keyfile; - } - - // construct store context - if (!X509_STORE_CTX_init(cert_ctx, cert_store, cert, NULL)) - { - LOGD("Memory allocation failed"); - result = CERTSVC_FAIL; - X509_STORE_free(cert_store); - X509_STORE_CTX_free(cert_ctx); - goto free_keyfile; - } - - X509_STORE_CTX_trusted_stack(cert_ctx, certv); - - res = X509_verify_cert(cert_ctx); - if (res != 1) - { - LOGD("P12 verification failed"); - result = CERTSVC_FAIL; - X509_STORE_free(cert_store); - X509_STORE_CTX_free(cert_ctx); - goto free_keyfile; - } - - LOGD("P12 verification Success"); - X509_STORE_free(cert_store); - X509_STORE_CTX_free(cert_ctx); - } -#endif //_CERT_SVC_VERIFY_PKCS12 - nicerts = certv ? sk_X509_num(certv) : 0; - cvaluev = (gchar **)calloc(1 + nicerts, sizeof(gchar *)); - n = 0; - - result = unique_filename(&unique, TRUE); - if(result != CERTSVC_SUCCESS) - goto clean_cert_chain_and_pkey; - if((stream = fopen(unique, "w+")) == NULL) { - free(unique); - result = CERTSVC_IO_ERROR; - goto clean_cert_chain_and_pkey; - } - result = PEM_write_PrivateKey(stream, key, NULL, NULL, 0, NULL, NULL); - if(result == 0) { - result = CERTSVC_FAIL; - fclose(stream); - free(unique); - goto clean_cert_chain_and_pkey; - } - - fseek(stream, 0, SEEK_SET); - - readLen = fread(fileBuffer, sizeof(char), 4096, stream); - fclose(stream); - if(readLen <= 0){ - free(unique); - result = CERTSVC_FAIL; - SLOGE("failed to read key file"); - goto clean_cert_chain_and_pkey; - } - wr_res = ssm_write_file(unique, SSM_FLAG_DATA, CERTSVC_PKCS12_UNIX_GROUP); - if(wr_res != 0) { - free(unique); - result = CERTSVC_FAIL; - goto clean_cert_chain_and_pkey; - } - unlink(unique); - - bare = bare_filename(unique); - if(bare) { - pkvalue = g_strdup(bare); - g_key_file_set_string(keyfile, alias, CERTSVC_PKCS12_STORAGE_KEY_PKEY, pkvalue); - } - free(unique); - result = unique_filename(&unique, FALSE); - if(result != CERTSVC_SUCCESS) - goto clean_cert_chain_and_pkey; - if((stream = fopen(unique, "w")) == NULL) { - free(unique); - result = CERTSVC_IO_ERROR; - goto clean_cert_chain_and_pkey; - } - result = PEM_write_X509(stream, cert); - fclose(stream); - if(result == 0) { - result = CERTSVC_FAIL; - goto clean_cert_chain_and_pkey; - } - bare = bare_filename(unique); - if(bare) - cvaluev[n++] = g_strdup(bare); - free(unique); - for(i = 0; i < (unsigned int)nicerts; i++) { - result = unique_filename(&unique, FALSE); - if(result != CERTSVC_SUCCESS) - goto clean_cert_chain_and_pkey; - if((stream = fopen(unique, "w")) == NULL) { - free(unique); - result = CERTSVC_IO_ERROR; - goto clean_cert_chain_and_pkey; - } - result = PEM_write_X509_AUX(stream, sk_X509_value(certv, i)); - fclose(stream); - if(result == 0) { - result = CERTSVC_FAIL; - goto clean_cert_chain_and_pkey; - } - bare = bare_filename(unique); - if(bare) - cvaluev[n++] = g_strdup(bare); - free(unique); - } - g_key_file_set_list_separator(keyfile, CERTSVC_PKCS12_STORAGE_SEPARATOR); - g_key_file_set_string_list(keyfile, alias, CERTSVC_PKCS12_STORAGE_KEY_CERTS, (const gchar * const *)cvaluev, n); - data = g_key_file_to_data(keyfile, &length, NULL); - if(data == NULL) { - result = CERTSVC_BAD_ALLOC; - goto clean_cert_chain_and_pkey; - } - if(!g_file_set_contents(CERTSVC_PKCS12_STORAGE_PATH, data, length, NULL)) { - result = CERTSVC_IO_ERROR; - goto free_data; - } - result = CERTSVC_SUCCESS; - - SECURE_LOGD("( %s, %s)", path, password); -#ifndef TIZEN_FEATURE_OSP_DISABLE - - typedef int (*InsertPkcs12FuncPointer)(const char*, const char*); - typedef void (*InitAppInfoPointer)(const char*, const char*); - - InsertPkcs12FuncPointer pInsertPkcs12FuncPointer = NULL; - InitAppInfoPointer pInit = NULL; - - - pInsertPkcs12FuncPointer = (InsertPkcs12FuncPointer)dlsym(dlHandle, "InsertPkcs12Content"); - if (dlerror() != NULL) - { - LOGD("Failed to find InsertPkcs12Content symbol : %s", dlerror()); - result = CERTSVC_FAIL; - goto free_data; - } - - if(initFlag == 0) - { - pInit = (InitAppInfoPointer)dlsym(dlHandle, "InitWebAppInfo"); - if (dlerror() != NULL) - { - LOGD("Failed to find InitWebAppInfo symbol : %s", dlerror()); - result = CERTSVC_FAIL; - goto free_data; - } - - pInit(appInfo, NULL); - initFlag = 1; - } - - int errCode = pInsertPkcs12FuncPointer(path, password); - if (errCode != 0) - { - LOGD("dlHandle is not able to call function"); - c_certsvc_pkcs12_delete(alias); - result = CERTSVC_FAIL; - goto free_data; - } -#endif - free_data: - g_free(data); - - clean_cert_chain_and_pkey: - EVP_PKEY_free(key); - X509_free(cert); - sk_X509_free(certv); - free(pkvalue); - for(i = 0; i < n; i++) { - g_free(cvaluev[i]); - } - free(cvaluev); - free_keyfile: - g_key_file_free(keyfile); -#ifndef TIZEN_FEATURE_OSP_DISABLE - if(dlHandle){ - dlclose(dlHandle); - } -#endif - return result; -} - -int c_certsvc_pkcs12_aliases_load(gchar ***aliases, gsize *naliases) { - GKeyFile *keyfile; - - keyfile = keyfile_load(CERTSVC_PKCS12_STORAGE_PATH); - if(!keyfile) - return CERTSVC_IO_ERROR; - *aliases = g_key_file_get_groups(keyfile, naliases); - g_key_file_free(keyfile); - return CERTSVC_SUCCESS; -} - -void c_certsvc_pkcs12_aliases_free(gchar **aliases) { - g_strfreev(aliases); -} - -int c_certsvc_pkcs12_has_password(const char *filepath, gboolean *passworded) { - FILE *stream; - EVP_PKEY *pkey; - X509 *cert; - PKCS12 *container; - int result; - - if(passworded == NULL) - return CERTSVC_WRONG_ARGUMENT; - if((stream = fopen(filepath, "rb")) == NULL) - return CERTSVC_IO_ERROR; - container = d2i_PKCS12_fp(stream, NULL); - fclose(stream); - if(container == NULL) - return CERTSVC_FAIL; - result = PKCS12_parse(container, NULL, &pkey, &cert, NULL); - PKCS12_free(container); - if(result == 1) { - EVP_PKEY_free(pkey); - X509_free(cert); - *passworded = FALSE; - return CERTSVC_SUCCESS; - } - else { - if(ERR_GET_REASON(ERR_peek_last_error()) == PKCS12_R_MAC_VERIFY_FAILURE) { - *passworded = TRUE; - return CERTSVC_SUCCESS; - } - else - return CERTSVC_FAIL; - } -} - -int c_certsvc_pkcs12_load_certificates(const gchar *alias, gchar ***certs, gsize *ncerts) { - GKeyFile *keyfile; - gchar **barev; - gsize i; - keyfile = keyfile_load(CERTSVC_PKCS12_STORAGE_PATH); - if(!keyfile) - return CERTSVC_IO_ERROR; - g_key_file_set_list_separator(keyfile, CERTSVC_PKCS12_STORAGE_SEPARATOR); - barev = g_key_file_get_string_list(keyfile, alias, CERTSVC_PKCS12_STORAGE_KEY_CERTS, ncerts, NULL); - if(barev == NULL) { - *ncerts = 0; - goto free_keyfile; - } - *certs = g_malloc((*ncerts + 1) * sizeof(gchar *)); - for(i = 0; i < *ncerts; i++) - (*certs)[i] = g_strdup_printf("%s/%s", CERTSVC_PKCS12_STORAGE_DIR, barev[i]); - (*certs)[*ncerts] = NULL; - g_strfreev(barev); -free_keyfile: - g_key_file_free(keyfile); - return CERTSVC_SUCCESS; -} - -void c_certsvc_pkcs12_free_certificates(gchar **certs) { - gsize i = 0; - if(certs == NULL) - return; - while(certs[i]) - g_free(certs[i++]); - g_free(certs); -} - -int c_certsvc_pkcs12_private_key_load(const gchar *alias, char **buffer, gsize *count) { - GKeyFile *keyfile; - gchar *pkey; - GError *error; - ssm_file_info_t sfi; - char *spkp; - int result; - - if(!buffer) - return CERTSVC_WRONG_ARGUMENT; - keyfile = keyfile_load(CERTSVC_PKCS12_STORAGE_PATH); - if(!keyfile) - return CERTSVC_IO_ERROR; - error = NULL; - result = CERTSVC_SUCCESS; - pkey = g_key_file_get_string(keyfile, alias, CERTSVC_PKCS12_STORAGE_KEY_PKEY, &error); - if(error && error->code == G_KEY_FILE_ERROR_KEY_NOT_FOUND) { - *count = 0; - result = CERTSVC_SUCCESS; - } - else if(error) - result = CERTSVC_FAIL; - else { - if(asprintf(&spkp, "%s/%s", CERTSVC_PKCS12_STORAGE_DIR, pkey) == -1) { - spkp = NULL; - result = CERTSVC_BAD_ALLOC; - } - else if(ssm_getinfo(spkp, &sfi, SSM_FLAG_DATA, CERTSVC_PKCS12_UNIX_GROUP) == 0) { - if((*buffer = malloc(sfi.originSize))) { - if(ssm_read(spkp, *buffer, sfi.originSize, count, SSM_FLAG_DATA, CERTSVC_PKCS12_UNIX_GROUP) != 0) { - c_certsvc_pkcs12_private_key_free(*buffer); - result = CERTSVC_FAIL; - } - } - else - result = CERTSVC_BAD_ALLOC; - } - free(spkp); - g_free(pkey); - } - g_key_file_free(keyfile); - return result; -} - -void c_certsvc_pkcs12_private_key_free(char *buffer) { - free(buffer); -} - -static void _delete_from_osp_cert_mgr(const char* path); - -static void -_delete_from_osp_cert_mgr(const char* path) -{ - - typedef int (*RemoveUserCertificatePointer)(unsigned char*, int); - typedef void (*InitAppInfoPointer)(const char*, const char*); - - static int initFlag = 0; - - unsigned char* pCertBuffer = NULL; - int certBufferLen = 0; - const char appInfo[] = "certsvcp12"; - - RemoveUserCertificatePointer pRemoveUserCertificatePointer = NULL; - InitAppInfoPointer pInit = NULL; - void* dlHandle = dlopen("/usr/lib/osp/libosp-appfw.so", RTLD_LAZY); - if (!dlHandle) - { - LOGD("Failed to open so with reason : %s", dlerror()); - goto end_of_func; - } - - pRemoveUserCertificatePointer = (RemoveUserCertificatePointer)dlsym(dlHandle, "RemoveUserCertificate"); - if (dlerror() != NULL) - { - LOGD("Failed to find RemoveUserCertificate symbol : %s", dlerror()); - goto end_of_func; - } - - if(initFlag == 0) - { - pInit = (InitAppInfoPointer)dlsym(dlHandle, "InitWebAppInfo"); - if (dlerror() != NULL) - { - LOGD("Failed to find InitWebAppInfo symbol : %s", dlerror()); - goto end_of_func; - } - - pInit(appInfo, NULL); - initFlag = 1; - } - - int result = certsvc_load_file_to_buffer(path, &pCertBuffer, &certBufferLen); - if (result != 0 ) - { - LOGD("certsvc_load_file_to_buffer Failed."); - goto end_of_func; - } - int errCode = pRemoveUserCertificatePointer(pCertBuffer, certBufferLen); - if (errCode != 0) - { - LOGD("dlHandle is not able to call function"); - goto end_of_func; - } - -end_of_func: - - if(dlHandle){ - dlclose(dlHandle); - } - return; -} - - -int certsvc_load_file_to_buffer(const char* filePath, unsigned char** certBuf, int* length) -{ - int ret = CERT_SVC_ERR_NO_ERROR; - FILE* fp_in = NULL; - unsigned long int fileSize = 0; - - /* get file size */ - if((ret = cert_svc_get_file_size(filePath, &fileSize)) != CERT_SVC_ERR_NO_ERROR) { - SECURE_SLOGE("[ERR][%s] Fail to get file size, [%s]\n", __func__, filePath); - return CERT_SVC_ERR_FILE_IO; - } - /* open file and write to buffer */ - if(!(fp_in = fopen(filePath, "rb"))) { - SECURE_SLOGE("[ERR][%s] Fail to open file, [%s]\n", __func__, filePath); - return CERT_SVC_ERR_FILE_IO; - } - - if(!(*certBuf = (unsigned char*)malloc(sizeof(unsigned char) * (unsigned int)(fileSize + 1)))) { - SLOGE("[ERR][%s] Fail to allocate memory.\n", __func__); - ret = CERT_SVC_ERR_MEMORY_ALLOCATION; - goto err; - } - memset(*certBuf, 0x00, (fileSize + 1)); - if(fread(*certBuf, sizeof(unsigned char), fileSize, fp_in) != fileSize) { - SECURE_SLOGE("[ERR][%s] Fail to read file, [%s]\n", __func__, filePath); - ret = CERT_SVC_ERR_FILE_IO; - goto err; - } - - *length = fileSize; - -err: - if(fp_in != NULL) - fclose(fp_in); - return ret; -} - -int c_certsvc_pkcs12_delete(const gchar *alias) { - gchar **certs; - gsize ncerts; - char *pkey; - char *spkp; - int result; - GKeyFile *keyfile; - gchar *data; - gsize i, length; - - data = NULL; - result = c_certsvc_pkcs12_load_certificates(alias, &certs, &ncerts); - if(result != CERTSVC_SUCCESS) - goto load_certificates_failed; - keyfile = keyfile_load(CERTSVC_PKCS12_STORAGE_PATH); - if(!keyfile) { - result = CERTSVC_IO_ERROR; - goto keyfile_load_failed; - } - pkey = g_key_file_get_string(keyfile, alias, CERTSVC_PKCS12_STORAGE_KEY_PKEY, NULL); - if(g_key_file_remove_group(keyfile, alias, NULL)) { - data = g_key_file_to_data(keyfile, &length, NULL); - if(data == NULL) { - result = CERTSVC_BAD_ALLOC; - goto keyfile_free; - } - if(!g_file_set_contents(CERTSVC_PKCS12_STORAGE_PATH, data, length, NULL)) { - result = CERTSVC_IO_ERROR; - goto data_free; - } - } - - _delete_from_osp_cert_mgr(certs[0]); - for(i = 0; i < ncerts; i++) - { - unlink(certs[i]); - } - if(pkey != NULL) { - if(asprintf(&spkp, "%s/%s", CERTSVC_PKCS12_STORAGE_DIR, pkey) == -1) { - result = CERTSVC_BAD_ALLOC; - goto data_free; - } - ssm_delete_file(spkp, SSM_FLAG_DATA, CERTSVC_PKCS12_UNIX_GROUP); - free(spkp); - } - data_free: - g_free(data); - keyfile_free: - g_key_file_free(keyfile); - keyfile_load_failed: - if(ncerts != 0) - c_certsvc_pkcs12_free_certificates(certs); - load_certificates_failed: - return result; -} - - -int cert_svc_get_file_size(const char* filepath, unsigned long int* length) -{ - int ret = CERT_SVC_ERR_NO_ERROR; - FILE* fp_in = NULL; - - if(!(fp_in = fopen(filepath, "r"))) { - SECURE_SLOGE("[ERR][%s] Fail to open file, [%s]\n", __func__, filepath); - ret = CERT_SVC_ERR_FILE_IO; - goto err; - } - - fseek(fp_in, 0L, SEEK_END); - (*length) = ftell(fp_in); - -err: - if(fp_in != NULL) - fclose(fp_in); - - return ret; -} diff --git a/vcore/src/vcore/pkcs12.cpp b/vcore/src/vcore/pkcs12.cpp new file mode 100644 index 0000000..027af07 --- /dev/null +++ b/vcore/src/vcore/pkcs12.cpp @@ -0,0 +1,1465 @@ +/** + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file pkcs12.h + * @author Jacek Migacz (j.migacz@samsung.com) + * @version 1.0 + * @brief PKCS#12 container manipulation routines. + */ +#include <unistd.h> +#include <fcntl.h> +#include <errno.h> +#include <string.h> +#include <dirent.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <openssl/err.h> +#include <openssl/pkcs12.h> +#include <openssl/sha.h> +#include <openssl/x509.h> +#include <openssl/pem.h> +#include <db-util.h> + +#include <ss_manager.h> + +#include <cert-service.h> +#include <cert-service-util.h> +#include <cert-service-debug.h> +#include <cert-svc/cerror.h> +#include <cert-svc-client.h> + +#include <vcore/utils.h> +#include <pkcs12.h> + +#define SYSCALL(call) while(((call) == -1) && (errno == EINTR)) + +#define START_CERT "-----BEGIN CERTIFICATE-----" +#define END_CERT "-----END CERTIFICATE-----" +#define START_TRUSTED "-----BEGIN TRUSTED CERTIFICATE-----" +#define END_TRUSTED "-----END TRUSTED CERTIFICATE-----" +#define START_KEY "-----BEGIN PRIVATE KEY-----" +#define END_KEY "-----END PRIVATE KEY-----" + +#define CERTSVC_PKCS12_STORAGE_FILE "storage" + +#define CERTSVC_PKCS12_STORAGE_PATH CERTSVC_PKCS12_STORAGE_DIR "/" CERTSVC_PKCS12_STORAGE_FILE + +#define MAX_BUFFER_SIZE 16; +#define _CERT_SVC_VERIFY_PKCS12 + +static const char CERTSVC_PKCS12_STORAGE_KEY_PKEY[] = "pkey"; +static const char CERTSVC_PKCS12_STORAGE_KEY_CERTS[] = "certs"; +static const gchar CERTSVC_PKCS12_STORAGE_SEPARATOR = ';'; +static const char CERTSVC_PKCS12_UNIX_GROUP[] = "secure-storage::pkcs12"; + +sqlite3 *cert_store_db = NULL; + +static gboolean keyfile_check(const char *pathname) { + int result; + if(access(pathname, F_OK | R_OK | W_OK) == 0) + return TRUE; + SYSCALL(result = creat(pathname, S_IRUSR | S_IWUSR)); + if (result != -1) { + result = close(result); + if(result == -1) + SLOGD("Failed to close, errno : %d", errno); + return TRUE; + } else { + return FALSE; + } +} + +static GKeyFile *keyfile_load(const char *pathname) { + GKeyFile *keyfile; + GError *error; + + if(!keyfile_check(pathname)) + return NULL; + keyfile = g_key_file_new(); + error = NULL; + if(!g_key_file_load_from_file(keyfile, pathname, G_KEY_FILE_KEEP_COMMENTS, &error)) { + g_key_file_free(keyfile); + return NULL; + } + return keyfile; +} + +static int generate_random_filepath(char **filepath) { + int generator; + int64_t random; + SHA_CTX ctx; + unsigned char d[SHA_DIGEST_LENGTH]; + int result; + + if(!filepath) + return CERTSVC_WRONG_ARGUMENT; + + SYSCALL(generator = open("/dev/urandom", O_RDONLY)); + if(generator == -1) + return CERTSVC_FAIL; + SYSCALL(result = read(generator, &random, sizeof(random))); + if(result == -1) { + SYSCALL(close(generator)); + return CERTSVC_FAIL; + } + SYSCALL(result = close(generator)); + if(result == -1) + return CERTSVC_FAIL; + + SHA1_Init(&ctx); + SHA1_Update(&ctx, &random, sizeof(random)); + SHA1_Final(d, &ctx); + + result = asprintf(filepath, "%s/" \ + "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x" \ + "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", + CERTSVC_PKCS12_STORAGE_DIR, + d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7], d[8], d[9], + d[10], d[11], d[12], d[13], d[14], d[15], d[16], d[17], d[18], d[19]); + return (result != -1) ? CERTSVC_SUCCESS : CERTSVC_BAD_ALLOC; +} + +static int unique_filename(char **filepath, gboolean with_secure_storage) { + unsigned trial = 0x00U; + int result; + ssm_file_info_t sfi; + int exists = 1; + + for (; trial < 0xFFU; ++trial) { + result = generate_random_filepath(filepath); + if(result != CERTSVC_SUCCESS) + return result; + + exists = (access(*filepath, F_OK) == 0); + + if (with_secure_storage) + exists |= (ssm_getinfo(*filepath, &sfi, SSM_FLAG_DATA, CERTSVC_PKCS12_UNIX_GROUP) == 0); + + /* find unique filename */ + if(!exists) + return CERTSVC_SUCCESS; + + free(*filepath); + } + + return CERTSVC_FAIL; +} + +static char *bare_filename(char *filepath) { + char *needle; + if(!filepath) + return NULL; + needle = strrchr(filepath, '/'); + if(!needle) + return NULL; + return *(++needle) ? needle : NULL; +} + +int read_from_file(const char *fileName, char **certBuffer, int *length) { + + int result = CERTSVC_SUCCESS; + FILE *fp_out = NULL; + int certLength = 0; + struct stat st; + + if (stat(fileName, &st) == -1) { + SLOGE("Certificate does not exist in disable folder."); + result = CERTSVC_FAIL; + goto err; + } + + if (!(fp_out = fopen(fileName, "rb"))) { + SLOGE("Fail to open file for reading, [%s].", fileName); + result = CERTSVC_FAIL; + goto err; + } + + fseek(fp_out, 0L, SEEK_END); + certLength = ftell(fp_out); + if (certLength < 1) { + SLOGE("Fail to get certificate length."); + result = CERT_SVC_ERR_FILE_IO; + goto err; + } + + *certBuffer = (char*)malloc(sizeof(char) * ((int)certLength + 1)); + if (*certBuffer == NULL) { + SLOGE("Fail to allocate memory"); + result = CERTSVC_BAD_ALLOC; + goto err; + } + + memset(*certBuffer, 0x00, certLength+1); + rewind (fp_out); + if (fread(*certBuffer, sizeof(char), (size_t)certLength, fp_out) != (size_t)certLength) { + SLOGE("Fail to read file, [%s]", fileName); + result = CERTSVC_IO_ERROR; + goto err; + } + *length = certLength; + +err: + if (fp_out != NULL) { + fclose(fp_out); + fp_out = NULL; + } + return result; +} + +int open_db(sqlite3 **db_handle, const char *db_path) { + + int result = -1; + sqlite3 *handle; + + if (access(db_path, F_OK) == 0) { + result = db_util_open(db_path, &handle, 0); + if (result != SQLITE_OK) { + SLOGE("connect to db [%s] failed!", db_path); + return CERTSVC_FAIL; + } + *db_handle = handle; + return CERTSVC_SUCCESS; + } + SLOGD("%s DB does not exists. Create one!!", db_path); + + result = db_util_open(db_path, &handle, 0); + if (result != SQLITE_OK) { + SLOGE("connect to db [%s] failed!", db_path); + return CERTSVC_FAIL; + } + *db_handle = handle; + return CERTSVC_SUCCESS; +} + +int initialize_db() { + + int result = CERTSVC_SUCCESS; + if (cert_store_db == NULL) { + result = open_db(&cert_store_db, CERTSVC_SYSTEM_STORE_DB); + if (result != CERTSVC_SUCCESS) + SLOGE("Certsvc store DB creation failed"); + } + return result; +} + +int execute_select_query(char *query, sqlite3_stmt **stmt) { + + int result = CERTSVC_SUCCESS; + sqlite3_stmt *stmts = NULL; + + if (cert_store_db != NULL) { + sqlite3_close(cert_store_db); + cert_store_db = NULL; + } + + result = initialize_db(); + if (result != CERTSVC_SUCCESS) { + SLOGE("Failed to initialise database."); + result = CERTSVC_IO_ERROR; + goto error; + } + + result = sqlite3_prepare_v2(cert_store_db, query, strlen(query), &stmts, NULL); + if (result != SQLITE_OK) { + SLOGE("sqlite3_prepare_v2 failed [%s].", query); + result = CERTSVC_FAIL; + goto error; + } + + *stmt = stmts; + result = CERTSVC_SUCCESS; + +error: + return result; +} + +int c_certsvc_pkcs12_set_certificate_status_to_store(CertStoreType storeType, int is_root_app, char* gname, CertStatus status) { + + return vcore_client_set_certificate_status_to_store(storeType, is_root_app, gname, status); +} + +int c_certsvc_pkcs12_get_certificate_buffer_from_store(CertStoreType storeType, char* gname, char** certBuffer, size_t* certSize) { + + return vcore_client_get_certificate_from_store(storeType, gname, certBuffer, certSize, PEM_CRT); +} + +int c_certsvc_pkcs12_get_certificate_status_from_store(CertStoreType storeType, const gchar *gname, int *status) { + + return vcore_client_get_certificate_status_from_store(storeType, gname, status); +} + +int c_certsvc_pkcs12_alias_exists_in_store(CertStoreType storeType, const gchar *alias, gboolean *exists) { + + return vcore_client_check_alias_exist_in_store(storeType, alias, exists); +} + +int c_certsvc_pkcs12_private_key_load_from_store(CertStoreType storeType, const gchar *gname, char **certBuffer, size_t *certSize) { + + return vcore_client_get_certificate_from_store(storeType, gname, certBuffer, certSize, (CertType)P12_PKEY); +} + +int c_certsvc_pkcs12_delete_certificate_from_store(CertStoreType storeType, const char* gname) { + + int result = CERTSVC_SUCCESS; + + result = vcore_client_delete_certificate_from_store(storeType, gname); + if(result == CERTSVC_SUCCESS) + SLOG(LOG_INFO, "MDM_LOG_USER", "Object=certificate, AccessType=Uninstall, Result=Succeed"); + else + SLOG(LOG_INFO, "MDM_LOG_USER", "Object=certificate, AccessType=Uninstall, Result=Failed"); + + return result; +} + +int c_certsvc_pkcs12_get_certificate_alias_from_store(CertStoreType storeType, const gchar *gname, char **alias) { + + return vcore_client_get_certificate_alias_from_store(storeType, gname, alias); +} + +int c_certsvc_pkcs12_load_certificates_from_store(CertStoreType storeType, const gchar *gname, gchar ***certs, gsize *ncerts) { + return vcore_client_load_certificates_from_store(storeType, gname, (char ***)certs, (int *)ncerts); +} + +int c_certsvc_pkcs12_free_aliases_loaded_from_store(CertSvcStoreCertList** certList) { + int result = CERTSVC_SUCCESS; + CertSvcStoreCertList* tmpNode = NULL; + + while (*certList!=NULL) { + tmpNode = *certList; + if(tmpNode->title != NULL) { free(tmpNode->title); } + if(tmpNode->gname != NULL) { free(tmpNode->gname); } + (*certList) = (*certList)->next; + free(tmpNode); + } + + if (cert_store_db != NULL) { + sqlite3_close(cert_store_db); + cert_store_db = NULL; + } + certList = NULL; + return result; +} + +int c_certsvc_pkcs12_get_root_certificate_list_from_store(CertStoreType storeType, CertSvcStoreCertList** certList, int* length) { + return vcore_client_get_root_certificate_list_from_store(storeType, certList, length); +} + +int c_certsvc_pkcs12_get_end_user_certificate_list_from_store(CertStoreType storeType, CertSvcStoreCertList** certList, int* length) { + return vcore_client_get_end_user_certificate_list_from_store(storeType, certList, length); +} + +int c_certsvc_pkcs12_get_certificate_list_from_store(CertStoreType storeType, int is_root_app, CertSvcStoreCertList** certList, int* length) { + return vcore_client_get_certificate_list_from_store(storeType, is_root_app, certList, length); +} + +int install_pem_file_format_to_store(CertStoreType storeType, const char* certBuffer, int certLength, \ + const gchar *alias, const char* path, char *private_key_gname, gchar *associated_gname, CertType decideCert) { + + int result = CERTSVC_SUCCESS; + int readCount = 0; + char* fileName = NULL; + char* commonName = NULL; + char *unique = NULL; + BIO* pBio = NULL; + X509* x509Struct = NULL; + struct stat dirST; + + if (!certBuffer || !certLength) { + SLOGE("Invalid argument. certBuffer is input cert."); + return CERTSVC_WRONG_ARGUMENT; + } + + if (decideCert == PEM_CRT) { + result = unique_filename(&unique, FALSE); + if (result != CERTSVC_SUCCESS) { + SLOGE("Fail to generate unique filename."); + return result; + } + } + else + unique = (char*)path; + + if (unique == NULL) { + SLOGE("Failed to get unique file name."); + return result; + } + + /* Get common name from buffer or from file */ + if (stat(path, &dirST) != -1) { + result = get_common_name(path, NULL, &commonName); + if (result != CERTSVC_SUCCESS) { + pBio = BIO_new(BIO_s_mem()); + if (pBio == NULL) { + SLOGE("Failed to allocate memory."); + result = CERTSVC_BAD_ALLOC; + goto error; + } + + readCount = BIO_write(pBio, (const void*) certBuffer, certLength); + if (readCount < 1) { + SLOGE("Failed to load cert into bio."); + result = CERTSVC_BAD_ALLOC; + goto error; + } + + x509Struct = PEM_read_bio_X509(pBio, NULL, 0, NULL); + if (x509Struct == NULL) { + SLOGE("Failed to create x509 structure."); + result = CERTSVC_IO_ERROR; + goto error; + } + + result = get_common_name(NULL, x509Struct, &commonName); + if (result != CERTSVC_SUCCESS) { + SLOGE("CommonName is NULL"); + result = CERTSVC_FAIL; + goto error; + } + } + } + + /* storing the certificate to key-manager */ + fileName = bare_filename(unique); + if ((decideCert == P12_END_USER) && (private_key_gname != NULL)) + result = vcore_client_install_certificate_to_store(storeType, fileName, alias, private_key_gname, fileName, certBuffer, certLength, decideCert); + else if ((decideCert == P12_TRUSTED) || (decideCert == P12_INTERMEDIATE)) + result = vcore_client_install_certificate_to_store(storeType, fileName, commonName, NULL, associated_gname, certBuffer, certLength, decideCert); + else + result = vcore_client_install_certificate_to_store(storeType, fileName, commonName, NULL, fileName, certBuffer, certLength, decideCert); + + if (result != CERTSVC_SUCCESS) { + SLOGE("Failed to intall certificate. result[%d]", result); + result = CERTSVC_FAIL; + goto error; + } + + SLOGD("Success to add certificate in store."); + +error: + if (commonName) + free(commonName); + return result; +} + +int install_crt_file( + const char *path, + CertStoreType storeType, + const gchar *alias, + char *private_key_gname, + gchar *associated_gname, + CertType decideCert) +{ + int result = CERTSVC_SUCCESS; + int fileSize = 0; + int certLength = 0; + const char* header = NULL; + const char* trailer = NULL; + char* fileContent = NULL; + const char* tmpBuffer = NULL; + char* certBuffer = NULL; + const char* tailEnd = NULL; + + if (read_from_file(path, &fileContent, &fileSize)!=CERTSVC_SUCCESS) + { + SLOGE("Failed to read the file. [%s]",path); + result = CERTSVC_IO_ERROR; + goto error; + } + + tmpBuffer = fileContent; + if (decideCert == PEM_CRT) + header = strstr(tmpBuffer, START_CERT); + else if (decideCert == P12_END_USER) + header = strstr(tmpBuffer, START_CERT); + else if ((decideCert == P12_TRUSTED)||(decideCert == P12_INTERMEDIATE)) + header = strstr(tmpBuffer, START_TRUSTED); + else { + SLOGE("Invalid cert."); + result = CERTSVC_IO_ERROR; + goto error; + } + + if (header != NULL) { + /* Supports installation of only one certificate present in a CRT file */ + if (decideCert == PEM_CRT) { + trailer = strstr(header, END_CERT); + tailEnd = END_CERT; + } + else if (decideCert == P12_END_USER) { + trailer = strstr(header, END_CERT); + tailEnd = END_CERT; + } + else if ((decideCert == P12_TRUSTED)||(decideCert == P12_INTERMEDIATE)) { + trailer = strstr(header, END_TRUSTED); + tailEnd = END_TRUSTED; + } + else { + SLOGE("Invalid certificate passed."); + result = CERTSVC_IO_ERROR; + goto error; + } + + if (trailer != NULL) { + tmpBuffer = trailer; + certLength = ((int)(trailer - header) + strlen(tailEnd)); + certBuffer = (char*) malloc(sizeof(char) * (certLength+2)); + if (certBuffer == NULL) { + result = CERTSVC_BAD_ALLOC; + SLOGE("Fail to allocate memory."); + goto error; + } + + memset(certBuffer, 0x00, certLength+2); + memcpy(certBuffer, header, certLength); + certBuffer[certLength] = '\0'; + + result = install_pem_file_format_to_store(storeType, certBuffer, certLength, alias, \ + path, private_key_gname, associated_gname, decideCert); + if (result != CERTSVC_SUCCESS) { + result = CERTSVC_FAIL; + SLOGE("Fail to install certificate[%s]", path); + } + } + } + else { + SLOGE("Invalid file type passed."); + result = CERT_SVC_ERR_INVALID_CERTIFICATE; + } + +error: + if (certBuffer) + free(certBuffer); + if (fileContent) + free(fileContent); + return result; +} + +int handle_crt_pem_file_installation(CertStoreType storeType, const char *path, const gchar *alias) { + + int result = CERTSVC_SUCCESS; + + if ((strstr(path, ".crt")) != NULL || (strstr(path, ".pem")) != NULL) { + SLOGD("certificate extention is .crt/.pem file"); + + /* Installs CRT and PEM files. We will passing NULL for private_key_gname and associated_gname parameter in + * install_crt_file(). Which means that there is no private key involved in the certificate which we are + * installing and there are no other certificates related with the current certificate which is installed */ + result = install_crt_file(path, storeType, alias, NULL, NULL, PEM_CRT); + if (result != CERTSVC_SUCCESS) { + SLOGE("Failed to install the certificate."); + result = CERTSVC_FAIL; + goto error; + } + } + else { + SLOGE("Invalid certificate passed."); + result = CERTSVC_FAIL; + goto error; + } + SLOGD("Success to install the certificate."); + +error: + return result; +} + +int verify_cert_details(X509** cert, STACK_OF(X509) **certv) { + + int result = CERTSVC_SUCCESS; + char* pSubject = NULL; + char* pIssuerName = NULL; + X509_STORE_CTX *cert_ctx = NULL; + X509_STORE *cert_store = NULL; + int res = 0; + +#ifdef _CERT_SVC_VERIFY_PKCS12 + if (*certv == NULL) { + pSubject = X509_NAME_oneline((*cert)->cert_info->subject, NULL, 0); + if (!pSubject) { + SLOGE("Failed to get subject name"); + result = CERTSVC_FAIL; + goto free_memory; + } + + pIssuerName = X509_NAME_oneline((*cert)->cert_info->issuer, NULL, 0); + if (!pIssuerName) { + SLOGE("Failed to get issuer name"); + result = CERTSVC_FAIL; + goto free_memory; + } + + if (strcmp((const char*)pSubject, (const char*)pIssuerName) == 0) { + /*self signed.. */ + EVP_PKEY* pKey = NULL; + pKey = X509_get_pubkey(*cert); + if (!pKey) { + SLOGE("Failed to get public key"); + result = CERTSVC_FAIL; + goto free_memory; + } + + if (X509_verify(*cert, pKey) <= 0) { + SLOGE("P12 verification failed"); + EVP_PKEY_free(pKey); + result = CERTSVC_FAIL; + goto free_memory; + } + SLOGD("P12 verification Success"); + EVP_PKEY_free(pKey); + } + else { + cert_store = X509_STORE_new(); + if (!cert_store) { + SLOGE("Memory allocation failed"); + result = CERTSVC_FAIL; + goto free_memory; + } + + res = X509_STORE_load_locations(cert_store, NULL, "/opt/etc/ssl/certs/"); + if (res != 1) { + SLOGE("P12 load certificate store failed"); + X509_STORE_free(cert_store); + result = CERTSVC_FAIL; + goto free_memory; + } + + res = X509_STORE_set_default_paths(cert_store); + if (res != 1) { + SLOGE("P12 load certificate store path failed"); + X509_STORE_free(cert_store); + result = CERTSVC_FAIL; + goto free_memory; + } + + /* initialise store and store context */ + cert_ctx = X509_STORE_CTX_new(); + if (cert_ctx == NULL) { + SLOGE("Memory allocation failed"); + result = CERTSVC_FAIL; + goto free_memory; + } + + /* construct store context */ + if (!X509_STORE_CTX_init(cert_ctx, cert_store, *cert, NULL)) { + SLOGE("Memory allocation failed"); + result = CERTSVC_FAIL; + goto free_memory; + } + +#ifdef P12_VERIFICATION_NEEDED + res = X509_verify_cert(cert_ctx); + if (res != 1) { + SLOGE("P12 verification failed"); + result = CERTSVC_FAIL; + goto free_memory; + } + SLOGD("P12 verification Success"); +#endif + } + } + else if (*certv != NULL) { + /* Cert Chain */ + cert_store = X509_STORE_new(); + if (!cert_store) { + SLOGE("Memory allocation failed"); + result = CERTSVC_FAIL; + goto free_memory; + } + + res = X509_STORE_load_locations(cert_store, NULL, CERTSVC_SSL_CERTS_DIR); + if (res != 1) { + SLOGE("P12 load certificate store failed"); + result = CERTSVC_FAIL; + goto free_memory; + } + + res = X509_STORE_set_default_paths(cert_store); + if (res != 1) { + SLOGE("P12 load certificate path failed"); + result = CERTSVC_FAIL; + goto free_memory; + } + + /* initialise store and store context */ + cert_ctx = X509_STORE_CTX_new(); + if (cert_ctx == NULL) { + SLOGE("Memory allocation failed"); + result = CERTSVC_FAIL; + goto free_memory; + } + + /* construct store context */ + if (!X509_STORE_CTX_init(cert_ctx, cert_store, *cert, NULL)) { + SLOGE("Memory allocation failed"); + result = CERTSVC_FAIL; + goto free_memory; + } + + X509_STORE_CTX_trusted_stack(cert_ctx, *certv); +#ifdef P12_VERIFICATION_NEEDED + res = X509_verify_cert(cert_ctx); + if (res != 1) { + SLOGE("P12 verification failed"); + result = CERTSVC_FAIL; + goto free_memory; + } + SLOGD("P12 verification Success"); +#endif + } +#endif //_CERT_SVC_VERIFY_PKCS12 + +free_memory: + if (pSubject != NULL) { free(pSubject); } + if (pIssuerName != NULL) { free(pIssuerName); } + if (cert_store != NULL) { X509_STORE_free(cert_store); } + if (cert_ctx) { X509_STORE_CTX_free(cert_ctx); } + return result; +} + +int c_certsvc_pkcs12_import_from_file_to_store(CertStoreType storeTypes, const char *path, const char *password, const gchar *alias) { + + int result = CERTSVC_SUCCESS; + int readLen = 0; + int tmpLen = 0; + int nicerts = 0, i = 0, n = 0, ncerts = 0, wr_res; + CertStoreType storeType = NONE_STORE; + FILE* stream = NULL; + PKCS12* container = NULL; + EVP_PKEY* key = NULL; + X509* cert = NULL; + STACK_OF(X509) *certv = NULL; + gchar* bare = NULL; + gchar* pkvalue = NULL; + gchar** cvaluev = NULL; + gchar **certs = NULL; + char* tmpPkValue = NULL; + char* unique = NULL; + char fileBuffer[4096] = {0,}; + int loopCount = 0; + CertType decideCert = INVALID_DATA; + gboolean exists = FALSE; + + if ((!alias) || (strlen(alias) < 1) || (!path) || (strlen(path) < 1)) { + SLOGE("Invalid input parameter."); + SLOG(LOG_INFO, "MDM_LOG_USER", "Object=certificate, AccessType=Install, Result=Failed"); + return CERTSVC_WRONG_ARGUMENT; + } + + while(1) { + /* Iteration only possible from VPN_STORE till SYSTEM_STORE */ + if (loopCount == (MAX_STORE_ENUMS-1)) break; + + /* User should not install any form of certificates inside SYSTEM_STORE */ + if (((1 << loopCount) & storeTypes) == SYSTEM_STORE) { + SLOGE("Not a valid store type installing certificate, store type passed [%d].", (1 << loopCount)); + SLOG(LOG_INFO, "MDM_LOG_USER", "Object=certificate, AccessType=Install, Result=Failed"); + return CERTSVC_INVALID_STORE_TYPE; + } + + /* Iterating over all the stores */ + if ((1 << loopCount) & storeTypes) { + storeType = NONE_STORE; + storeType = (CertStoreType) (1 << loopCount); + SLOGD("Processing store type : [%s]", (storeType == VPN_STORE)? "VPN" : (storeType == WIFI_STORE)? "WIFI" : "EMAIL"); + + /* check if the alias exists before installing certificate */ + result = c_certsvc_pkcs12_alias_exists_in_store(storeType, alias, &exists); + if (result != CERTSVC_SUCCESS) { + SLOGE("Failure to access database."); + result = CERTSVC_FAIL; + goto error; + } + + if (exists!=CERTSVC_TRUE) { + SLOGE("Alias exist in store [%s].", (storeType == VPN_STORE)? "VPN" : (storeType == WIFI_STORE)? "WIFI" : "EMAIL"); + result = CERTSVC_DUPLICATED_ALIAS; + goto error; + } + + /* Logic for handling crt/pem cert installation */ + /* Check if the input file is a PEM/CRT, since a PFX cert can also be opened without a password */ + if (password == NULL && ((strstr(path, ".pfx") == NULL) || (strstr(path, ".p12")))) { + result = handle_crt_pem_file_installation(storeType, path, alias); + if (result != CERTSVC_SUCCESS) { + SLOGE("Failed to install PEM/CRT file to store."); + result = CERTSVC_FAIL; + } + loopCount++; + continue; + } + + /* Logic for handling .pfx/.p12 cert installation */ + if ((stream = fopen(path, "rb")) == NULL) { + SLOGE("Unable to open the file for reading [%s].", path); + result = CERTSVC_IO_ERROR; + goto error; + } + + if (container == NULL) { + container = d2i_PKCS12_fp(stream, NULL); + fclose(stream); + if (container == NULL) { + SLOGE("Failed to parse the input file passed."); + result = CERTSVC_FAIL; + goto error; + } + } + + /* To ensure when the code re-enters, we should clean up */ + if (key==NULL && cert==NULL && certv==NULL) { + result = PKCS12_parse(container, password, &key, &cert, &certv); + PKCS12_free(container); + if (result == CERTSVC_FAIL) { + SLOGE("Failed to parse the file passed."); + result = CERTSVC_FAIL; + goto error; + } + + result = verify_cert_details(&cert, &certv); + if (result == CERTSVC_FAIL) { + SLOGE("Failed to verify p12 certificate."); + goto error; + } + } + + nicerts = 0; + nicerts = certv ? sk_X509_num(certv) : 0; + if (cvaluev != NULL) { + for (i = 0; i < n; i++) + g_free(cvaluev[i]); + if (cvaluev) free(cvaluev); + cvaluev = NULL; + } + + n = 0; + cvaluev = (gchar **)calloc(1 + nicerts, sizeof(gchar *)); + if (unique != NULL) { free(unique); unique = NULL; } + result = unique_filename(&unique, FALSE); + if (result != CERTSVC_SUCCESS || !unique) { + SLOGE("Unique filename generation failed."); + goto error; + } + + if ((stream = fopen(unique, "w+")) == NULL) { + SLOGE("Unable to open the file for writing [%s].",unique); + result = CERTSVC_IO_ERROR; + goto error; + } + + result = PEM_write_PrivateKey(stream, key, NULL, NULL, 0, NULL, NULL); + if (result == 0) { + SLOGE("Writing the private key contents failed."); + result = CERTSVC_FAIL; + fclose(stream); + goto error; + } + + fseek(stream, 0, SEEK_SET); + memset(fileBuffer, 0, (sizeof(char)*4096)); + readLen=0; + readLen = fread(fileBuffer, sizeof(char), 4096, stream); + fclose(stream); + if (readLen <= 0){ + SLOGE("Failed to read key file"); + result = CERTSVC_FAIL; + goto error; + } + + bare = bare_filename(unique); + if (bare) { + pkvalue = g_strdup(bare); + tmpLen = strlen((const char*)pkvalue); + tmpPkValue = (char*)malloc(sizeof(char) * (tmpLen + 1)); + memset(tmpPkValue, 0x00, tmpLen+1); + memcpy(tmpPkValue, pkvalue, tmpLen); + } + + decideCert = P12_PKEY; + result = vcore_client_install_certificate_to_store(storeType, tmpPkValue, NULL, NULL, NULL, fileBuffer, readLen, decideCert); + if (result != CERTSVC_SUCCESS) { + SLOGD("Failed to store the private key contents."); + result = CERTSVC_FAIL; + goto error; + } + + unlink(unique); + if (unique!=NULL) { free(unique); unique=NULL; } + result = unique_filename(&unique, FALSE); + if (result != CERTSVC_SUCCESS || !unique) { + SLOGE("Unique filename generation failed."); + goto error; + } + + if ((stream = fopen(unique, "w")) == NULL) { + SLOGE("Unable to open the file for writing [%s].", unique); + result = CERTSVC_IO_ERROR; + goto error; + } + + result = PEM_write_X509(stream, cert); + fclose(stream); + if (result == 0) { + SLOGE("Failed to write contents to file."); + result = CERTSVC_FAIL; + goto error; + } + + bare = bare_filename(unique); + if (bare) + cvaluev[n++] = g_strdup(bare); + + wr_res = -1; + decideCert = P12_END_USER; + wr_res = install_crt_file(unique, storeType, alias, tmpPkValue, NULL, decideCert); + if (wr_res != CERTSVC_SUCCESS) { + result = CERTSVC_FAIL; + SLOGE("Failed to install the end user certificate."); + goto error; + } + + unlink(unique); + for (i=nicerts; i>0; i--) { + result = unique_filename(&unique, FALSE); + if (result != CERTSVC_SUCCESS || !unique) { + SLOGE("Unique filename generation failed."); + goto error; + } + + if ((stream = fopen(unique, "w")) == NULL) { + result = CERTSVC_IO_ERROR; + SLOGE("Unable to open the file for writing."); + goto error; + } + + result = PEM_write_X509_AUX(stream, sk_X509_value(certv, i-1)); + fclose(stream); + if (result == 0) { + result = CERTSVC_FAIL; + SLOGE("Unable to extract the certificates."); + goto error; + } + + wr_res = -1; + if (i==nicerts) + decideCert = P12_INTERMEDIATE; + else + decideCert = P12_TRUSTED; + wr_res = install_crt_file(unique, storeType, alias, NULL, cvaluev[0], decideCert); + if (wr_res != CERTSVC_SUCCESS) { + result = CERTSVC_FAIL; + goto error; + } + + unlink(unique); + bare = bare_filename(unique); + if (bare) + cvaluev[n++] = g_strdup(bare); + } + } + loopCount++; + } + +error: + /* if any certificate parsing/installation fails in middle, + * the below logic will delete the chain installed in DB */ + if (result != CERTSVC_SUCCESS) { + SLOG(LOG_INFO, "MDM_LOG_USER", "Object=certificate, AccessType=Install, Result=Failed"); + if (nicerts > 0) { + nicerts = 0; i = 0; + /* cvaluev[0] holds the end user certificate identifier which will be associated + * to chain certs. Pull the cert chain based on end user cert and delete one by one. */ + if (c_certsvc_pkcs12_load_certificates_from_store(storeType, cvaluev[0], &certs, (gsize *)&ncerts) != CERTSVC_SUCCESS) { + SLOGE("Unable to load certificates from store."); + return result; + } + + for (i=0; i<ncerts; i++) { + if (certs[i] != NULL) { + SLOGD("file to delete : %s",certs[i]); + c_certsvc_pkcs12_delete_certificate_from_store(storeType, (char *)certs[i]); + } + } + + if (certs[i] != NULL) { + for (i=0; i<ncerts; i++) + g_free(certs[i]); + } + } + } + else + SLOG(LOG_INFO, "MDM_LOG_USER", "Object=certificate, AccessType=Install, Result=Succeed"); + + if (key != NULL) EVP_PKEY_free(key); + if (cert != NULL) X509_free(cert); + if (certv != NULL) sk_X509_free(certv); + if (pkvalue != NULL) free(pkvalue); + if (tmpPkValue != NULL) free(tmpPkValue); + if (unique != NULL) free(unique); + return result; +} + + +int c_certsvc_pkcs12_alias_exists(const gchar *alias, gboolean *exists) { + GKeyFile *keyfile; + + if(exists == NULL) + return CERTSVC_WRONG_ARGUMENT; + keyfile = keyfile_load(CERTSVC_PKCS12_STORAGE_PATH); + if(!keyfile) + return CERTSVC_IO_ERROR; + *exists = g_key_file_has_group(keyfile, alias); + g_key_file_free(keyfile); + return CERTSVC_SUCCESS; +} + +int c_certsvc_pkcs12_import(const char *path, const char *password, const gchar *alias) { + int exists; + FILE *stream; + PKCS12 *container; + EVP_PKEY *key; + X509 *cert; + STACK_OF(X509) *certv; + int nicerts; + char *unique; + int result = 0; + struct stat st; + int wr_res; + GKeyFile *keyfile; + gchar *bare; + gchar *pkvalue; + gchar **cvaluev; + gsize i, n; + gchar *data; + gsize length; + int readLen = 0; + char fileBuffer[4096] = {0,}; + + certv = NULL; + pkvalue = NULL; + if(!alias || strlen(alias) < 1) + return CERTSVC_WRONG_ARGUMENT; + result = c_certsvc_pkcs12_alias_exists(alias, &exists); + if(result != CERTSVC_SUCCESS) + return result; + if(exists == TRUE) + return CERTSVC_DUPLICATED_ALIAS; + + keyfile = keyfile_load(CERTSVC_PKCS12_STORAGE_PATH); + if(!keyfile) + return CERTSVC_IO_ERROR; + if(stat(CERTSVC_PKCS12_STORAGE_PATH, &st) == -1) { + if(mkdir(CERTSVC_PKCS12_STORAGE_PATH, S_IRWXU | S_IRWXG | S_IRWXO) == -1) { + result = CERTSVC_FAIL; + goto free_keyfile; + } + } + + if((stream = fopen(path, "rb")) == NULL) { + result = CERTSVC_IO_ERROR; + goto free_keyfile; + } + container = d2i_PKCS12_fp(stream, NULL); + fclose(stream); + if(container == NULL) { + result = CERTSVC_FAIL; + goto free_keyfile; + } + + + result = PKCS12_parse(container, password, &key, &cert, &certv); + PKCS12_free(container); + if (result == 0) + { + SLOGD("Failed to parse PKCS12"); + result = CERTSVC_FAIL; + goto free_keyfile; + } + + result = verify_cert_details(&cert, &certv); + if (result == CERTSVC_FAIL) + { + SLOGE("Failed to parse the file passed."); + goto free_keyfile; + } + + nicerts = certv ? sk_X509_num(certv) : 0; + cvaluev = (gchar **)calloc(1 + nicerts, sizeof(gchar *)); + n = 0; + + result = unique_filename(&unique, TRUE); + if(result != CERTSVC_SUCCESS) + goto clean_cert_chain_and_pkey; + if((stream = fopen(unique, "w+")) == NULL) { + free(unique); + result = CERTSVC_IO_ERROR; + goto clean_cert_chain_and_pkey; + } + result = PEM_write_PrivateKey(stream, key, NULL, NULL, 0, NULL, NULL); + if(result == 0) { + result = CERTSVC_FAIL; + fclose(stream); + free(unique); + goto clean_cert_chain_and_pkey; + } + + fseek(stream, 0, SEEK_SET); + + readLen = fread(fileBuffer, sizeof(char), 4096, stream); + fclose(stream); + if(readLen <= 0){ + free(unique); + result = CERTSVC_FAIL; + SLOGE("failed to read key file"); + goto clean_cert_chain_and_pkey; + } + + wr_res = ssm_write_file(unique, SSM_FLAG_DATA, CERTSVC_PKCS12_UNIX_GROUP); + if(wr_res <= 0) { + free(unique); + result = CERTSVC_FAIL; + SLOGE("ssm_write_file failed : %d", wr_res); + goto clean_cert_chain_and_pkey; + } + unlink(unique); + + bare = bare_filename(unique); + if(bare) { + pkvalue = g_strdup(bare); + g_key_file_set_string(keyfile, alias, CERTSVC_PKCS12_STORAGE_KEY_PKEY, pkvalue); + } + free(unique); + result = unique_filename(&unique, TRUE); + if(result != CERTSVC_SUCCESS) + goto clean_cert_chain_and_pkey; + if((stream = fopen(unique, "w")) == NULL) { + free(unique); + result = CERTSVC_IO_ERROR; + goto clean_cert_chain_and_pkey; + } + result = PEM_write_X509(stream, cert); + fclose(stream); + if(result == 0) { + result = CERTSVC_FAIL; + goto clean_cert_chain_and_pkey; + } + bare = bare_filename(unique); + if(bare) + cvaluev[n++] = g_strdup(bare); + free(unique); + for(i = 0; i < (unsigned int)nicerts; i++) { + result = unique_filename(&unique, TRUE); + if(result != CERTSVC_SUCCESS) + goto clean_cert_chain_and_pkey; + if((stream = fopen(unique, "w")) == NULL) { + free(unique); + result = CERTSVC_IO_ERROR; + goto clean_cert_chain_and_pkey; + } + result = PEM_write_X509_AUX(stream, sk_X509_value(certv, i)); + fclose(stream); + if(result == 0) { + result = CERTSVC_FAIL; + goto clean_cert_chain_and_pkey; + } + bare = bare_filename(unique); + if(bare) + cvaluev[n++] = g_strdup(bare); + free(unique); + } + g_key_file_set_list_separator(keyfile, CERTSVC_PKCS12_STORAGE_SEPARATOR); + g_key_file_set_string_list(keyfile, alias, CERTSVC_PKCS12_STORAGE_KEY_CERTS, (const gchar * const *)cvaluev, n); + data = g_key_file_to_data(keyfile, &length, NULL); + if(data == NULL) { + result = CERTSVC_BAD_ALLOC; + goto clean_cert_chain_and_pkey; + } + if(!g_file_set_contents(CERTSVC_PKCS12_STORAGE_PATH, data, length, NULL)) { + result = CERTSVC_IO_ERROR; + goto free_data; + } + result = CERTSVC_SUCCESS; + + SLOGD("( %s, %s)", path, password); + + free_data: + g_free(data); + + clean_cert_chain_and_pkey: + EVP_PKEY_free(key); + X509_free(cert); + sk_X509_free(certv); + free(pkvalue); + for(i = 0; i < n; i++) { + g_free(cvaluev[i]); + } + free(cvaluev); + free_keyfile: + g_key_file_free(keyfile); + return result; +} + +int c_certsvc_pkcs12_aliases_load(gchar ***aliases, gsize *naliases) { + GKeyFile *keyfile; + + keyfile = keyfile_load(CERTSVC_PKCS12_STORAGE_PATH); + if(!keyfile) + return CERTSVC_IO_ERROR; + *aliases = g_key_file_get_groups(keyfile, naliases); + g_key_file_free(keyfile); + return CERTSVC_SUCCESS; +} + +void c_certsvc_pkcs12_aliases_free(gchar **aliases) { + g_strfreev(aliases); +} + +int c_certsvc_pkcs12_has_password(const char *filepath, gboolean *passworded) { + FILE *stream; + EVP_PKEY *pkey; + X509 *cert; + PKCS12 *container; + int result; + + if(passworded == NULL) + return CERTSVC_WRONG_ARGUMENT; + if((stream = fopen(filepath, "rb")) == NULL) + return CERTSVC_IO_ERROR; + container = d2i_PKCS12_fp(stream, NULL); + fclose(stream); + if(container == NULL) + return CERTSVC_FAIL; + result = PKCS12_parse(container, NULL, &pkey, &cert, NULL); + PKCS12_free(container); + if(result == 1) { + EVP_PKEY_free(pkey); + X509_free(cert); + *passworded = FALSE; + return CERTSVC_SUCCESS; + } + else { + if(ERR_GET_REASON(ERR_peek_last_error()) == PKCS12_R_MAC_VERIFY_FAILURE) { + *passworded = TRUE; + return CERTSVC_SUCCESS; + } + else + return CERTSVC_FAIL; + } +} + +int c_certsvc_pkcs12_load_certificates(const gchar *alias, gchar ***certs, gsize *ncerts) { + GKeyFile *keyfile; + gchar **barev; + gsize i; + keyfile = keyfile_load(CERTSVC_PKCS12_STORAGE_PATH); + if(!keyfile) + return CERTSVC_IO_ERROR; + g_key_file_set_list_separator(keyfile, CERTSVC_PKCS12_STORAGE_SEPARATOR); + barev = g_key_file_get_string_list(keyfile, alias, CERTSVC_PKCS12_STORAGE_KEY_CERTS, ncerts, NULL); + if(barev == NULL) { + *ncerts = 0; + goto free_keyfile; + } + *certs = (gchar **)g_malloc((*ncerts + 1) * sizeof(gchar *)); + for(i = 0; i < *ncerts; i++) + (*certs)[i] = g_strdup_printf("%s/%s", CERTSVC_PKCS12_STORAGE_DIR, barev[i]); + (*certs)[*ncerts] = NULL; + g_strfreev(barev); +free_keyfile: + g_key_file_free(keyfile); + return CERTSVC_SUCCESS; +} + +void c_certsvc_pkcs12_free_certificates(gchar **certs) { + gsize i = 0; + if(certs == NULL) + return; + while(certs[i]) + g_free(certs[i++]); + g_free(certs); +} + +int c_certsvc_pkcs12_private_key_load(const gchar *alias, char **buffer, gsize *count) { + GKeyFile *keyfile; + gchar *pkey; + GError *error; + char *spkp; + int result; + ssm_file_info_t sfi; + + if(!buffer) + return CERTSVC_WRONG_ARGUMENT; + keyfile = keyfile_load(CERTSVC_PKCS12_STORAGE_PATH); + if(!keyfile) + return CERTSVC_IO_ERROR; + error = NULL; + + result = CERTSVC_SUCCESS; + + pkey = g_key_file_get_string(keyfile, alias, CERTSVC_PKCS12_STORAGE_KEY_PKEY, &error); + g_key_file_free(keyfile); + + if(error && error->code == G_KEY_FILE_ERROR_KEY_NOT_FOUND) { + *count = 0; + return CERTSVC_SUCCESS; + } + + if(error) + return CERTSVC_FAIL; + + if(asprintf(&spkp, "%s/%s", CERTSVC_PKCS12_STORAGE_DIR, pkey) == -1) { + spkp = NULL; + result = CERTSVC_BAD_ALLOC; + goto out; + } + + if(ssm_getinfo(spkp, &sfi, SSM_FLAG_DATA, CERTSVC_PKCS12_UNIX_GROUP) != 0) { + //result = CERTSVC_FAIL; + goto out; + } + + if((*buffer = (char *)malloc(sfi.originSize))) { + result = CERTSVC_BAD_ALLOC; + goto out; + } + + if(ssm_read(spkp, *buffer, sfi.originSize, count, SSM_FLAG_DATA, CERTSVC_PKCS12_UNIX_GROUP) != 0) { + c_certsvc_pkcs12_private_key_free(*buffer); + result = CERTSVC_FAIL; + } + +out: + free(spkp); + g_free(pkey); + + return result; +} + +void c_certsvc_pkcs12_private_key_free(char *buffer) { + free(buffer); +} + +int certsvc_load_file_to_buffer(const char* filePath, unsigned char** certBuf, int* length) +{ + int ret = CERT_SVC_ERR_NO_ERROR; + FILE* fp_in = NULL; + unsigned long int fileSize = 0; + + /* get file size */ + if((ret = cert_svc_get_file_size(filePath, &fileSize)) != CERT_SVC_ERR_NO_ERROR) { + SLOGE("[ERR][%s] Fail to get file size, [%s]", __func__, filePath); + return CERT_SVC_ERR_FILE_IO; + } + /* open file and write to buffer */ + if(!(fp_in = fopen(filePath, "rb"))) { + SLOGE("[ERR][%s] Fail to open file, [%s]", __func__, filePath); + return CERT_SVC_ERR_FILE_IO; + } + + if(!(*certBuf = (unsigned char*)malloc(sizeof(unsigned char) * (unsigned int)(fileSize + 1)))) { + SLOGE("[ERR][%s] Fail to allocate memory.", __func__); + ret = CERT_SVC_ERR_MEMORY_ALLOCATION; + goto err; + } + memset(*certBuf, 0x00, (fileSize + 1)); + if(fread(*certBuf, sizeof(unsigned char), fileSize, fp_in) != fileSize) { + SLOGE("[ERR][%s] Fail to read file, [%s]", __func__, filePath); + ret = CERT_SVC_ERR_FILE_IO; + goto err; + } + + *length = fileSize; + +err: + if(fp_in != NULL) + fclose(fp_in); + return ret; +} + +int c_certsvc_pkcs12_delete(const gchar *alias) { + gchar **certs; + gsize ncerts; + char *pkey = NULL; + char *spkp = NULL; + int result; + GKeyFile *keyfile = NULL; + gchar *data; + gsize i, length; + + data = NULL; + result = c_certsvc_pkcs12_load_certificates(alias, &certs, &ncerts); + if(result != CERTSVC_SUCCESS) + goto load_certificates_failed; + keyfile = keyfile_load(CERTSVC_PKCS12_STORAGE_PATH); + if(!keyfile) { + result = CERTSVC_IO_ERROR; + goto keyfile_load_failed; + } + pkey = g_key_file_get_string(keyfile, alias, CERTSVC_PKCS12_STORAGE_KEY_PKEY, NULL); + if(g_key_file_remove_group(keyfile, alias, NULL)) { + data = g_key_file_to_data(keyfile, &length, NULL); + if(data == NULL) { + result = CERTSVC_BAD_ALLOC; + goto keyfile_free; + } + if(!g_file_set_contents(CERTSVC_PKCS12_STORAGE_PATH, data, length, NULL)) { + result = CERTSVC_IO_ERROR; + goto data_free; + } + } + + for(i = 0; i < ncerts; i++) + { + unlink(certs[i]); + } + if(pkey != NULL) { + if(asprintf(&spkp, "%s/%s", CERTSVC_PKCS12_STORAGE_DIR, pkey) == -1) { + result = CERTSVC_BAD_ALLOC; + goto data_free; + } + ssm_delete_file(spkp, SSM_FLAG_DATA, CERTSVC_PKCS12_UNIX_GROUP); + free(spkp); + } + data_free: + g_free(data); + keyfile_free: + g_key_file_free(keyfile); + keyfile_load_failed: + if(ncerts != 0) + c_certsvc_pkcs12_free_certificates(certs); + load_certificates_failed: + return result; +} + + +int cert_svc_get_file_size(const char* filepath, unsigned long int* length) +{ + int ret = CERT_SVC_ERR_NO_ERROR; + FILE* fp_in = NULL; + + if(!(fp_in = fopen(filepath, "r"))) { + SLOGE("[ERR][%s] Fail to open file, [%s]", __func__, filepath); + ret = CERT_SVC_ERR_FILE_IO; + goto err; + } + + fseek(fp_in, 0L, SEEK_END); + (*length) = ftell(fp_in); + +err: + if(fp_in != NULL) + fclose(fp_in); + + return ret; +} diff --git a/vcore/src/vcore/pkcs12.h b/vcore/src/vcore/pkcs12.h index c7ae668..1b6c8ab 100644 --- a/vcore/src/vcore/pkcs12.h +++ b/vcore/src/vcore/pkcs12.h @@ -1,5 +1,5 @@ /** - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -23,23 +23,261 @@ #define _PKCS12_H_ #include <glib.h> +#include <cert-svc/ccert.h> #ifdef __cplusplus extern "C" { #endif +/** + * Checks if the alias exist in the user store or not. + * + * @param[in] Alias Logical name for certificate bundle identification (can't be empty). + * @param[out] exists A Boolean value which states if the alias exists or not. + * @return CERTSVC_SUCCESS, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT. + */ int c_certsvc_pkcs12_alias_exists(const gchar *alias, gboolean *exists); + +/** + * To import the p12/pfx file to user store. + * + * @param[in] path Path to file. + * @param[in] password Password for opening the file. + * @param[in] alias Logical name for certificate bundle identification (can't be empty). + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_DUPLICATED_ALIAS, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT, CERTSVC_BAD_ALLOC. + */ int c_certsvc_pkcs12_import(const char *path, const char *password, const gchar *alias); + +/** + * To import the p12/pfx/crt/pem file to specified store (WIFI_STORE/VPN_STORE/EMAIL_STORE). + * + * @param[in] storeType Refers to WIFI_STORE / VPN_STORE / EMAIL_STORE / ALL_STORE. + * @param[in] path Path to file. + * @param[in] password Password for opening the file. + * @param[in] alias Logical name for certificate bundle identification (can't be empty). + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_DUPLICATED_ALIAS, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT, CERTSVC_BAD_ALLOC. + */ +int c_certsvc_pkcs12_import_from_file_to_store(CertStoreType storeType, const char *path, const char *password, const gchar *alias); + +/** + * To get the list of certificate information present in a store. User will be getting + * the information in a linked list where every list will contain Alias, Path to certificate, + * Certificate status of all the certificates present in the specified store. + * + * @param[in] storeType Refers to VPN_STORE / WIFI_STORE / EMAIL_STORE / SYSTEM_STORE / ALL_STORE. + * @param[in] is_root_app If set to ENABLED, can get all the certs without any restriction (should be used only by master application). + * If set to DISABLED, only certs which are enabled by master application can only be retrieved. + * @param[out] certList Linked-list having all the information about each certificate present in a store. + * @param[out] length provides the length of the linked list. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT, CERTSVC_INVALID_STORE_TYPE. + */ +int c_certsvc_pkcs12_get_certificate_list_from_store(CertStoreType storeType, int is_root_app, CertSvcStoreCertList** certList, int* length); + +/** + * To set the status for a specified certificate in a particular store to enabled / disabled. + * The gname is the key for accessing the certificate. + * + * @param[in] storeType Refers to VPN_STORE / WIFI_STORE / EMAIL_STORE / SYSTEM_STORE / ALL_STORE. + * @param[in] gname Referred as group name, is the key for accessing the certificate. + * @param[in] is_root_app Set as ENABLED/DISABLED. Enabled, if used by master application is changing the status. Disabled, should be used by other applications. + * @param[in] status Allows to set the status of the certificate to enabled / disabled. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT, CERTSVC_INVALID_STORE_TYPE. + */ +int c_certsvc_pkcs12_set_certificate_status_to_store(CertStoreType storeType, int is_root_app, char* gname, CertStatus status); + +/** + * To get the status (enabled/disabled) for the specified certificate in a particular store. + * + * @param[in] storeType Refers to VPN_STORE / WIFI_STORE / EMAIL_STORE / SYSTEM_STORE / ALL_STORE. + * @param[in] gname Referred as group name, is the key for accessing the certificate. + * @param[out] status Returns the status of the certificate. It will be set Disable=0, Enable=1, Fail=-1. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_ALIAS_DOES_NOT_EXIST, CERTSVC_IO_ERROR + */ +int c_certsvc_pkcs12_get_certificate_status_from_store(CertStoreType storeType, const gchar *gname, int *status); + +/** + * To get the encoded form of the specified certificate from the specified store. + * + * @param[in] storeType Refers to VPN_STORE / WIFI_STORE / EMAIL_STORE / SYSTEM_STORE / ALL_STORE. + * @param[in] gname Referred as group name, is the key for accessing the certificate. + * @param[out] certBuffer Which will be having the encoded value of the certificate requested. + * @param[out] certSize Which will be having the size of the buffer. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT, CERTSVC_INVALID_STORE_TYPE. + */ +int c_certsvc_pkcs12_get_certificate_buffer_from_store(CertStoreType storeType, char* gname, char** certBuffer, size_t* certSize); + +/** + * To delete the certificate from the specified store (VPN_STORE, WIFI_STORE, EMAIL_STORE, SYSTEM_STORE, ALL_STORE). + * + * @param[in] storeType Refers to VPN_STORE / WIFI_STORE / EMAIL_STORE / SYSTEM_STORE / ALL_STORE. + * @param[in] gname Referred as group name, is the key for accessing the certificate. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_INVALID_STORE_TYPE. + */ +int c_certsvc_pkcs12_delete_certificate_from_store(CertStoreType storeType, const char* gname); + +/** + * To free the certificate list which got generated from + * c_certsvc_pkcs12_get_certificate_list_from_store() function. + * + * @param[in] certList Linked-list having all the information about each certificate present in a store. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL. + */ +int c_certsvc_pkcs12_free_aliases_loaded_from_store(CertSvcStoreCertList** certList); + +/** + * Checks if the alias exist in the user store or not. + * + * @param[in] storeType Refers to VPN_STORE / WIFI_STORE / EMAIL_STORE / SYSTEM_STORE / ALL_STORE. + * @param[in] Alias Logical name for certificate bundle identification (can't be empty). + * @param[out] exists A Boolean value which states if the alias exists or not. + * @return CERTSVC_SUCCESS, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT. + */ +int c_certsvc_pkcs12_alias_exists_in_store(CertStoreType storeType, const gchar *alias, gboolean *exists); + +/** + * Function to get the size of the file passed. + * + * @param[in] storeType Refers to VPN_STORE / WIFI_STORE / EMAIL_STORE / SYSTEM_STORE / ALL_STORE. + * @param[in] gname Refers to unique name referring to the certificate. + * @param[out] certs Provides the list of certificates matching the unique name provided. + * @param[out] ncerts Provides the number of certs in certs. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT, CERTSVC_INVALID_STORE_TYPE. + */ +int c_certsvc_pkcs12_load_certificates_from_store(CertStoreType storeType, const gchar *gname, gchar ***certs, gsize *ncerts); + +/** + * To load the private key for the specified certificate mapped by an Alias. + * + * @param[in] alias Logical name for certificate bundle identification (can't be empty). + * @param[out] pkey Will hold the private key value of the certificate. + * @param[out] count Will hold the siz of the private key buffer. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT, CERTSVC_BAD_ALLOC. + */ +int c_certsvc_pkcs12_private_key_load_from_store(CertStoreType storeType, const gchar *gname, char **pkey, gsize *count); + +/** + * Gets the alias name for the gname passed. + * + * @param[in] instance CertSvcInstance object. + * @param[in] gname Certificate identification of pfx/pkcs file. + * @param[out] alias Alias name for the given gname. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_WRONG_ARGUMENT + */ +int c_certsvc_pkcs12_get_certificate_alias_from_store(CertStoreType storeType, const gchar *gname, char **alias); + +/** + * To get the list of only end user certificate information present in a store. User will be getting + * the information in a linked list where every list will contain Alias, Path to certificate, + * Certificate status of all the certificates present in the specified store. + * + * @param[in] storeType Refers to VPN_STORE / WIFI_STORE / EMAIL_STORE / SYSTEM_STORE / ALL_STORE. + * @param[out] certList Linked-list having all the information about each certificate present in a store. + * @param[out] length provides the length of the linked list. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT, CERTSVC_INVALID_STORE_TYPE. + */ +int c_certsvc_pkcs12_get_end_user_certificate_list_from_store(CertStoreType storeType, CertSvcStoreCertList** certList, int* length); + +/** + * To get the list of only root/trusted certificate information present in a store. User will be getting + * the information in a linked list where every list will contain Alias, Path to certificate, + * Certificate status of all the certificates present in the specified store. + * + * @param[in] storeType Refers to VPN_STORE / WIFI_STORE / EMAIL_STORE / SYSTEM_STORE / ALL_STORE. + * @param[out] certList Linked-list having all the information about each certificate present in a store. + * @param[out] length provides the length of the linked list. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT, CERTSVC_INVALID_STORE_TYPE. + */ +int c_certsvc_pkcs12_get_root_certificate_list_from_store(CertStoreType storeType, CertSvcStoreCertList** certList, int* length); + +/** + * Function to load all the alias list present in the user store. + * + * @param[out] aliases Which holds all the list of aliases present in the store. + * @param[out] naliases Provides the number of aliases present in the store. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR. + */ int c_certsvc_pkcs12_aliases_load(gchar ***aliases, gsize *naliases); + +/** + * To free all the aliases which were loaded previously from + * c_certsvc_pkcs12_aliases_load() function. + * + * @param[in] aliases Which holds all the list of aliases present in the store. + */ void c_certsvc_pkcs12_aliases_free(gchar **aliases); + +/** + * TO check if the p12/pfx file is protected by password or not. + * + * @param[in] filePath Where the file is located. + * @param[out] passworded A boolean value to state if the file is protected by password or not. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT. + */ int c_certsvc_pkcs12_has_password(const char *filepath, gboolean *passworded); + +/** + * To load all the certificates matching the given alias. + * + * @param[in] alias Logical name for certificate bundle identification (can't be empty). + * @param[out] certificates The pointer holding all the certificates buffer in memory. + * @param[out] ncertificates Holds the number of certificates returned. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT. + */ int c_certsvc_pkcs12_load_certificates(const gchar *alias, gchar ***certificates, gsize *ncertificates); + +/** + * To free the certificates from memory which was loaded by + * c_certsvc_pkcs12_load_certificates() functon. + * + * @param[in] certs A pointer holding all the certificates in memory. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR. + */ void c_certsvc_pkcs12_free_certificates(gchar **certs); + +/** + * To load the private key for the specified certificate mapped by an Alias. + * + * @param[in] alias Logical name for certificate bundle identification (can't be empty). + * @param[out] pkey Will hold the private key value of the certificate. + * @param[out] count Will hold the siz of the private key buffer. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT, CERTSVC_BAD_ALLOC. + */ int c_certsvc_pkcs12_private_key_load(const gchar *alias, char **pkey, gsize *count); + +/** + * To free the private key buffer previously loaded by + * c_certsvc_pkcs12_private_key_load() function. + * + * @param[in] buffer Holding the private key values. + */ void c_certsvc_pkcs12_private_key_free(char *buffer); + +/** + * Function to delete the certificate present in the user store. + * + * @param[in] alias Logical name for certificate bundle identification (can't be empty). + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT, CERTSVC_BAD_ALLOC. + */ int c_certsvc_pkcs12_delete(const gchar *alias); //static void _delete_from_osp_cert_mgr(const char* path); + +/** + * Function to load the file to buffer. + * + * @param[in] filePath Which points to the location where the file is present. + * @param[out] certBuf Which will hold the certificate information. + * @param[out] length Which will hold the file size. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERT_SVC_ERR_FILE_IO, CERT_SVC_ERR_MEMORY_ALLOCATION. + */ int certsvc_load_file_to_buffer(const char* filePath, unsigned char** certBuf, int* length); + +/** + * Function to get the size of the file passed. + * + * @param[in] filepath Which points to the location where the file is present. + * @param[out] length Which will hold the file size. + * @return CERTSVC_SUCCESS, CERTSVC_FAIL, CERTSVC_IO_ERROR, CERTSVC_WRONG_ARGUMENT, CERTSVC_INVALID_STORE_TYPE. + */ int cert_svc_get_file_size(const char* filepath, unsigned long int* length); #ifdef __cplusplus diff --git a/vcore/src/vcore/scoped_gpointer.h b/vcore/src/vcore/scoped_gpointer.h index 78772df..aec26a9 100644 --- a/vcore/src/vcore/scoped_gpointer.h +++ b/vcore/src/vcore/scoped_gpointer.h @@ -45,10 +45,10 @@ struct ScopedGPointerPolicy }; template <typename Class> -class ScopedGPointer : public DPL::ScopedResource<ScopedGPointerPolicy> +class ScopedGPointer : public VcoreDPL::ScopedResource<ScopedGPointerPolicy> { typedef ScopedGPointerPolicy Policy; - typedef DPL::ScopedResource<Policy> BaseType; + typedef VcoreDPL::ScopedResource<Policy> BaseType; public: explicit ScopedGPointer(typename Policy::Type pointer = diff --git a/vcore/src/vcore/utils.c b/vcore/src/vcore/utils.c new file mode 100644 index 0000000..db26653 --- /dev/null +++ b/vcore/src/vcore/utils.c @@ -0,0 +1,156 @@ +#include <cert-service.h> +#include <cert-service-debug.h> +#include <cert-svc/cerror.h> + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "utils.h" + +void _copy_field(const unsigned char *in, unsigned char **out) +{ + size_t in_len = strlen((const char *)(in)); + + *out = (unsigned char *)malloc(sizeof(unsigned char) * (in_len + 1)); + if (!(*out)) { + LOGE("Failed to allocate memory."); + return; + } + + memcpy(*out, in, in_len + 1); +} + +char *get_complete_path(const char *str1, const char *str2) +{ + size_t str1_len = strlen(str1); + char *result = NULL; + int as_result; + + if (str1[str1_len - 1] != '/') + as_result = asprintf(&result, "%s/%s", str1, str2); + else + as_result = asprintf(&result, "%s%s", str1, str2); + + if (as_result < 0) + return NULL; + + return result; +} + + +int get_common_name(const char *path, struct x509_st *x509Struct, char **commonName) +{ + int result = CERTSVC_SUCCESS; + const unsigned char* data = NULL; + CERT_CONTEXT* context = NULL; + unsigned char *_commonName = NULL; + unsigned char *tmpSubjectStr = NULL; + cert_svc_name_fld_data *certFieldData = NULL; + + if (!path && !x509Struct) { + LOGE("Invalid input parameter."); + return CERTSVC_WRONG_ARGUMENT; + } + + /* If x509Struct is empty, we need to read the certificate and construct the x509 structure */ + if (!x509Struct) { + context = cert_svc_cert_context_init(); + if (!context) { + LOGE("Failed to allocate memory."); + return CERTSVC_BAD_ALLOC; + } + + result = cert_svc_load_file_to_context(context, path); + if (result != CERT_SVC_ERR_NO_ERROR) { + LOGE("Failed to load file into context."); + result = CERTSVC_FAIL; + goto err; + } + + if (!context->certBuf || !context->certBuf->data) { + LOGE("Empty certificate buffer."); + result = CERTSVC_FAIL; + goto err; + } + + data = context->certBuf->data; + d2i_X509(&x509Struct, &data, context->certBuf->size); + + if (!x509Struct) { + LOGE("[ERR][%s] Fail to construct X509 structure.", __func__); + result = CERT_SVC_ERR_INVALID_CERTIFICATE; + goto err; + } + } + + /* At this point we assume that we have the x509Struct filled with information */ + tmpSubjectStr = (unsigned char *)X509_NAME_oneline((x509Struct->cert_info->subject), NULL, 0); + if (!tmpSubjectStr) { + LOGE("[ERR][%s] Fail to parse certificate.", __func__); + result = CERTSVC_FAIL; + goto err; + } + + certFieldData = (cert_svc_name_fld_data *)malloc(sizeof(cert_svc_name_fld_data)); + if (!certFieldData) { + LOGE("Failed to allocate memory."); + result = CERTSVC_BAD_ALLOC; + goto err; + } + + certFieldData->commonName = NULL; + certFieldData->organizationName = NULL; + certFieldData->organizationUnitName = NULL; + certFieldData->emailAddress = NULL; + + result = cert_svc_util_parse_name_fld_data(tmpSubjectStr, certFieldData); + if (result != CERT_SVC_ERR_NO_ERROR) { + LOGE("[ERR][%s] Fail to parse cert_svc_name_fld_data.", __func__); + result = CERTSVC_FAIL; + goto err; + } + + result = CERTSVC_SUCCESS; + + if (certFieldData->commonName) + _copy_field(certFieldData->commonName, &_commonName); + else if (certFieldData->organizationName) + _copy_field(certFieldData->organizationName, &_commonName); + else if (certFieldData->organizationUnitName) + _copy_field(certFieldData->organizationUnitName, &_commonName); + else if (certFieldData->emailAddress) + _copy_field(certFieldData->emailAddress, &_commonName); + + if (!_commonName) { + LOGE("Failed to get common name"); + result = CERTSVC_FAIL; + goto err; + } + + *commonName = (char *)_commonName; + LOGD("Success to get common name for title. commonname[%s]", *commonName); + +err: + if (x509Struct) + X509_free(x509Struct); + + if (context) + cert_svc_cert_context_final(context); + + if (tmpSubjectStr) + OPENSSL_free(tmpSubjectStr); + + if (certFieldData) { + free(certFieldData->countryName); + free(certFieldData->localityName); + free(certFieldData->stateOrProvinceName); + free(certFieldData->organizationName); + free(certFieldData->organizationUnitName); + free(certFieldData->commonName); + free(certFieldData->emailAddress); + free(certFieldData); + } + + return result; +} diff --git a/vcore/src/vcore/utils.h b/vcore/src/vcore/utils.h new file mode 100644 index 0000000..2752b51 --- /dev/null +++ b/vcore/src/vcore/utils.h @@ -0,0 +1,14 @@ +#pragma once + +#include <openssl/x509.h> + +#ifdef __cplusplus +extern "C" { +#endif + +char *get_complete_path(const char *str1, const char *str2); +int get_common_name(const char *path, struct x509_st *x509Struct, char **commonName); + +#ifdef __cplusplus +} +#endif |