summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJanusz Kozerski <j.kozerski@samsung.com>2015-07-03 14:26:44 +0200
committerJanusz Kozerski <j.kozerski@samsung.com>2015-07-17 14:33:45 +0200
commitecacacfce9dc0f97fc67ba032726583b8881ed97 (patch)
treeb8710bbd27d939524bf26bb802056d6736c85f8a
parent1bf0726b3028ddfaae0cdd70e46b416335da39a0 (diff)
downloadcert-checker-ecacacfce9dc0f97fc67ba032726583b8881ed97.tar.gz
cert-checker-ecacacfce9dc0f97fc67ba032726583b8881ed97.tar.bz2
cert-checker-ecacacfce9dc0f97fc67ba032726583b8881ed97.zip
Add OCSP verification (CKM API is used)
* Add tests for certificates * Remove unnecessary methods in Logic class * Add missing include * Use new cert-checker-vcore API Change-Id: Idfa777d1f1ba6f7142ea78e29bf1bc63415b128e
-rw-r--r--packaging/cert-checker.spec5
-rw-r--r--src/CMakeLists.txt1
-rw-r--r--src/certs.cpp178
-rw-r--r--src/include/cchecker/certs.h31
-rw-r--r--src/include/cchecker/logic.h6
-rw-r--r--src/logic.cpp69
-rw-r--r--tests/CMakeLists.txt16
-rw-r--r--tests/certs_.cpp38
-rw-r--r--tests/certs_.h37
-rw-r--r--tests/files/app1/author-signature.xml75
-rw-r--r--tests/files/app1/signature1.xml80
-rw-r--r--tests/files/app_2/signature1.xml80
-rw-r--r--tests/test_certs.cpp477
13 files changed, 1043 insertions, 50 deletions
diff --git a/packaging/cert-checker.spec b/packaging/cert-checker.spec
index 9f3ce30..0d11355 100644
--- a/packaging/cert-checker.spec
+++ b/packaging/cert-checker.spec
@@ -15,6 +15,7 @@ BuildRequires: pkgconfig(notification)
BuildRequires: pkgconfig(dbus-1)
BuildRequires: pkgconfig(dbus-glib-1)
BuildRequires: pkgconfig(cert-svc-vcore)
+BuildRequires: pkgconfig(key-manager)
BuildRequires: pkgconfig(libsystemd-journal)
BuildRequires: pkgconfig(libtzplatform-config)
BuildRequires: pkgconfig(sqlite3)
@@ -44,7 +45,8 @@ export LDFLAGS+="-Wl,--rpath=%{_libdir} "
%cmake . -DVERSION=%{version} \
-DDB_INSTALL_DIR=%{TZ_SYS_DB} \
-DCMAKE_BUILD_TYPE=%{?build_type:%build_type}%{!?build_type:RELEASE} \
- -DCMAKE_VERBOSE_MAKEFILE=ON
+ -DCMAKE_VERBOSE_MAKEFILE=ON \
+ -DTEST_APP_SIGNATURES_DIR="/root/cert-checker-test"
make %{?jobs:-j%jobs}
@@ -68,3 +70,4 @@ rm -rf %{buildroot}
%defattr(-,root,root,-)
%{_bindir}/cert-checker-tests
%{TZ_SYS_DB}/.cert-checker-test.db
+/root/cert-checker-test/*/*.xml
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index bd75eb5..d5a56eb 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -8,6 +8,7 @@ PKG_CHECK_MODULES(CERT_CHECKER_DEP
gio-2.0
icu-i18n
notification
+ key-manager
libsystemd-journal
libtzplatform-config
sqlite3
diff --git a/src/certs.cpp b/src/certs.cpp
index 5b69ba0..277546d 100644
--- a/src/certs.cpp
+++ b/src/certs.cpp
@@ -18,7 +18,7 @@
* @author Janusz Kozerski (j.kozerski@samsung.com)
* @version 1.0
* @brief This file is the implementation of certificates logic
- * Getting out findinf app signature, getting certificates out of
+ * Getting out app signature, getting certificates out of
* signature. Checking OCSP
*/
#include <sys/types.h>
@@ -26,13 +26,15 @@
#include <list>
#include <memory>
#include <string>
-#include <set>
#include <vector>
-#include <vcore/Certificate.h>
+#include <vcore/CertificateCollection.h>
#include <vcore/SignatureReader.h>
#include <vcore/SignatureFinder.h>
#include <vcore/WrtSignatureValidator.h>
#include <vcore/VCore.h>
+#include <ckm/ckm-type.h>
+#include <ckm/ckm-raw-buffer.h>
+#include <tzplatform_config.h>
#include <cchecker/certs.h>
#include <cchecker/log.h>
@@ -47,6 +49,7 @@ namespace CCHECKER {
Certs::Certs()
{
ValidationCore::VCoreInit();
+ m_ckm = CKM::Manager::create();
}
Certs::~Certs()
@@ -136,10 +139,9 @@ void Certs::find_app_signatures (app_t &app, const std::string &app_path, ocsp_u
LogDebug("Certificate: " << app_cert << " has been added");
// check OCSP URL
- std::string ocsp_url = DPL::ToUTF8String((*cert_iter)->getOCSPURL());
+ std::string ocsp_url = (*cert_iter)->getOCSPURL();
if (ocsp_url != std::string("")) {
- std::string issuer = DPL::ToUTF8String(
- (*cert_iter)->getCommonName(ValidationCore::Certificate::FIELD_ISSUER));
+ std::string issuer = (*cert_iter)->getCommonName(ValidationCore::Certificate::FIELD_ISSUER);
int64_t time = (*cert_iter)->getNotBefore();
url_t url(issuer, ocsp_url, time);
ocsp_urls.push_back(url);
@@ -158,4 +160,168 @@ void Certs::find_app_signatures (app_t &app, const std::string &app_path, ocsp_u
}
}
+bool Certs::ocsp_create_list (const chain_t &chain, ValidationCore::CertificateList &certs_list)
+{
+ ValidationCore::CertificateCollection collection;
+ ValidationCore::CertificateList list;
+
+ LogDebug("Chain size: " << chain.size());
+ for (auto &iter : chain) {
+ try {
+ ValidationCore::CertificatePtr p_cert(
+ new ValidationCore::Certificate(iter, ValidationCore::Certificate::FORM_BASE64));
+ list.push_back(p_cert);
+ } catch (const ValidationCore::Certificate::Exception::Base& exception) {
+ LogError("Error while creating certificate from BASE64: " << exception.DumpToString());
+ return false;
+ }
+ LogDebug("Load certificate to list: " << list.size());
+ }
+
+ // Function collection.load which takes certificate in std::string BASE64 fails for some reason,
+ // so load(const CertificateList &certList) is used.
+ collection.load(list);
+ LogDebug("Load certificate to CertificateCollection: " << collection.size());
+
+ if (!collection.sort()) {
+ LogError("Cannot make chain of certificates");
+ // What to do if chain cannot be build?
+ return false;
+ }
+
+ if (collection.isChain()) {
+ LogDebug("Build chain succeed, size: " << collection.size());
+ } else {
+ LogError("Building chain failed");
+ return false;
+ }
+
+ certs_list = collection.getCertificateList();
+
+ return true;
+}
+
+bool Certs::ocsp_build_chain (const ValidationCore::CertificateList &certs_list, CKM::CertificateShPtrVector &vect_ckm_chain)
+{
+ CKM::CertificateShPtrVector vect_untrusted;
+
+ bool first = true;
+ CKM::CertificateShPtr cert_end_entity;
+ LogDebug("Size of certs_list: " << certs_list.size());
+ for (auto &iter : certs_list) {
+ std::string cert_cp(iter->getBase64());
+ CKM::RawBuffer buff(cert_cp.begin(), cert_cp.end());
+ CKM::CertificateShPtr cert = CKM::Certificate::create(buff, CKM::DataFormat::FORM_DER_BASE64);
+
+ if (!cert) {
+ LogDebug("CKM failed to create certificate");
+ return false;
+ }
+ else if (first) {
+ cert_end_entity = cert;
+ first = false;
+ LogDebug("Found end entity certificate");
+ }
+ else {
+ vect_untrusted.push_back(cert);
+ LogDebug("Found untrusted certificate");
+ }
+ }
+
+ int ret = m_ckm->getCertificateChain(
+ cert_end_entity,
+ vect_untrusted,
+ CKM::CertificateShPtrVector(),
+ true, // useTrustedSystemCertificates
+ vect_ckm_chain);
+ if (ret != CKM_API_SUCCESS) {
+ LogError("CKM getCertificateChain returned: " << ret);
+ // TODO: Add handling for different errors codes?
+ return false;
+ }
+
+ return true;
+}
+
+Certs::ocsp_response_t Certs::check_ocsp_chain (const chain_t &chain)
+{
+ ValidationCore::CertificateList certs_list;
+ if (!ocsp_create_list(chain, certs_list)) {
+ LogError("Error while build list of certificates");
+ return Certs::ocsp_response_t::OCSP_CERT_ERROR;
+ }
+
+ CKM::CertificateShPtrVector vect_ckm_chain;
+
+ if (!ocsp_build_chain(certs_list, vect_ckm_chain)) {
+ LogError("Error while build chain of certificates");
+ return Certs::ocsp_response_t::OCSP_CERT_ERROR;
+ }
+
+ int status;
+ int ret = m_ckm->ocspCheck(vect_ckm_chain, status);
+ if (ret != CKM_API_SUCCESS) {
+ LogError("CKM ckeck OCSP returned " << ret);
+ // Add handling for different errors codes
+ // For these we can try to check ocsp again later:
+ switch (ret) {
+ case CKM_API_ERROR_SOCKET:
+ case CKM_API_ERROR_BAD_REQUEST:
+ case CKM_API_ERROR_BAD_RESPONSE:
+ case CKM_API_ERROR_SEND_FAILED:
+ case CKM_API_ERROR_RECV_FAILED:
+ case CKM_API_ERROR_SERVER_ERROR:
+ case CKM_API_ERROR_OUT_OF_MEMORY:
+ return Certs::ocsp_response_t::OCSP_CHECK_AGAIN;
+ // Any other error should be recurrent - checking the same app again
+ // should give the same result.
+ default:
+ return Certs::ocsp_response_t::OCSP_CERT_ERROR;
+ }
+ }
+
+ LogDebug("OCSP status: " << status);
+ switch (status) {
+ // Remove app from "to-check" list:
+ case CKM_API_OCSP_STATUS_GOOD:
+ return Certs::ocsp_response_t::OCSP_APP_OK;
+ case CKM_API_OCSP_STATUS_UNSUPPORTED:
+ case CKM_API_OCSP_STATUS_UNKNOWN:
+ case CKM_API_OCSP_STATUS_INVALID_URL:
+ return Certs::ocsp_response_t::OCSP_CERT_ERROR;
+
+ //Show popup to user and remove app from "to-check" list
+ case CKM_API_OCSP_STATUS_REVOKED:
+ return Certs::ocsp_response_t::OCSP_APP_REVOKED;
+
+ //Keep app for checking it again later:
+ case CKM_API_OCSP_STATUS_NET_ERROR:
+ case CKM_API_OCSP_STATUS_INVALID_RESPONSE:
+ case CKM_API_OCSP_STATUS_REMOTE_ERROR:
+ case CKM_API_OCSP_STATUS_INTERNAL_ERROR:
+ return Certs::ocsp_response_t::OCSP_CHECK_AGAIN;
+
+ default:
+ // This should never happen
+ return Certs::ocsp_response_t::OCSP_CERT_ERROR;
+ }
+}
+
+Certs::ocsp_response_t Certs::check_ocsp (const app_t &app)
+{
+ bool check_again = false;
+
+ for (auto &iter : app.signatures) {
+ Certs::ocsp_response_t resp = check_ocsp_chain(iter);
+ if (resp == Certs::ocsp_response_t::OCSP_APP_REVOKED)
+ return Certs::ocsp_response_t::OCSP_APP_REVOKED;
+ if (resp == Certs::ocsp_response_t::OCSP_CHECK_AGAIN)
+ check_again = true;
+ }
+
+ if (check_again)
+ return Certs::ocsp_response_t::OCSP_CHECK_AGAIN;
+ return Certs::ocsp_response_t::OCSP_APP_OK;
+}
+
} // CCHECKER
diff --git a/src/include/cchecker/certs.h b/src/include/cchecker/certs.h
index ed8efe0..7da95e6 100644
--- a/src/include/cchecker/certs.h
+++ b/src/include/cchecker/certs.h
@@ -25,19 +25,36 @@
#ifndef CCHECKER_CERTS_H
#define CCHECKER_CERTS_H
+#include <ckm/ckm-certificate.h>
+#include <vcore/Certificate.h>
+
#include <cchecker/app.h>
+#include <ckm/ckm-manager.h>
namespace CCHECKER {
class Certs {
public:
- Certs();
- virtual ~Certs();
- void get_certificates (app_t &app, ocsp_urls_t &ocsp_urls);
- private:
- void find_app_signatures (app_t &app, const std::string &app_path, ocsp_urls_t &ocsp_urls);
- void search_app (app_t &app, ocsp_urls_t &ocsp_urls);
-
+ enum class ocsp_response_t {
+ OCSP_APP_OK,
+ OCSP_APP_REVOKED,
+ OCSP_CHECK_AGAIN,
+ OCSP_CERT_ERROR
+ };
+ Certs();
+ virtual ~Certs();
+ void get_certificates (app_t &app, ocsp_urls_t &ocsp_urls);
+ ocsp_response_t check_ocsp (const app_t &app); // TODO: add custom url support
+ protected: // Needed for tests
+ ocsp_response_t check_ocsp_chain (const chain_t &chain);
+ void find_app_signatures (app_t &app, const std::string &app_path, ocsp_urls_t &ocsp_urls);
+ void search_app (app_t &app, ocsp_urls_t &ocsp_urls);
+ bool ocsp_create_list(const chain_t &chain, ValidationCore::CertificateList &certs_list);
+ bool ocsp_build_chain (const ValidationCore::CertificateList &certs_list,
+ CKM::CertificateShPtrVector &vect_ckm_chain);
+
+ //private:
+ CKM::ManagerShPtr m_ckm;
};
} // CCHECKER
diff --git a/src/include/cchecker/logic.h b/src/include/cchecker/logic.h
index d698437..8627c1d 100644
--- a/src/include/cchecker/logic.h
+++ b/src/include/cchecker/logic.h
@@ -80,13 +80,9 @@ class Logic {
error_t setup_db();
void load_database_to_buffer();
- void check_ocsp(app_t &app);
void add_ocsp_url(const std::string &issuer, const std::string &url, int64_t date);
- void pkgmanager_uninstall(const app_t &app);
- void get_certs_from_signature(const std::string &signature, std::vector<std::string> &cert);
-
void add_app_to_buffer_and_database(const app_t &app);
- void remove_app_from_buffer(const app_t &app);
+ void remove_app_from_buffer_and_database(const app_t &app);
void pkgmgr_callback_internal(GVariant *parameters, pkgmgr_event_t event);
error_t register_dbus_signal_handler(GDBusProxy *proxy,
diff --git a/src/logic.cpp b/src/logic.cpp
index 445c266..e919e5f 100644
--- a/src/logic.cpp
+++ b/src/logic.cpp
@@ -317,27 +317,11 @@ void Logic::connman_callback(GDBusProxy */*proxy*/,
}
}
-void Logic::check_ocsp(app_t &app)
-{
- (void)app;
-}
-
void Logic::add_ocsp_url(const string &issuer, const string &url, int64_t date)
{
m_sqlquery->set_url(issuer, url, date);
}
-void Logic::pkgmanager_uninstall(const app_t &app)
-{
- (void)app;
-}
-
-void Logic::get_certs_from_signature(const string &signature, vector<string> &cert)
-{
- (void)signature;
- (void)cert;
-}
-
void Logic::load_database_to_buffer()
{
LogDebug("Loading database to the buffer");
@@ -357,8 +341,32 @@ void Logic::process_queue(void)
error_t Logic::process_buffer(void)
{
- for(auto iter = m_buffer.begin(); iter != m_buffer.end(); iter++) {
- // TODO: Implement checking OCSP
+ for (auto iter = m_buffer.begin(); iter != m_buffer.end();) {
+ // If OCSP checking fails we should remove application from buffer and database
+ Certs::ocsp_response_t ret;
+ ret = m_certs.check_ocsp(*iter);
+ if (ret == Certs::ocsp_response_t::OCSP_APP_OK ||
+ ret == Certs::ocsp_response_t::OCSP_CERT_ERROR) {
+ LogDebug(iter->str() << " OCSP verified (or not available for app's chains)");
+ app_t app_cpy = *iter;
+ iter++;
+ remove_app_from_buffer_and_database(app_cpy);
+ }
+ else if (ret == Certs::ocsp_response_t::OCSP_APP_REVOKED) {
+ LogDebug(iter->str() << " certificate has been revoked. Popup should be shown");
+ app_t app_cpy = *iter;
+ iter++;
+ // TODO: Do not remove app here - just waits for user answer from popup
+ // Temporary solution because popup doesn't work
+ remove_app_from_buffer_and_database(app_cpy);
+
+ }
+ else {
+ LogDebug(iter->str() << " should be checked again later");
+ // If check_ocsp returns Certs::ocsp_response_t::OCSP_CHECK_AGAIN
+ // app should be checked again later
+ iter++;
+ }
}
return NO_ERROR;
}
@@ -409,8 +417,7 @@ void Logic::process_event(const event_t &event)
}
}
else if (event.event_type == event_t::event_type_t::APP_UNINSTALL) {
- remove_app_from_buffer(event.app);
- m_sqlquery->remove_app_from_check_list(event.app);
+ remove_app_from_buffer_and_database(event.app);
}
else
LogError("Unknown event type");
@@ -428,21 +435,23 @@ void Logic::add_app_to_buffer_and_database(const app_t &app)
m_buffer.push_back(app);
}
-void Logic::remove_app_from_buffer(const app_t &app)
+// Notice that this operator doesn't compare list of certificate, because it isn't needed here.
+// This operator is implemented only for using in m_buffer.remove() method;
+// Operator which compares certificates is implemented in tests.
+bool operator ==(const app_t &app1, const app_t &app2)
+{
+ return app1.app_id == app2.app_id &&
+ app1.pkg_id == app2.pkg_id &&
+ app1.uid == app2.uid;
+}
+
+void Logic::remove_app_from_buffer_and_database(const app_t &app)
{
// First remove app from DB
m_sqlquery->remove_app_from_check_list(app);
// Then remove app from buffer
- for (auto iter = m_buffer.begin(); iter != m_buffer.end(); ++iter) {
- if (iter->app_id == app.app_id &&
- iter->pkg_id == app.pkg_id &&
- iter->uid == app.uid) {
- LogDebug(iter->str() << " found in buffer - will be removed");
- m_buffer.erase(iter);
- break;
- }
- }
+ m_buffer.remove(app);
}
bool Logic::get_should_exit(void) const
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index bff89b6..f3cd9e4 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -1,12 +1,13 @@
PKG_CHECK_MODULES(CERT_CHECKER_TESTS_DEP
REQUIRED
+ cert-svc-vcore
dbus-1
dbus-glib-1
db-util
glib-2.0
gio-2.0
icu-i18n
- notification
+ key-manager
libsystemd-journal
libtzplatform-config
sqlite3
@@ -14,6 +15,7 @@ PKG_CHECK_MODULES(CERT_CHECKER_TESTS_DEP
FIND_PACKAGE(Threads REQUIRED)
ADD_DEFINITIONS( "-DBOOST_TEST_DYN_LINK" )
+ADD_DEFINITIONS("-DTEST_APP_SIGNATURES_DIR=\"${TEST_APP_SIGNATURES_DIR}\"")
SET(CERT_CHECKER_SRC_PATH ${PROJECT_SOURCE_DIR}/src)
SET(CERT_CHECKER_TESTS_SRC_PATH ${PROJECT_SOURCE_DIR}/tests)
@@ -28,9 +30,12 @@ SET(CERT_CHECKER_TESTS_SOURCES
${CERT_CHECKER_TESTS_SRC_PATH}/test_db.cpp
${CERT_CHECKER_TESTS_SRC_PATH}/test_queue.cpp
${CERT_CHECKER_TESTS_SRC_PATH}/queue_test_thread.cpp
+ ${CERT_CHECKER_TESTS_SRC_PATH}/test_certs.cpp
+ ${CERT_CHECKER_TESTS_SRC_PATH}/certs_.cpp
# cert-checker
${CERT_CHECKER_SRC_PATH}/app.cpp
${CERT_CHECKER_SRC_PATH}/queue.cpp
+ ${CERT_CHECKER_SRC_PATH}/certs.cpp
# logs
${CERT_CHECKER_SRC_PATH}/log/log.cpp
# dpl
@@ -65,4 +70,13 @@ TARGET_LINK_LIBRARIES(${TARGET_CERT_CHECKER_TESTS}
-ldl
)
+#### Test files/signatures
+INSTALL(FILES
+ files/app1/author-signature.xml
+ files/app1/signature1.xml
+ DESTINATION ${TEST_APP_SIGNATURES_DIR}/app1/)
+INSTALL(FILES
+ files/app_2/signature1.xml
+ DESTINATION ${TEST_APP_SIGNATURES_DIR}/app_2/)
+
INSTALL(TARGETS ${TARGET_CERT_CHECKER_TESTS} DESTINATION ${BINDIR})
diff --git a/tests/certs_.cpp b/tests/certs_.cpp
new file mode 100644
index 0000000..8155b90
--- /dev/null
+++ b/tests/certs_.cpp
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file certs_.cpp
+ * @author Janusz Kozerski (j.kozerski@samsung.com)
+ * @version 1.0
+ * @brief Implementation of Certs for testing
+ */
+
+#include <certs_.h>
+
+using namespace CCHECKER;
+
+Certs_::~Certs_()
+{}
+
+Certs_::ocsp_response_t Certs_::check_ocsp_chain_ (const chain_t &chain)
+{
+ return this->check_ocsp_chain(chain);
+}
+
+void Certs_::find_app_signatures_ (app_t &app, const std::string &app_path, ocsp_urls_t &ocsp_urls)
+{
+ return this->find_app_signatures(app, app_path, ocsp_urls);
+}
diff --git a/tests/certs_.h b/tests/certs_.h
new file mode 100644
index 0000000..70dece5
--- /dev/null
+++ b/tests/certs_.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file certs_.h
+ * @author Janusz Kozerski (j.kozerski@samsung.com)
+ * @version 1.0
+ * @brief Implementation of Certs for testing
+ */
+
+#include <cchecker/certs.h>
+
+#ifndef CCHECKER_DBFIXTURE_H
+#define CCHECKER_DBFIXTURE_H
+
+using namespace CCHECKER;
+
+class Certs_ : public Certs {
+ public:
+ virtual ~Certs_();
+ ocsp_response_t check_ocsp_chain_ (const chain_t &chain);
+ void find_app_signatures_ (app_t &app, const std::string &app_path, ocsp_urls_t &ocsp_urls);
+};
+
+#endif //CCHECKER_DBFIXTURE_H
diff --git a/tests/files/app1/author-signature.xml b/tests/files/app1/author-signature.xml
new file mode 100644
index 0000000..0fb85ce
--- /dev/null
+++ b/tests/files/app1/author-signature.xml
@@ -0,0 +1,75 @@
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="AuthorSignature">
+<SignedInfo>
+<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod>
+<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod>
+<Reference URI="images/tizen_32.png">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>eDr9ZPFlGlapLDnI1BiALwqovNdBvx3Aspc/lWOH3WI=</DigestValue>
+</Reference>
+<Reference URI="icon.png">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>eDr9ZPFlGlapLDnI1BiALwqovNdBvx3Aspc/lWOH3WI=</DigestValue>
+</Reference>
+<Reference URI="js/main.js">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>gJORpAB1ok2tUJx0JeQkk9ByvXOQLMG4BMddjCQxYBs=</DigestValue>
+</Reference>
+<Reference URI="index.html">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>yckSRw904y3goDeL/oBnL0BM2kWy22cS4l8EFOrnhbM=</DigestValue>
+</Reference>
+<Reference URI="css/style.css">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>mVyzTIt7toDjqJDyK8zFNfUxuVnC7msv17Oai/+NZdI=</DigestValue>
+</Reference>
+<Reference URI="config.xml">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>KXS856VpStHxKdsgVoSkzgI0faEpYC0wTg2+ahLwCEk=</DigestValue>
+</Reference>
+<Reference URI="#prop">
+<Transforms>
+<Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"></Transform>
+</Transforms>
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>lpo8tUDs054eLlBQXiDPVDVKfw30ZZdtkRs1jd7H5K8=</DigestValue>
+</Reference>
+</SignedInfo>
+<SignatureValue>
+QBiwbw/ChRHbNgpCMP5ht2U/BX9sfBgKFTmxEsxywtl1QUBRi+XbK3fhjt+SqBwv32RtEq0TouwB
+7rthEpLNj9R+GJwCdjNpl79kEvZcY+KaWk2gSXsQ5THtnN9wXxfi95ke84lOpbQ6+y8pPzLbEx5Q
+yYdu4jOAIscr2NV9bbM=
+</SignatureValue>
+<KeyInfo>
+<X509Data>
+<X509Certificate>
+MIIClDCCAf2gAwIBAgIGAT4hYbcpMA0GCSqGSIb3DQEBBQUAMIGEMQswCQYDVQQGEwJLUjEOMAwG
+A1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSAwHgYD
+VQQLDBdUaXplbiBEZXZlbG9wZXIgVGVzdCBDQTEbMBkGA1UEAwwSVGl6ZW4gRGV2ZWxvcGVyIENB
+MB4XDTEzMDQxOTA4MjA1MloXDTQwMDkwNDA4MjA1MVowgZUxCzAJBgNVBAYTAlBMMREwDwYDVQQI
+DAhNYXpvdmlhbjEPMA0GA1UEBwwGV2Fyc2F3MQ4wDAYDVQQKDAVTUlBPTDERMA8GA1UECwwIS1NG
+L1dTU1AxJTAjBgkqhkiG9w0BCQEWFmoua296ZXJza2lAc2Ftc3VuZy5jb20xGDAWBgNVBAMMD0ph
+bnVzeiBLb3plcnNraTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAs0REWSsOn/QyVDSjSTRE
+0W+LacX4cifRYI16nQi8WJhCAymhOg4UVXUk31Iwta8lOnQvgoce8bR+/dbCzDBmnogq8KXWlEtn
+Ma3X6Tvz5BZfNy4Zj44G/aK0tJvnBj28h2ZZe545BNNW4zKR4SvNie9uM8v1r16PZaaS0YxOXl0C
+AwEAATANBgkqhkiG9w0BAQUFAAOBgQCGuwLCcQAAQz2Op83gTl0Pb+f7AinL8d3XGRC8dtFPqSrZ
+wN3gEEIQxQeYLahEVPAsD1K9aWebbWm/sjpDERKW7hmYvGYz90Z+ocLKdork5XgQWqVGt7qi+pxZ
+x6VDuNVxDrQtsX/hLf/YBhZJuzs/LSdlErUKQM8fdxvVzbld3w==
+</X509Certificate>
+<X509Certificate>
+MIICpzCCAhCgAwIBAgIJAKzDjmEF+1OXMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJLUjEO
+MAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSUw
+IwYDVQQLDBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMSUwIwYDVQQDDBxUaXplbiBUZXN0
+IERldmVsb3BlciBSb290IENBMB4XDTEyMTAyOTEzMDEyMloXDTIyMTAyNzEzMDEyMlowgYQxCzAJ
+BgNVBAYTAktSMQ4wDAYDVQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVu
+IFRlc3QgQ0ExIDAeBgNVBAsMF1RpemVuIERldmVsb3BlciBUZXN0IENBMRswGQYDVQQDDBJUaXpl
+biBEZXZlbG9wZXIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMyG0DSTHBgalQo1seDK
+xpCU61gji+QQlxQkPQOvBrmuF6Z90zFCprTtg2sRjTLCNoRd75+VCCHuKGcrD27t7hwAekusPrpz
+dsq5QoBMvNjGDM22lC45PJ4d86DEDY4erxeJ5aSQxqbfXK4pKe9NwxdkKuA8dTYZM1UcmhXs7YAL
+AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACbr/OPNMJ+Ejrxfm/YjC
+iRPpjJLnwXS2IDtitbxot6bEdZkZvOFXOC0Ca4GT+jtvOcSlU7tM3Mdd1MrKe1kkoVd1vhCV8V4C
+K3/DPj8aN3rxfMfQitA6XMDcxzhsyMWz56OdifX50dvS/G/ad+kGhNhOOEKSE8zUyEDCGwqkfXk=
+</X509Certificate>
+</X509Data>
+</KeyInfo>
+<Object Id="prop"><SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"><SignatureProperty Id="profile" Target="#AuthorSignature"><dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"></dsp:Profile></SignatureProperty><SignatureProperty Id="role" Target="#AuthorSignature"><dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-author"></dsp:Role></SignatureProperty><SignatureProperty Id="identifier" Target="#AuthorSignature"><dsp:Identifier></dsp:Identifier></SignatureProperty></SignatureProperties></Object>
+</Signature> \ No newline at end of file
diff --git a/tests/files/app1/signature1.xml b/tests/files/app1/signature1.xml
new file mode 100644
index 0000000..844066e
--- /dev/null
+++ b/tests/files/app1/signature1.xml
@@ -0,0 +1,80 @@
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="DistributorSignature">
+<SignedInfo>
+<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod>
+<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod>
+<Reference URI="author-signature.xml">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>VPyQoHNa+V9BwhCD/D8Yk94MFRnWdS7LLts1CIUwp1Y=</DigestValue>
+</Reference>
+<Reference URI="images/tizen_32.png">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>eDr9ZPFlGlapLDnI1BiALwqovNdBvx3Aspc/lWOH3WI=</DigestValue>
+</Reference>
+<Reference URI="icon.png">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>eDr9ZPFlGlapLDnI1BiALwqovNdBvx3Aspc/lWOH3WI=</DigestValue>
+</Reference>
+<Reference URI="js/main.js">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>gJORpAB1ok2tUJx0JeQkk9ByvXOQLMG4BMddjCQxYBs=</DigestValue>
+</Reference>
+<Reference URI="index.html">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>yckSRw904y3goDeL/oBnL0BM2kWy22cS4l8EFOrnhbM=</DigestValue>
+</Reference>
+<Reference URI="css/style.css">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>mVyzTIt7toDjqJDyK8zFNfUxuVnC7msv17Oai/+NZdI=</DigestValue>
+</Reference>
+<Reference URI="config.xml">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>KXS856VpStHxKdsgVoSkzgI0faEpYC0wTg2+ahLwCEk=</DigestValue>
+</Reference>
+<Reference URI="#prop">
+<Transforms>
+<Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"></Transform>
+</Transforms>
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>u/jU3U4Zm5ihTMSjKGlGYbWzDfRkGphPPHx3gJIYEJ4=</DigestValue>
+</Reference>
+</SignedInfo>
+<SignatureValue>
+IjFZ+/u8TVgj1DcogK/3X54hOxIrWYFllqppy9x7VoCjNmfc3d+ceezOcs2Vhg8CHpBcPMb9m4iD
+eAPHMz0HXZbHjfOlKqBwXbaPLf6b7zJBhhgD8vTCcq2q8FYq9jIEe/7FMe2E36XoBRgS6cl6Y//y
+K6vhCnlJKbrmZBsCMeA=
+</SignatureValue>
+<KeyInfo>
+<X509Data>
+<X509Certificate>
+MIICmzCCAgQCCQDXI7WLdVZwiTANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCS1IxDjAMBgNV
+BAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UE
+CwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEkMCIGA1UEAwwbVGl6ZW4gUHVibGljIERpc3Ry
+aWJ1dG9yIENBMB4XDTEyMTAyOTEzMDMwNFoXDTIyMTAyNzEzMDMwNFowgZMxCzAJBgNVBAYTAktS
+MQ4wDAYDVQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3QgQ0Ex
+IjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0ExKDAmBgNVBAMMH1RpemVuIFB1Ymxp
+YyBEaXN0cmlidXRvciBTaWduZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALtMvlc5hENK
+90ZdA+y66+Sy0enD1gpZDBh5T9RP0oRsptJv5jjNTseQbQi0SZOdOXb6J7iQdlBCtR343RpIEz8H
+mrBy7mSY7mgwoU4EPpp4CTSUeAuKcmvrNOngTp5Hv7Ngf02TTHOLK3hZLpGayaDviyNZB5PdqQdB
+hokKjzAzAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvGp1gxxAIlFfhJH1efjb9BJK/rtRkbYn9+Ez
+GEbEULg1svsgnyWisFimI3uFvgI/swzr1eKVY3Sc8MQ3+Fdy3EkbDZ2+WAubhcEkorTWjzWz2fL1
+vKaYjeIsuEX6TVRUugHWudPzcEuQRLQf8ibZWjbQdBmpeQYBMg5x+xKLCJc=
+</X509Certificate>
+<X509Certificate>
+MIICtDCCAh2gAwIBAgIJAMDbehElPNKvMA0GCSqGSIb3DQEBBQUAMIGVMQswCQYDVQQGEwJLUjEO
+MAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSMw
+IQYDVQQLDBpUVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEpMCcGA1UEAwwgVGl6ZW4gUHVibGlj
+IERpc3RyaWJ1dG9yIFJvb3QgQ0EwHhcNMTIxMDI5MTMwMjUwWhcNMjIxMDI3MTMwMjUwWjCBjzEL
+MAkGA1UEBhMCS1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6
+ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEkMCIGA1UEAwwb
+VGl6ZW4gUHVibGljIERpc3RyaWJ1dG9yIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDe
+OTS/3nXvkDEmsFCJIvRlQ3RKDcxdWJJp625pFqHdmoJBdV+x6jl1raGK2Y1sp2Gdvpjc/z92yzAp
+bE/UVLPh/tRNZPeGhzU4ejDDm7kzdr2f7Ia0U98K+OoY12ucwg7TYNItj9is7Cj4blGfuMDzd2ah
+2AgnCGlwNwV/pv+uVQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACqJ
+KO33YdoGudwanZIxMdXuxnnD9R6u72ltKk1S4zPfMJJv482CRGCI4FK6djhlsI4i0Lt1SVIJEed+
+yc3qckGm19dW+4xdlkekon7pViEBWuyHw8OWv3RXtTum1+PGHjBJ2eYY4ZKIpz73U/1NC16sTB/0
+VhfnkHwPltmrpYVe
+</X509Certificate>
+</X509Data>
+</KeyInfo>
+<Object Id="prop"><SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"><SignatureProperty Id="profile" Target="#DistributorSignature"><dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"></dsp:Profile></SignatureProperty><SignatureProperty Id="role" Target="#DistributorSignature"><dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"></dsp:Role></SignatureProperty><SignatureProperty Id="identifier" Target="#DistributorSignature"><dsp:Identifier></dsp:Identifier></SignatureProperty></SignatureProperties></Object>
+</Signature> \ No newline at end of file
diff --git a/tests/files/app_2/signature1.xml b/tests/files/app_2/signature1.xml
new file mode 100644
index 0000000..ade9e14
--- /dev/null
+++ b/tests/files/app_2/signature1.xml
@@ -0,0 +1,80 @@
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="DistributorSignature">
+<SignedInfo>
+<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod>
+<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod>
+<Reference URI="author-signature.xml">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>STd01qoNmkFKYFkHtIfTNzz44Sooj4yPcbnpPMvNXrA=</DigestValue>
+</Reference>
+<Reference URI="images/tizen_32.png">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>eDr9ZPFlGlapLDnI1BiALwqovNdBvx3Aspc/lWOH3WI=</DigestValue>
+</Reference>
+<Reference URI="icon.png">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>eDr9ZPFlGlapLDnI1BiALwqovNdBvx3Aspc/lWOH3WI=</DigestValue>
+</Reference>
+<Reference URI="js/main.js">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>gJORpAB1ok2tUJx0JeQkk9ByvXOQLMG4BMddjCQxYBs=</DigestValue>
+</Reference>
+<Reference URI="index.html">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>yckSRw904y3goDeL/oBnL0BM2kWy22cS4l8EFOrnhbM=</DigestValue>
+</Reference>
+<Reference URI="css/style.css">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>mVyzTIt7toDjqJDyK8zFNfUxuVnC7msv17Oai/+NZdI=</DigestValue>
+</Reference>
+<Reference URI="config.xml">
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>n6D6h7VGH+8sz01o3wJNEWZNaoOQ2u3Lr2u1lcxkR9Y=</DigestValue>
+</Reference>
+<Reference URI="#prop">
+<Transforms>
+<Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"></Transform>
+</Transforms>
+<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
+<DigestValue>u/jU3U4Zm5ihTMSjKGlGYbWzDfRkGphPPHx3gJIYEJ4=</DigestValue>
+</Reference>
+</SignedInfo>
+<SignatureValue>
+fxRqA7mM4PjJLYYTgz2nnV7VNmBvHU17VY3uAEKShLlYclmvj5GKNfdmlHrSd08KxMcHiqSJc1OE
+up2BNsnJ3UHIV6LLqFlOqdybXg3CH8jPiHWKG8Ns8xbljpIemRq5p3ZrMZdaTXjmP4B92GoWEdo2
+5uFbrpGzZLxpxnyAxLE=
+</SignatureValue>
+<KeyInfo>
+<X509Data>
+<X509Certificate>
+MIICmzCCAgQCCQDXI7WLdVZwiTANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCS1IxDjAMBgNV
+BAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UE
+CwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEkMCIGA1UEAwwbVGl6ZW4gUHVibGljIERpc3Ry
+aWJ1dG9yIENBMB4XDTEyMTAyOTEzMDMwNFoXDTIyMTAyNzEzMDMwNFowgZMxCzAJBgNVBAYTAktS
+MQ4wDAYDVQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3QgQ0Ex
+IjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0ExKDAmBgNVBAMMH1RpemVuIFB1Ymxp
+YyBEaXN0cmlidXRvciBTaWduZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALtMvlc5hENK
+90ZdA+y66+Sy0enD1gpZDBh5T9RP0oRsptJv5jjNTseQbQi0SZOdOXb6J7iQdlBCtR343RpIEz8H
+mrBy7mSY7mgwoU4EPpp4CTSUeAuKcmvrNOngTp5Hv7Ngf02TTHOLK3hZLpGayaDviyNZB5PdqQdB
+hokKjzAzAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvGp1gxxAIlFfhJH1efjb9BJK/rtRkbYn9+Ez
+GEbEULg1svsgnyWisFimI3uFvgI/swzr1eKVY3Sc8MQ3+Fdy3EkbDZ2+WAubhcEkorTWjzWz2fL1
+vKaYjeIsuEX6TVRUugHWudPzcEuQRLQf8ibZWjbQdBmpeQYBMg5x+xKLCJc=
+</X509Certificate>
+<X509Certificate>
+MIICtDCCAh2gAwIBAgIJAMDbehElPNKvMA0GCSqGSIb3DQEBBQUAMIGVMQswCQYDVQQGEwJLUjEO
+MAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSMw
+IQYDVQQLDBpUVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEpMCcGA1UEAwwgVGl6ZW4gUHVibGlj
+IERpc3RyaWJ1dG9yIFJvb3QgQ0EwHhcNMTIxMDI5MTMwMjUwWhcNMjIxMDI3MTMwMjUwWjCBjzEL
+MAkGA1UEBhMCS1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6
+ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEkMCIGA1UEAwwb
+VGl6ZW4gUHVibGljIERpc3RyaWJ1dG9yIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDe
+OTS/3nXvkDEmsFCJIvRlQ3RKDcxdWJJp625pFqHdmoJBdV+x6jl1raGK2Y1sp2Gdvpjc/z92yzAp
+bE/UVLPh/tRNZPeGhzU4ejDDm7kzdr2f7Ia0U98K+OoY12ucwg7TYNItj9is7Cj4blGfuMDzd2ah
+2AgnCGlwNwV/pv+uVQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACqJ
+KO33YdoGudwanZIxMdXuxnnD9R6u72ltKk1S4zPfMJJv482CRGCI4FK6djhlsI4i0Lt1SVIJEed+
+yc3qckGm19dW+4xdlkekon7pViEBWuyHw8OWv3RXtTum1+PGHjBJ2eYY4ZKIpz73U/1NC16sTB/0
+VhfnkHwPltmrpYVe
+</X509Certificate>
+</X509Data>
+</KeyInfo>
+<Object Id="prop"><SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties"><SignatureProperty Id="profile" Target="#DistributorSignature"><dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"></dsp:Profile></SignatureProperty><SignatureProperty Id="role" Target="#DistributorSignature"><dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor"></dsp:Role></SignatureProperty><SignatureProperty Id="identifier" Target="#DistributorSignature"><dsp:Identifier></dsp:Identifier></SignatureProperty></SignatureProperties></Object>
+</Signature> \ No newline at end of file
diff --git a/tests/test_certs.cpp b/tests/test_certs.cpp
new file mode 100644
index 0000000..1867e4e
--- /dev/null
+++ b/tests/test_certs.cpp
@@ -0,0 +1,477 @@
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file test_certs.cpp
+ * @author Janusz Kozerski (j.kozerski@samsung.com)
+ * @version 1.0
+ * @brief Tests of certs class (signatures, certificates, OCSP)
+ */
+
+#include <boost/test/unit_test.hpp>
+#include <string>
+#include <thread>
+
+#include <cchecker/log.h>
+#include <certs_.h>
+#include <app_event_operators.h>
+
+using namespace CCHECKER;
+
+BOOST_FIXTURE_TEST_SUITE(CERT_TEST, Certs_)
+
+BOOST_AUTO_TEST_CASE(Certs_OCSP_positive) {
+
+ //*.wikipedia.com:
+ chain_t chain = {
+ "MIIH1jCCBr6gAwIBAgISESGXLjKl5bLinUct/tty1iduMA0GCSqGSIb3DQEBCwUA\
+MGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYD\
+VQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hB\
+MjU2IC0gRzIwHhcNMTQxMjE2MjEyNDAzWhcNMTcwMjE5MTIwMDAwWjB5MQswCQYD\
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5j\
+aXNjbzEjMCEGA1UEChMaV2lraW1lZGlhIEZvdW5kYXRpb24sIEluYy4xGDAWBgNV\
+BAMMDyoud2lraXBlZGlhLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\
+ggEBAMH1s5FRkOrf7p3fQNqqKbre0J/7w3isYDt/tRZw4bHm7mI73Y5335iwulvr\
+Bmsq93RSMHizLx8J0RdkKcfitWS/o0kIKP1wehDzHOerH6s1e7Z3j/uI6mMzDZMs\
+EWDnPA21kwqtXEIwYEAj+tRU832j3CeJ3pMCE75uE+lnN0hVJIXd2c0/hnPRAWTV\
+ENV6FQGCy1zwowlndvFTALQ+4LSCNtZnwVtSecgKVPAO/WkLMk2OdLB6UITT1wPN\
+iP2qzm2uFWetO/MzN6paOiS2DqXFp4r7KZTSNOl3CTn8MufKGPqA0ajJJDLSX0/K\
+DmC1Sw6ndBerUuRDSaDeEq2I8HMCAwEAAaOCBGkwggRlMA4GA1UdDwEB/wQEAwIF\
+oDBJBgNVHSAEQjBAMD4GBmeBDAECAjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3\
+dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzCCAq4GA1UdEQSCAqUwggKhgg8q\
+Lndpa2lwZWRpYS5vcmeCDyoubWVkaWF3aWtpLm9yZ4IPKi53aWtpYm9va3Mub3Jn\
+gg4qLndpa2lkYXRhLm9yZ4IPKi53aWtpbWVkaWEub3JnghkqLndpa2ltZWRpYWZv\
+dW5kYXRpb24ub3Jngg4qLndpa2luZXdzLm9yZ4IPKi53aWtpcXVvdGUub3JnghAq\
+Lndpa2lzb3VyY2Uub3JnghEqLndpa2l2ZXJzaXR5Lm9yZ4IQKi53aWtpdm95YWdl\
+Lm9yZ4IQKi53aWt0aW9uYXJ5Lm9yZ4IRKi5tLm1lZGlhd2lraS5vcmeCESoubS53\
+aWtpcGVkaWEub3JnghEqLm0ud2lraWJvb2tzLm9yZ4IQKi5tLndpa2lkYXRhLm9y\
+Z4IRKi5tLndpa2ltZWRpYS5vcmeCGyoubS53aWtpbWVkaWFmb3VuZGF0aW9uLm9y\
+Z4IQKi5tLndpa2luZXdzLm9yZ4IRKi5tLndpa2lxdW90ZS5vcmeCEioubS53aWtp\
+c291cmNlLm9yZ4ITKi5tLndpa2l2ZXJzaXR5Lm9yZ4ISKi5tLndpa2l2b3lhZ2Uu\
+b3JnghIqLm0ud2lrdGlvbmFyeS5vcmeCFCouemVyby53aWtpcGVkaWEub3Jngg1t\
+ZWRpYXdpa2kub3Jngg13aWtpYm9va3Mub3Jnggx3aWtpZGF0YS5vcmeCDXdpa2lt\
+ZWRpYS5vcmeCF3dpa2ltZWRpYWZvdW5kYXRpb24ub3Jnggx3aWtpbmV3cy5vcmeC\
+DXdpa2lxdW90ZS5vcmeCDndpa2lzb3VyY2Uub3Jngg93aWtpdmVyc2l0eS5vcmeC\
+Dndpa2l2b3lhZ2Uub3Jngg53aWt0aW9uYXJ5Lm9yZ4INd2lraXBlZGlhLm9yZzAJ\
+BgNVHRMEAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBJBgNVHR8E\
+QjBAMD6gPKA6hjhodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2dzL2dzb3JnYW5p\
+emF0aW9udmFsc2hhMmcyLmNybDCBoAYIKwYBBQUHAQEEgZMwgZAwTQYIKwYBBQUH\
+MAKGQWh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzb3JnYW5p\
+emF0aW9udmFsc2hhMmcycjEuY3J0MD8GCCsGAQUFBzABhjNodHRwOi8vb2NzcDIu\
+Z2xvYmFsc2lnbi5jb20vZ3Nvcmdhbml6YXRpb252YWxzaGEyZzIwHQYDVR0OBBYE\
+FPijzqMJdm7bqDx4SGOcGUzAx0qdMB8GA1UdIwQYMBaAFJbeYfG9HBYpUxzAzH07\
+gwBA5hp8MA0GCSqGSIb3DQEBCwUAA4IBAQC45+nGVISGOZctc9mxhil3EDmlBIzY\
+5mQJ+APT5oUGthZfe6v9lP7yRLIEhHMDl72Jrnzzx3ksUnAqJTOcsnuzQvZq45pn\
+gOk/sO6ilkOun/u5QBigxne1/P4g2SYkISqRqA0Z9FloEd6odDb6dbIHhhz270rH\
+3pjewMLq6OA09eklPav4f3NiBL/VcqG53TRTJW6eHxZuEsGAgBmwk6jKf8e+BjmZ\
+4V9POUs5kH7d1OJs9d5Fv9y3t/Yt1pGaHyK/DTUbYVhMyn0EaLxd3FLJ9ABKpQJ+\
+OUcTfe55U2Ox1H/87b6Ca04DDl3u2i87jPbhgshWSNwU8+llHCst0sbG",
+
+"MIIEaTCCA1GgAwIBAgILBAAAAAABRE7wQkcwDQYJKoZIhvcNAQELBQAwVzELMAkG\
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAw\
+MDBaFw0yNDAyMjAxMDAwMDBaMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\
+YWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBW\
+YWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB\
+DwAwggEKAoIBAQDHDmw/I5N/zHClnSDDDlM/fsBOwphJykfVI+8DNIV0yKMCLkZc\
+C33JiJ1Pi/D4nGyMVTXbv/Kz6vvjVudKRtkTIso21ZvBqOOWQ5PyDLzm+ebomchj\
+SHh/VzZpGhkdWtHUfcKc1H/hgBKueuqI6lfYygoKOhJJomIZeg0k9zfrtHOSewUj\
+mxK1zusp36QUArkBpdSmnENkiN74fv7j9R7l/tyjqORmMdlMJekYuYlZCa7pnRxt\
+Nw9KHjUgKOKv1CGLAcRFrW4rY6uSa2EKTSDtc7p8zv4WtdufgPDWi2zZCHlKT3hl\
+2pK8vjX5s8T5J4BO/5ZS5gIg4Qdz6V0rvbLxAgMBAAGjggElMIIBITAOBgNVHQ8B\
+Af8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUlt5h8b0cFilT\
+HMDMfTuDAEDmGnwwRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0\
+dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDMGA1UdHwQsMCow\
+KKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQvcm9vdC5jcmwwPQYIKwYB\
+BQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNv\
+bS9yb290cjEwHwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZI\
+hvcNAQELBQADggEBAEYq7l69rgFgNzERhnF0tkZJyBAW/i9iIxerH4f4gu3K3w4s\
+32R1juUYcqeMOovJrKV3UPfvnqTgoI8UV6MqX+x+bRDmuo2wCId2Dkyy2VG7EQLy\
+XN0cvfNVlg/UBsD84iOKJHDTu/B5GqdhcIOKrwbFINihY9Bsrk8y1658GEV1BSl3\
+30JAZGSGvip2CTFvHST0mdCF/vIhCPnG9vHQWe3WVjwIKANnuvD58ZAWR65n5ryA\
+SOlCdjSXVWkkDoPWoC209fN5ikkodBpBocLTJIg1MGCUF7ThBCIxPTsvFwayuJ2G\
+K1pp74P1S8SqtCr4fKGxhZSM9AyHDPSsQPhZSZg=",
+
+"MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG\
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw\
+MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\
+YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT\
+aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ\
+jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp\
+xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp\
+1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG\
+snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ\
+U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8\
+9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E\
+BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B\
+AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz\
+yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE\
+38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP\
+AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad\
+DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME\
+HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A=="};
+
+ Certs::ocsp_response_t resp = check_ocsp_chain_ (chain);
+ LogDebug("Certs_::check_ocsp_chain_ response : " << (int) resp);
+ BOOST_REQUIRE(resp == Certs::ocsp_response_t::OCSP_CHECK_AGAIN);
+}
+
+BOOST_AUTO_TEST_CASE(Certs_OCSP_negative_1) {
+ // Broken chain of certificates
+
+ //*.wikipedia.com:
+ chain_t chain = {
+ "MIIH1jCCBr6gAwIBAgISESGXLjKl5bLinUct/tty1iduMA0GCSqGSIb3DQEBCwUA\
+MGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYD\
+VQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hB\
+MjU2IC0gRzIwHhcNMTQxMjE2MjEyNDAzWhcNMTcwMjE5MTIwMDAwWjB5MQswCQYD\
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5j\
+aXNjbzEjMCEGA1UEChMaV2lraW1lZGlhIEZvdW5kYXRpb24sIEluYy4xGDAWBgNV\
+BAMMDyoud2lraXBlZGlhLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\
+ggEBAMH1s5FRkOrf7p3fQNqqKbre0J/7w3isYDt/tRZw4bHm7mI73Y5335iwulvr\
+Bmsq93RSMHizLx8J0RdkKcfitWS/o0kIKP1wehDzHOerH6s1e7Z3j/uI6mMzDZMs\
+EWDnPA21kwqtXEIwYEAj+tRU832j3CeJ3pMCE75uE+lnN0hVJIXd2c0/hnPRAWTV\
+ENV6FQGCy1zwowlndvFTALQ+4LSCNtZnwVtSecgKVPAO/WkLMk2OdLB6UITT1wPN\
+iP2qzm2uFWetO/MzN6paOiS2DqXFp4r7KZTSNOl3CTn8MufKGPqA0ajJJDLSX0/K\
+DmC1Sw6ndBerUuRDSaDeEq2I8HMCAwEAAaOCBGkwggRlMA4GA1UdDwEB/wQEAwIF\
+oDBJBgNVHSAEQjBAMD4GBmeBDAECAjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3\
+dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzCCAq4GA1UdEQSCAqUwggKhgg8q\
+Lndpa2lwZWRpYS5vcmeCDyoubWVkaWF3aWtpLm9yZ4IPKi53aWtpYm9va3Mub3Jn\
+gg4qLndpa2lkYXRhLm9yZ4IPKi53aWtpbWVkaWEub3JnghkqLndpa2ltZWRpYWZv\
+dW5kYXRpb24ub3Jngg4qLndpa2luZXdzLm9yZ4IPKi53aWtpcXVvdGUub3JnghAq\
+Lndpa2lzb3VyY2Uub3JnghEqLndpa2l2ZXJzaXR5Lm9yZ4IQKi53aWtpdm95YWdl\
+Lm9yZ4IQKi53aWt0aW9uYXJ5Lm9yZ4IRKi5tLm1lZGlhd2lraS5vcmeCESoubS53\
+aWtpcGVkaWEub3JnghEqLm0ud2lraWJvb2tzLm9yZ4IQKi5tLndpa2lkYXRhLm9y\
+Z4IRKi5tLndpa2ltZWRpYS5vcmeCGyoubS53aWtpbWVkaWFmb3VuZGF0aW9uLm9y\
+Z4IQKi5tLndpa2luZXdzLm9yZ4IRKi5tLndpa2lxdW90ZS5vcmeCEioubS53aWtp\
+c291cmNlLm9yZ4ITKi5tLndpa2l2ZXJzaXR5Lm9yZ4ISKi5tLndpa2l2b3lhZ2Uu\
+b3JnghIqLm0ud2lrdGlvbmFyeS5vcmeCFCouemVyby53aWtpcGVkaWEub3Jngg1t\
+ZWRpYXdpa2kub3Jngg13aWtpYm9va3Mub3Jnggx3aWtpZGF0YS5vcmeCDXdpa2lt\
+ZWRpYS5vcmeCF3dpa2ltZWRpYWZvdW5kYXRpb24ub3Jnggx3aWtpbmV3cy5vcmeC\
+DXdpa2lxdW90ZS5vcmeCDndpa2lzb3VyY2Uub3Jngg93aWtpdmVyc2l0eS5vcmeC\
+Dndpa2l2b3lhZ2Uub3Jngg53aWt0aW9uYXJ5Lm9yZ4INd2lraXBlZGlhLm9yZzAJ\
+BgNVHRMEAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBJBgNVHR8E\
+QjBAMD6gPKA6hjhodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2dzL2dzb3JnYW5p\
+emF0aW9udmFsc2hhMmcyLmNybDCBoAYIKwYBBQUHAQEEgZMwgZAwTQYIKwYBBQUH\
+MAKGQWh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzb3JnYW5p\
+emF0aW9udmFsc2hhMmcycjEuY3J0MD8GCCsGAQUFBzABhjNodHRwOi8vb2NzcDIu\
+Z2xvYmFsc2lnbi5jb20vZ3Nvcmdhbml6YXRpb252YWxzaGEyZzIwHQYDVR0OBBYE\
+FPijzqMJdm7bqDx4SGOcGUzAx0qdMB8GA1UdIwQYMBaAFJbeYfG9HBYpUxzAzH07\
+gwBA5hp8MA0GCSqGSIb3DQEBCwUAA4IBAQC45+nGVISGOZctc9mxhil3EDmlBIzY\
+5mQJ+APT5oUGthZfe6v9lP7yRLIEhHMDl72Jrnzzx3ksUnAqJTOcsnuzQvZq45pn\
+gOk/sO6ilkOun/u5QBigxne1/P4g2SYkISqRqA0Z9FloEd6odDb6dbIHhhz270rH\
+3pjewMLq6OA09eklPav4f3NiBL/VcqG53TRTJW6eHxZuEsGAgBmwk6jKf8e+BjmZ\
+4V9POUs5kH7d1OJs9d5Fv9y3t/Yt1pGaHyK/DTUbYVhMyn0EaLxd3FLJ9ABKpQJ+\
+OUcTfe55U2Ox1H/87b6Ca04DDl3u2i87jPbhgshWSNwU8+llHCst0sbG"};
+
+ Certs::ocsp_response_t resp = check_ocsp_chain_ (chain);
+ LogDebug("Certs_::check_ocsp_chain_ response : " << (int) resp);
+ BOOST_REQUIRE(resp == Certs::ocsp_response_t::OCSP_CERT_ERROR);
+}
+
+BOOST_AUTO_TEST_CASE(Certs_OCSP_negative_2) {
+ // Last Certificate is corrupted
+
+ chain_t chain = {
+ "MIIH1jCCBr6gAwIBAgISESGXLjKl5bLinUct/tty1iduMA0GCSqGSIb3DQEBCwUA\
+MGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYD\
+VQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hB\
+MjU2IC0gRzIwHhcNMTQxMjE2MjEyNDAzWhcNMTcwMjE5MTIwMDAwWjB5MQswCQYD\
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5j\
+aXNjbzEjMCEGA1UEChMaV2lraW1lZGlhIEZvdW5kYXRpb24sIEluYy4xGDAWBgNV\
+BAMMDyoud2lraXBlZGlhLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\
+ggEBAMH1s5FRkOrf7p3fQNqqKbre0J/7w3isYDt/tRZw4bHm7mI73Y5335iwulvr\
+Bmsq93RSMHizLx8J0RdkKcfitWS/o0kIKP1wehDzHOerH6s1e7Z3j/uI6mMzDZMs\
+EWDnPA21kwqtXEIwYEAj+tRU832j3CeJ3pMCE75uE+lnN0hVJIXd2c0/hnPRAWTV\
+ENV6FQGCy1zwowlndvFTALQ+4LSCNtZnwVtSecgKVPAO/WkLMk2OdLB6UITT1wPN\
+iP2qzm2uFWetO/MzN6paOiS2DqXFp4r7KZTSNOl3CTn8MufKGPqA0ajJJDLSX0/K\
+DmC1Sw6ndBerUuRDSaDeEq2I8HMCAwEAAaOCBGkwggRlMA4GA1UdDwEB/wQEAwIF\
+oDBJBgNVHSAEQjBAMD4GBmeBDAECAjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3\
+dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzCCAq4GA1UdEQSCAqUwggKhgg8q\
+Lndpa2lwZWRpYS5vcmeCDyoubWVkaWF3aWtpLm9yZ4IPKi53aWtpYm9va3Mub3Jn\
+gg4qLndpa2lkYXRhLm9yZ4IPKi53aWtpbWVkaWEub3JnghkqLndpa2ltZWRpYWZv\
+dW5kYXRpb24ub3Jngg4qLndpa2luZXdzLm9yZ4IPKi53aWtpcXVvdGUub3JnghAq\
+Lndpa2lzb3VyY2Uub3JnghEqLndpa2l2ZXJzaXR5Lm9yZ4IQKi53aWtpdm95YWdl\
+Lm9yZ4IQKi53aWt0aW9uYXJ5Lm9yZ4IRKi5tLm1lZGlhd2lraS5vcmeCESoubS53\
+aWtpcGVkaWEub3JnghEqLm0ud2lraWJvb2tzLm9yZ4IQKi5tLndpa2lkYXRhLm9y\
+Z4IRKi5tLndpa2ltZWRpYS5vcmeCGyoubS53aWtpbWVkaWFmb3VuZGF0aW9uLm9y\
+Z4IQKi5tLndpa2luZXdzLm9yZ4IRKi5tLndpa2lxdW90ZS5vcmeCEioubS53aWtp\
+c291cmNlLm9yZ4ITKi5tLndpa2l2ZXJzaXR5Lm9yZ4ISKi5tLndpa2l2b3lhZ2Uu\
+b3JnghIqLm0ud2lrdGlvbmFyeS5vcmeCFCouemVyby53aWtpcGVkaWEub3Jngg1t\
+ZWRpYXdpa2kub3Jngg13aWtpYm9va3Mub3Jnggx3aWtpZGF0YS5vcmeCDXdpa2lt\
+ZWRpYS5vcmeCF3dpa2ltZWRpYWZvdW5kYXRpb24ub3Jnggx3aWtpbmV3cy5vcmeC\
+DXdpa2lxdW90ZS5vcmeCDndpa2lzb3VyY2Uub3Jngg93aWtpdmVyc2l0eS5vcmeC\
+Dndpa2l2b3lhZ2Uub3Jngg53aWt0aW9uYXJ5Lm9yZ4INd2lraXBlZGlhLm9yZzAJ\
+BgNVHRMEAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBJBgNVHR8E\
+QjBAMD6gPKA6hjhodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2dzL2dzb3JnYW5p\
+emF0aW9udmFsc2hhMmcyLmNybDCBoAYIKwYBBQUHAQEEgZMwgZAwTQYIKwYBBQUH\
+MAKGQWh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzb3JnYW5p\
+emF0aW9udmFsc2hhMmcycjEuY3J0MD8GCCsGAQUFBzABhjNodHRwOi8vb2NzcDIu\
+Z2xvYmFsc2lnbi5jb20vZ3Nvcmdhbml6YXRpb252YWxzaGEyZzIwHQYDVR0OBBYE\
+FPijzqMJdm7bqDx4SGOcGUzAx0qdMB8GA1UdIwQYMBaAFJbeYfG9HBYpUxzAzH07\
+gwBA5hp8MA0GCSqGSIb3DQEBCwUAA4IBAQC45+nGVISGOZctc9mxhil3EDmlBIzY\
+5mQJ+APT5oUGthZfe6v9lP7yRLIEhHMDl72Jrnzzx3ksUnAqJTOcsnuzQvZq45pn\
+gOk/sO6ilkOun/u5QBigxne1/P4g2SYkISqRqA0Z9FloEd6odDb6dbIHhhz270rH\
+3pjewMLq6OA09eklPav4f3NiBL/VcqG53TRTJW6eHxZuEsGAgBmwk6jKf8e+BjmZ\
+4V9POUs5kH7d1OJs9d5Fv9y3t/Yt1pGaHyK/DTUbYVhMyn0EaLxd3FLJ9ABKpQJ+\
+OUcTfe55U2Ox1H/87b6Ca04DDl3u2i87jPbhgshWSNwU8+llHCst0sbG",
+
+"MIIEaTCCA1GgAwIBAgILBAAAAAABRE7wQkcwDQYJKoZIhvcNAQELBQAwVzELMAkG\
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAw\
+MDBaFw0yNDAyMjAxMDAwMDBaMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\
+YWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBW\
+YWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB\
+DwAwggEKAoIBAQDHDmw/I5N/zHClnSDDDlM/fsBOwphJykfVI+8DNIV0yKMCLkZc\
+C33JiJ1Pi/D4nGyMVTXbv/Kz6vvjVudKRtkTIso21ZvBqOOWQ5PyDLzm+ebomchj\
+SHh/VzZpGhkdWtHUfcKc1H/hgBKueuqI6lfYygoKOhJJomIZeg0k9zfrtHOSewUj\
+mxK1zusp36QUArkBpdSmnENkiN74fv7j9R7l/tyjqORmMdlMJekYuYlZCa7pnRxt\
+Nw9KHjUgKOKv1CGLAcRFrW4rY6uSa2EKTSDtc7p8zv4WtdufgPDWi2zZCHlKT3hl\
+2pK8vjX5s8T5J4BO/5ZS5gIg4Qdz6V0rvbLxAgMBAAGjggElMIIBITAOBgNVHQ8B\
+Af8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUlt5h8b0cFilT\
+HMDMfTuDAEDmGnwwRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0\
+dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDMGA1UdHwQsMCow\
+KKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQvcm9vdC5jcmwwPQYIKwYB\
+BQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNv\
+bS9yb290cjEwHwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZI\
+hvcNAQELBQADggEBAEYq7l69rgFgNzERhnF0tkZJyBAW/i9iIxerH4f4gu3K3w4s\
+32R1juUYcqeMOovJrKV3UPfvnqTgoI8UV6MqX+x+bRDmuo2wCId2Dkyy2VG7EQLy\
+XN0cvfNVlg/UBsD84iOKJHDTu/B5GqdhcIOKrwbFINihY9Bsrk8y1658GEV1BSl3\
+30JAZGSGvip2CTFvHST0mdCF/vIhCPnG9vHQWe3WVjwIKANnuvD58ZAWR65n5ryA\
+SOlCdjSXVWkkDoPWoC209fN5ikkodBpBocLTJIg1MGCUF7ThBCIxPTsvFwayuJ2G\
+K1pp74P1S8SqtCr4fKGxhZSM9AyHDPSsQPhZSZg=",
+
+"MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG\
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw\
+MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\
+YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT\
+aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ\
+jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp\
+xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp\
+1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG\
+snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ\
+U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8\
+9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E\
+BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B\
+AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz\
+yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE\
+38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP\
+AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad\
+DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME\
+HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4"};
+
+ Certs::ocsp_response_t resp = check_ocsp_chain_ (chain);
+ LogDebug("Certs_::check_ocsp_chain_ response : " << (int) resp);
+ BOOST_REQUIRE(resp == Certs::ocsp_response_t::OCSP_CERT_ERROR);
+}
+
+BOOST_AUTO_TEST_CASE(Certs_OCSP_positive_1) {
+
+ chain_t chain = {
+ // MBANK, signed by SYMANTEC, expires 04 Feb 2016
+ "MIIGXDCCBUSgAwIBAgIQKJK70TuBw91HAA0BqZSPETANBgkqhkiG9w0BAQsFADB3\
+MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd\
+BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVj\
+IENsYXNzIDMgRVYgU1NMIENBIC0gRzMwHhcNMTUwMTE1MDAwMDAwWhcNMTYwMjA0\
+MjM1OTU5WjCB5zETMBEGCysGAQQBgjc8AgEDEwJQTDEdMBsGA1UEDxMUUHJpdmF0\
+ZSBPcmdhbml6YXRpb24xEzARBgNVBAUTCjAwMDAwMjUyMzcxCzAJBgNVBAYTAlBM\
+MQ8wDQYDVQQRDAYwMC05NTAxFDASBgNVBAgMC21hem93aWVja2llMREwDwYDVQQH\
+DAhXYXJzemF3YTEWMBQGA1UECQwNU2VuYXRvcnNrYSAxODETMBEGA1UECgwKbUJh\
+bmsgUy5BLjEOMAwGA1UECwwFbUJhbmsxGDAWBgNVBAMMD29ubGluZS5tYmFuay5w\
+bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALsoKHBnIkP1AoHBKPYm\
+JkCOgvwFeKgrLGDjpte9eVljMGYPkpWv2GtwV2lKAy47fCOOtBGfVR7qp3C3kR06\
+Eep7tKm0C9/X75wTIAu2ulfdooX89JZ2UfMyBs8q0eyGPbBz42g5FQx3cey+OUjU\
+aadDwfxfn9UKFABrq/wowkYLIpFejQePmztdNepinOVcbZ4NVrsMCkxHnyYXR+Kh\
+Tn/UEpX8FEBx9Ra96AbeXY7f6IpPf8IwoAF3lp00R0nigCfuhWF/GrX0+GX8f/vV\
+dtnNozuBN59tWPmpcTUmpSbDJFMCJbEYwX+cKo8Kq38qOp/c2y7x/Cphuv0hapGp\
+Q78CAwEAAaOCAnEwggJtMBoGA1UdEQQTMBGCD29ubGluZS5tYmFuay5wbDAJBgNV\
+HRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\
+BQUHAwIwZgYDVR0gBF8wXTBbBgtghkgBhvhFAQcXBjBMMCMGCCsGAQUFBwIBFhdo\
+dHRwczovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZGhdodHRwczovL2Qu\
+c3ltY2IuY29tL3JwYTAfBgNVHSMEGDAWgBQBWavn3ToLWaZkY9bPIAdX1ZHnajAr\
+BgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3Iuc3ltY2IuY29tL3NyLmNybDBXBggr\
+BgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zci5zeW1jZC5jb20wJgYI\
+KwYBBQUHMAKGGmh0dHA6Ly9zci5zeW1jYi5jb20vc3IuY3J0MIIBBAYKKwYBBAHW\
+eQIEAgSB9QSB8gDwAHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAA\
+AAFK7fScbAAABAMARzBFAiEAuFUfNYF/LMBuKewPE8xTrmye39LyNfBh5roPCaVq\
+ReQCIEOB7ktB3xu7yd/pHuXSWdXzZpOmVQiMChsoE46TIBryAHYAVhQGmi/XwuzT\
+9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFK7fSemAAABAMARzBFAiAaixUME3mn\
+rmzLb8WpwEfV60cXQ1945LWlLxCL5VVR6wIhAMBCNzFiOMtnLu0oBWHo1RrJxMnf\
+LbWvlnrdF7yloeAjMA0GCSqGSIb3DQEBCwUAA4IBAQCIvFY/1sEmBKEMlwpJCvHD\
+U0yx67QDsiJ0Fo4MZmgOUZ1AH/gSKUUy7j6RnQ/e9v5DlKKlWZpUpr5KqaXcOOWq\
+vSeuWoKVCnjdsVyYJm1zW7Py3Khrkbef53gZjSR+X5gGlRC/WeeDwUxoCm/nJ4S0\
+SReh+urkTFGUdSPCsD4mQk3zI1wNhE7Amb2mUTIaSLzabnN89hn9jlvQwLH2Wkf2\
+aFmUlsB1C6YFMqVPRfHuxyPUb2zjw+ll7UStQxuSSTpwBmW1g/dIhtle9+o8i3z2\
+WJAT38TP3mPw8SUWLbgGyih6bsB6eBxFEM5awP60XXjZfVAmoVLlj9oWYNQrZLwk",
+
+ // SYMANTEC, signed by VERISIGN, expires 30 Oct 2023
+ "MIIFKzCCBBOgAwIBAgIQfuFKb2/v8tN/P61lTTratDANBgkqhkiG9w0BAQsFADCB\
+yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\
+ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\
+U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\
+ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\
+aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB3MQsw\
+CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV\
+BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxKDAmBgNVBAMTH1N5bWFudGVjIENs\
+YXNzIDMgRVYgU1NMIENBIC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\
+AoIBAQDYoWV0I+grZOIy1zM3PY71NBZI3U9/hxz4RCMTjvsR2ERaGHGOYBYmkpv9\
+FwvhcXBC/r/6HMCqo6e1cej/GIP23xAKE2LIPZyn3i4/DNkd5y77Ks7Imn+Hv9hM\
+BBUyydHMlXGgTihPhNk1++OGb5RT5nKKY2cuvmn2926OnGAE6yn6xEdC0niY4+wL\
+pZLct5q9gGQrOHw4CVtm9i2VeoayNC6FnpAOX7ddpFFyRnATv2fytqdNFB5suVPu\
+IxpOjUhVQ0GxiXVqQCjFfd3SbtICGS97JJRL6/EaqZvjI5rq+jOrCiy39GAI3Z8c\
+zd0tAWaAr7MvKR0juIrhoXAHDDQPAgMBAAGjggFdMIIBWTAvBggrBgEFBQcBAQQj\
+MCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wEgYDVR0TAQH/BAgw\
+BgEB/wIBADBlBgNVHSAEXjBcMFoGBFUdIAAwUjAmBggrBgEFBQcCARYaaHR0cDov\
+L3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYIKwYBBQUHAgIwHBoaaHR0cDovL3d3dy5z\
+eW1hdXRoLmNvbS9ycGEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3MxLnN5bWNi\
+LmNvbS9wY2EzLWc1LmNybDAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0RBCIwIKQeMBwx\
+GjAYBgNVBAMTEVN5bWFudGVjUEtJLTEtNTMzMB0GA1UdDgQWBBQBWavn3ToLWaZk\
+Y9bPIAdX1ZHnajAfBgNVHSMEGDAWgBR/02Wnwt3su/AwCfNDOfoCrzMxMzANBgkq\
+hkiG9w0BAQsFAAOCAQEAQgFVe9AWGl1Y6LubqE3X89frE5SG1n8hC0e8V5uSXU8F\
+nzikEHzPg74GQ0aNCLxq1xCm+quvL2GoY/Jl339MiBKIT7Np2f8nwAqXkY9W+4nE\
+qLuSLRtzsMarNvSWbCAI7woeZiRFT2cAQMgHVHQzO6atuyOfZu2iRHA0+w7qAf3P\
+eHTfp61Vt19N9tY/4IbOJMdCqRMURDVLtt/JYKwMf9mTIUvunORJApjTYHtcvNUw\
+LwfORELEC5n+5p/8sHiGUW3RLJ3GlvuFgrsEL/digO9i2n/2DqyQuFa9eT/ygG6j\
+2bkPXToHHZGThkspTOHcteHgM52zyzaRS/6htO7w+Q=="
+ };
+
+ Certs::ocsp_response_t resp = check_ocsp_chain_ (chain);
+ LogDebug("Certs_::check_ocsp_chain_ response : " << (int) resp);
+ BOOST_REQUIRE(resp == Certs::ocsp_response_t::OCSP_APP_OK);
+}
+
+BOOST_AUTO_TEST_CASE(find_app_signatures_1) {
+
+ // App1
+ app_t app1("app_id", "pkg_id", 101, {});
+ ocsp_urls_t ocsp_urls;
+ std::string path1 = std::string(TEST_APP_SIGNATURES_DIR) + std::string("/app1");
+
+ find_app_signatures (app1, path1, ocsp_urls);
+ BOOST_REQUIRE(app1.signatures.size() == 2);
+ // set signatures/certificates in defined oder;
+ sort(app1);
+
+ app_t origin1("app_id", "pkg_id", 101, {});
+ chain_t chain1 = {"MIIClDCCAf2gAwIBAgIGAT4hYbcpMA0GCSqGSIb3DQEBBQUAMIGEMQswCQYDVQQGEwJLUjEOMAwG\
+A1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSAwHgYD\
+VQQLDBdUaXplbiBEZXZlbG9wZXIgVGVzdCBDQTEbMBkGA1UEAwwSVGl6ZW4gRGV2ZWxvcGVyIENB\
+MB4XDTEzMDQxOTA4MjA1MloXDTQwMDkwNDA4MjA1MVowgZUxCzAJBgNVBAYTAlBMMREwDwYDVQQI\
+DAhNYXpvdmlhbjEPMA0GA1UEBwwGV2Fyc2F3MQ4wDAYDVQQKDAVTUlBPTDERMA8GA1UECwwIS1NG\
+L1dTU1AxJTAjBgkqhkiG9w0BCQEWFmoua296ZXJza2lAc2Ftc3VuZy5jb20xGDAWBgNVBAMMD0ph\
+bnVzeiBLb3plcnNraTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAs0REWSsOn/QyVDSjSTRE\
+0W+LacX4cifRYI16nQi8WJhCAymhOg4UVXUk31Iwta8lOnQvgoce8bR+/dbCzDBmnogq8KXWlEtn\
+Ma3X6Tvz5BZfNy4Zj44G/aK0tJvnBj28h2ZZe545BNNW4zKR4SvNie9uM8v1r16PZaaS0YxOXl0C\
+AwEAATANBgkqhkiG9w0BAQUFAAOBgQCGuwLCcQAAQz2Op83gTl0Pb+f7AinL8d3XGRC8dtFPqSrZ\
+wN3gEEIQxQeYLahEVPAsD1K9aWebbWm/sjpDERKW7hmYvGYz90Z+ocLKdork5XgQWqVGt7qi+pxZ\
+x6VDuNVxDrQtsX/hLf/YBhZJuzs/LSdlErUKQM8fdxvVzbld3w==",
+ "MIICpzCCAhCgAwIBAgIJAKzDjmEF+1OXMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJLUjEO\
+MAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSUw\
+IwYDVQQLDBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMSUwIwYDVQQDDBxUaXplbiBUZXN0\
+IERldmVsb3BlciBSb290IENBMB4XDTEyMTAyOTEzMDEyMloXDTIyMTAyNzEzMDEyMlowgYQxCzAJ\
+BgNVBAYTAktSMQ4wDAYDVQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVu\
+IFRlc3QgQ0ExIDAeBgNVBAsMF1RpemVuIERldmVsb3BlciBUZXN0IENBMRswGQYDVQQDDBJUaXpl\
+biBEZXZlbG9wZXIgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMyG0DSTHBgalQo1seDK\
+xpCU61gji+QQlxQkPQOvBrmuF6Z90zFCprTtg2sRjTLCNoRd75+VCCHuKGcrD27t7hwAekusPrpz\
+dsq5QoBMvNjGDM22lC45PJ4d86DEDY4erxeJ5aSQxqbfXK4pKe9NwxdkKuA8dTYZM1UcmhXs7YAL\
+AgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACbr/OPNMJ+Ejrxfm/YjC\
+iRPpjJLnwXS2IDtitbxot6bEdZkZvOFXOC0Ca4GT+jtvOcSlU7tM3Mdd1MrKe1kkoVd1vhCV8V4C\
+K3/DPj8aN3rxfMfQitA6XMDcxzhsyMWz56OdifX50dvS/G/ad+kGhNhOOEKSE8zUyEDCGwqkfXk="};
+
+ chain_t chain2 = {"MIICmzCCAgQCCQDXI7WLdVZwiTANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCS1IxDjAMBgNV\
+BAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UE\
+CwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEkMCIGA1UEAwwbVGl6ZW4gUHVibGljIERpc3Ry\
+aWJ1dG9yIENBMB4XDTEyMTAyOTEzMDMwNFoXDTIyMTAyNzEzMDMwNFowgZMxCzAJBgNVBAYTAktS\
+MQ4wDAYDVQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3QgQ0Ex\
+IjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0ExKDAmBgNVBAMMH1RpemVuIFB1Ymxp\
+YyBEaXN0cmlidXRvciBTaWduZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALtMvlc5hENK\
+90ZdA+y66+Sy0enD1gpZDBh5T9RP0oRsptJv5jjNTseQbQi0SZOdOXb6J7iQdlBCtR343RpIEz8H\
+mrBy7mSY7mgwoU4EPpp4CTSUeAuKcmvrNOngTp5Hv7Ngf02TTHOLK3hZLpGayaDviyNZB5PdqQdB\
+hokKjzAzAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvGp1gxxAIlFfhJH1efjb9BJK/rtRkbYn9+Ez\
+GEbEULg1svsgnyWisFimI3uFvgI/swzr1eKVY3Sc8MQ3+Fdy3EkbDZ2+WAubhcEkorTWjzWz2fL1\
+vKaYjeIsuEX6TVRUugHWudPzcEuQRLQf8ibZWjbQdBmpeQYBMg5x+xKLCJc=",
+ "MIICtDCCAh2gAwIBAgIJAMDbehElPNKvMA0GCSqGSIb3DQEBBQUAMIGVMQswCQYDVQQGEwJLUjEO\
+MAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSMw\
+IQYDVQQLDBpUVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEpMCcGA1UEAwwgVGl6ZW4gUHVibGlj\
+IERpc3RyaWJ1dG9yIFJvb3QgQ0EwHhcNMTIxMDI5MTMwMjUwWhcNMjIxMDI3MTMwMjUwWjCBjzEL\
+MAkGA1UEBhMCS1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6\
+ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEkMCIGA1UEAwwb\
+VGl6ZW4gUHVibGljIERpc3RyaWJ1dG9yIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDe\
+OTS/3nXvkDEmsFCJIvRlQ3RKDcxdWJJp625pFqHdmoJBdV+x6jl1raGK2Y1sp2Gdvpjc/z92yzAp\
+bE/UVLPh/tRNZPeGhzU4ejDDm7kzdr2f7Ia0U98K+OoY12ucwg7TYNItj9is7Cj4blGfuMDzd2ah\
+2AgnCGlwNwV/pv+uVQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACqJ\
+KO33YdoGudwanZIxMdXuxnnD9R6u72ltKk1S4zPfMJJv482CRGCI4FK6djhlsI4i0Lt1SVIJEed+\
+yc3qckGm19dW+4xdlkekon7pViEBWuyHw8OWv3RXtTum1+PGHjBJ2eYY4ZKIpz73U/1NC16sTB/0\
+VhfnkHwPltmrpYVe"};
+
+
+ origin1.signatures.push_back(chain1);
+ origin1.signatures.push_back(chain2);
+ // set signatures/certificates in defined oder;
+ sort(origin1);
+
+ LogDebug("APP1: " << app1.str() << ", CERTS: " << app1.str_certs());
+ LogDebug("ORIG: " << origin1.str() << ", CERTS: " << origin1.str_certs());
+
+ BOOST_REQUIRE(app1 == origin1);
+
+ // App_2
+ app_t app2("app_id", "pkg_id", 102, {});
+ std::string path2 = std::string(TEST_APP_SIGNATURES_DIR) + std::string("/app_2");
+
+ find_app_signatures (app2, path2, ocsp_urls);
+ BOOST_REQUIRE(app2.signatures.size() == 1);
+ // set signatures/certificates in defined oder;
+ sort(app2);
+
+
+ chain_t chain3 = {"MIICmzCCAgQCCQDXI7WLdVZwiTANBgkqhkiG9w0BAQUFADCBjzELMAkGA1UEBhMCS1IxDjAMBgNV\
+BAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UE\
+CwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEkMCIGA1UEAwwbVGl6ZW4gUHVibGljIERpc3Ry\
+aWJ1dG9yIENBMB4XDTEyMTAyOTEzMDMwNFoXDTIyMTAyNzEzMDMwNFowgZMxCzAJBgNVBAYTAktS\
+MQ4wDAYDVQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3QgQ0Ex\
+IjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0ExKDAmBgNVBAMMH1RpemVuIFB1Ymxp\
+YyBEaXN0cmlidXRvciBTaWduZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALtMvlc5hENK\
+90ZdA+y66+Sy0enD1gpZDBh5T9RP0oRsptJv5jjNTseQbQi0SZOdOXb6J7iQdlBCtR343RpIEz8H\
+mrBy7mSY7mgwoU4EPpp4CTSUeAuKcmvrNOngTp5Hv7Ngf02TTHOLK3hZLpGayaDviyNZB5PdqQdB\
+hokKjzAzAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvGp1gxxAIlFfhJH1efjb9BJK/rtRkbYn9+Ez\
+GEbEULg1svsgnyWisFimI3uFvgI/swzr1eKVY3Sc8MQ3+Fdy3EkbDZ2+WAubhcEkorTWjzWz2fL1\
+vKaYjeIsuEX6TVRUugHWudPzcEuQRLQf8ibZWjbQdBmpeQYBMg5x+xKLCJc=",
+ "MIICtDCCAh2gAwIBAgIJAMDbehElPNKvMA0GCSqGSIb3DQEBBQUAMIGVMQswCQYDVQQGEwJLUjEO\
+MAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENBMSMw\
+IQYDVQQLDBpUVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEpMCcGA1UEAwwgVGl6ZW4gUHVibGlj\
+IERpc3RyaWJ1dG9yIFJvb3QgQ0EwHhcNMTIxMDI5MTMwMjUwWhcNMjIxMDI3MTMwMjUwWjCBjzEL\
+MAkGA1UEBhMCS1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6\
+ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEkMCIGA1UEAwwb\
+VGl6ZW4gUHVibGljIERpc3RyaWJ1dG9yIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDe\
+OTS/3nXvkDEmsFCJIvRlQ3RKDcxdWJJp625pFqHdmoJBdV+x6jl1raGK2Y1sp2Gdvpjc/z92yzAp\
+bE/UVLPh/tRNZPeGhzU4ejDDm7kzdr2f7Ia0U98K+OoY12ucwg7TYNItj9is7Cj4blGfuMDzd2ah\
+2AgnCGlwNwV/pv+uVQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBACqJ\
+KO33YdoGudwanZIxMdXuxnnD9R6u72ltKk1S4zPfMJJv482CRGCI4FK6djhlsI4i0Lt1SVIJEed+\
+yc3qckGm19dW+4xdlkekon7pViEBWuyHw8OWv3RXtTum1+PGHjBJ2eYY4ZKIpz73U/1NC16sTB/0\
+VhfnkHwPltmrpYVe"};
+
+ app_t origin2("app_id", "pkg_id", 102, {});
+ origin2.signatures.push_back(chain3);
+
+ // set signatures/certificates in defined oder;
+ sort(origin2);
+
+ BOOST_REQUIRE(app2 == origin2);
+}
+
+BOOST_AUTO_TEST_SUITE_END()