diff options
Diffstat (limited to 'lib')
160 files changed, 3619 insertions, 1251 deletions
diff --git a/lib/asn1/krb5.asn1 b/lib/asn1/krb5.asn1 index 12986ea4e064..9183fc19a48c 100644 --- a/lib/asn1/krb5.asn1 +++ b/lib/asn1/krb5.asn1 @@ -355,7 +355,7 @@ KDCOptions ::= BIT STRING { allow-postdate(5), postdated(6), renewable(8), - constrained-delegation(14), -- ms extension (aka cname-in-addl-tkt) + cname-in-addl-tkt(14), -- ms extension canonicalize(15), request-anonymous(16), disable-transited-check(26), diff --git a/lib/gssapi/gen-oid.pl b/lib/gssapi/gen-oid.pl index a2341ad9816d..a2341ad9816d 100755..100644 --- a/lib/gssapi/gen-oid.pl +++ b/lib/gssapi/gen-oid.pl diff --git a/lib/gssapi/krb5/arcfour.c b/lib/gssapi/krb5/arcfour.c index 0aa2da0808bf..d88ec4cddc53 100644 --- a/lib/gssapi/krb5/arcfour.c +++ b/lib/gssapi/krb5/arcfour.c @@ -304,7 +304,7 @@ _gssapi_get_mic_arcfour(OM_uint32 * minor_status, EVP_Cipher(&rc4_key, p, p, 8); EVP_CIPHER_CTX_cleanup(&rc4_key); - memset(k6_data, 0, sizeof(k6_data)); + memset_s(k6_data, sizeof(k6_data), 0, sizeof(k6_data)); *minor_status = 0; return GSS_S_COMPLETE; @@ -389,7 +389,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, else cmp = memcmp(&SND_SEQ[4], "\x00\x00\x00\x00", 4); - memset(SND_SEQ, 0, sizeof(SND_SEQ)); + memset_s(SND_SEQ, sizeof(SND_SEQ), 0, sizeof(SND_SEQ)); if (cmp != 0) { *minor_status = 0; return GSS_S_BAD_MIC; @@ -516,7 +516,7 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status, ret = arcfour_mic_key(context, &Klocal, p0 + 8, 4, /* SND_SEQ */ k6_data, sizeof(k6_data)); - memset(Klocaldata, 0, sizeof(Klocaldata)); + memset_s(Klocaldata, sizeof(Klocaldata), 0, sizeof(Klocaldata)); if (ret) { _gsskrb5_release_buffer(minor_status, output_message_buffer); *minor_status = ret; @@ -550,7 +550,7 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status, EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); EVP_Cipher(&rc4_key, p0 + 8, p0 + 8 /* SND_SEQ */, 8); EVP_CIPHER_CTX_cleanup(&rc4_key); - memset(k6_data, 0, sizeof(k6_data)); + memset_s(k6_data, sizeof(k6_data), 0, sizeof(k6_data)); } if (conf_state) @@ -650,7 +650,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, EVP_CipherInit_ex(&rc4_key, EVP_rc4(), NULL, k6_data, NULL, 1); EVP_Cipher(&rc4_key, SND_SEQ, p0 + 8, 8); EVP_CIPHER_CTX_cleanup(&rc4_key); - memset(k6_data, 0, sizeof(k6_data)); + memset_s(k6_data, sizeof(k6_data), 0, sizeof(k6_data)); } _gsskrb5_decode_be_om_uint32(SND_SEQ, &seq_number); @@ -678,7 +678,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status, ret = arcfour_mic_key(context, &Klocal, SND_SEQ, 4, k6_data, sizeof(k6_data)); - memset(Klocaldata, 0, sizeof(Klocaldata)); + memset_s(Klocaldata, sizeof(Klocaldata), 0, sizeof(Klocaldata)); if (ret) { *minor_status = ret; return GSS_S_FAILURE; @@ -1069,7 +1069,7 @@ _gssapi_wrap_iov_arcfour(OM_uint32 *minor_status, kret = arcfour_mic_key(context, &Klocal, p0 + 8, 4, /* SND_SEQ */ k6_data, sizeof(k6_data)); - memset(Klocaldata, 0, sizeof(Klocaldata)); + memset_s(Klocaldata, sizeof(Klocaldata), 0, sizeof(Klocaldata)); if (kret) { *minor_status = kret; major_status = GSS_S_FAILURE; @@ -1300,7 +1300,7 @@ _gssapi_unwrap_iov_arcfour(OM_uint32 *minor_status, snd_seq, 4, k6_data, sizeof(k6_data)); - memset(Klocaldata, 0, sizeof(Klocaldata)); + memset_s(Klocaldata, sizeof(Klocaldata), 0, sizeof(Klocaldata)); if (kret) { *minor_status = kret; return GSS_S_FAILURE; diff --git a/lib/gssapi/krb5/get_mic.c b/lib/gssapi/krb5/get_mic.c index 643385d9e892..d9cf9d700737 100644 --- a/lib/gssapi/krb5/get_mic.c +++ b/lib/gssapi/krb5/get_mic.c @@ -121,8 +121,8 @@ mic_des ++seq_number); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); - memset (deskey, 0, sizeof(deskey)); - memset (&schedule, 0, sizeof(schedule)); + memset_s(deskey, sizeof(deskey), 0, sizeof(deskey)); + memset_s(&schedule, sizeof(schedule), 0, sizeof(schedule)); *minor_status = 0; return GSS_S_COMPLETE; diff --git a/lib/gssapi/krb5/verify_mic.c b/lib/gssapi/krb5/verify_mic.c index 9968ce403ef7..7070f3de46be 100644 --- a/lib/gssapi/krb5/verify_mic.c +++ b/lib/gssapi/krb5/verify_mic.c @@ -89,8 +89,8 @@ verify_mic_des DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash), &schedule, &zero); if (ct_memcmp (p - 8, hash, 8) != 0) { - memset (deskey, 0, sizeof(deskey)); - memset (&schedule, 0, sizeof(schedule)); + memset_s(deskey, sizeof(deskey), 0, sizeof(deskey)); + memset_s(&schedule, sizeof(schedule), 0, sizeof(schedule)); return GSS_S_BAD_MIC; } @@ -105,8 +105,8 @@ verify_mic_des EVP_Cipher(&des_ctx, p, p, 8); EVP_CIPHER_CTX_cleanup(&des_ctx); - memset (deskey, 0, sizeof(deskey)); - memset (&schedule, 0, sizeof(schedule)); + memset_s(deskey, sizeof(deskey), 0, sizeof(deskey)); + memset_s(&schedule, sizeof(schedule), 0, sizeof(schedule)); seq = p; _gsskrb5_decode_om_uint32(seq, &seq_number); diff --git a/lib/gssapi/ntlm/init_sec_context.c b/lib/gssapi/ntlm/init_sec_context.c index 5499a1b814e7..f3198d8a274d 100644 --- a/lib/gssapi/ntlm/init_sec_context.c +++ b/lib/gssapi/ntlm/init_sec_context.c @@ -72,11 +72,11 @@ from_file(const char *fn, const char *target_domain, heim_ntlm_nt_key(p, key); - memset(buf, 0, sizeof(buf)); + memset_s(buf, sizeof(buf), 0, sizeof(buf)); fclose(f); return 0; } - memset(buf, 0, sizeof(buf)); + memset_s(buf, sizeof(buf), 0, sizeof(buf)); fclose(f); return ENOENT; } @@ -466,7 +466,7 @@ _gss_ntlm_init_sec_context ret = heim_ntlm_build_ntlm1_master(ntlmv2, sizeof(ntlmv2), &sessionkey, &type3.sessionkey); - memset(ntlmv2, 0, sizeof(ntlmv2)); + memset_s(ntlmv2, sizeof(ntlmv2), 0, sizeof(ntlmv2)); if (ret) { _gss_ntlm_delete_sec_context(minor_status, context_handle, NULL); diff --git a/lib/hcrypto/evp-pkcs11.c b/lib/hcrypto/evp-pkcs11.c index 93af9b4564c0..325bb0afd104 100644 --- a/lib/hcrypto/evp-pkcs11.c +++ b/lib/hcrypto/evp-pkcs11.c @@ -60,7 +60,7 @@ #include <ref/pkcs11.h> #if __sun && !defined(PKCS11_MODULE_PATH) -# if _LP64 +# ifdef _LP64 # define PKCS11_MODULE_PATH "/usr/lib/64/libpkcs11.so" # else # define PKCS11_MODULE_PATH "/usr/lib/libpkcs11.so" @@ -87,7 +87,6 @@ p11_cleanup(EVP_CIPHER_CTX *ctx); struct pkcs11_cipher_ctx { CK_SESSION_HANDLE hSession; CK_OBJECT_HANDLE hSecret; - int cipher_init_done; }; struct pkcs11_md_ctx { @@ -95,12 +94,14 @@ struct pkcs11_md_ctx { }; static void *pkcs11_module_handle; -static void -p11_module_init_once(void *context) + +static CK_RV +p11_module_load(CK_FUNCTION_LIST_PTR_PTR ppFunctionList) { CK_RV rv; - CK_FUNCTION_LIST_PTR module; CK_RV (*C_GetFunctionList_fn)(CK_FUNCTION_LIST_PTR_PTR); + + *ppFunctionList = NULL; if (!issuid()) { char *pkcs11ModulePath = getenv("PKCS11_MODULE_PATH"); @@ -109,7 +110,7 @@ p11_module_init_once(void *context) dlopen(pkcs11ModulePath, RTLD_LAZY | RTLD_LOCAL | RTLD_GROUP | RTLD_NODELETE); if (pkcs11_module_handle == NULL) - fprintf(stderr, "p11_module_init(%s): %s\n", pkcs11ModulePath, dlerror()); + fprintf(stderr, "p11_module_load(%s): %s\n", pkcs11ModulePath, dlerror()); } } #ifdef PKCS11_MODULE_PATH @@ -118,47 +119,63 @@ p11_module_init_once(void *context) dlopen(PKCS11_MODULE_PATH, RTLD_LAZY | RTLD_LOCAL | RTLD_GROUP | RTLD_NODELETE); if (pkcs11_module_handle == NULL) - fprintf(stderr, "p11_module_init(%s): %s\n", PKCS11_MODULE_PATH, dlerror()); + fprintf(stderr, "p11_module_load(%s): %s\n", PKCS11_MODULE_PATH, dlerror()); } #endif if (pkcs11_module_handle == NULL) - goto cleanup; + return CKR_LIBRARY_LOAD_FAILED; C_GetFunctionList_fn = (CK_RV (*)(CK_FUNCTION_LIST_PTR_PTR)) dlsym(pkcs11_module_handle, "C_GetFunctionList"); - if (C_GetFunctionList_fn == NULL) - goto cleanup; + if (C_GetFunctionList_fn == NULL) { + dlclose(pkcs11_module_handle); + return CKR_LIBRARY_LOAD_FAILED; + } - rv = C_GetFunctionList_fn(&module); - if (rv != CKR_OK) - goto cleanup; + rv = C_GetFunctionList_fn(ppFunctionList); + if (rv != CKR_OK) { + dlclose(pkcs11_module_handle); + return rv; + } - rv = module->C_Initialize(NULL); - if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED) - rv = CKR_OK; - if (rv == CKR_OK) - *((CK_FUNCTION_LIST_PTR_PTR)context) = module; + return CKR_OK; +} -cleanup: - if (pkcs11_module_handle != NULL && p11_module == NULL) { - dlclose(pkcs11_module_handle); - pkcs11_module_handle = NULL; - } - /* else leak pkcs11_module_handle */ +static void +p11_module_load_once(void *context) +{ + p11_module_load((CK_FUNCTION_LIST_PTR_PTR)context); } static CK_RV p11_module_init(void) { - static heim_base_once_t init_module = HEIM_BASE_ONCE_INIT; + static heim_base_once_t once = HEIM_BASE_ONCE_INIT; + CK_RV rv; - heim_base_once_f(&init_module, &p11_module, p11_module_init_once); + heim_base_once_f(&once, &p11_module, p11_module_load_once); - return p11_module != NULL ? CKR_OK : CKR_LIBRARY_LOAD_FAILED; + if (p11_module == NULL) + return CKR_LIBRARY_LOAD_FAILED; + + /* + * Call C_Initialize() on every call, because it will be invalid after fork(). + * Caching the initialization status using a once control and invalidating it + * on fork provided no measurable performance benefit on Solaris 11. Other + * approaches would not be thread-safe or would involve more intrusive code + * changes, such as exposing heimbase's atomics. + */ + rv = p11_module->C_Initialize(NULL); + if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED) + rv = CKR_OK; + + return rv; } static CK_RV -p11_session_init(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE_PTR phSession) +p11_session_init(CK_MECHANISM_TYPE mechanismType, + CK_SESSION_HANDLE_PTR phSession, + CK_FLAGS *pFlags) { CK_RV rv; CK_ULONG i, ulSlotCount = 0; @@ -168,6 +185,8 @@ p11_session_init(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE_PTR phSessio if (phSession != NULL) *phSession = CK_INVALID_HANDLE; + *pFlags = 0; + rv = p11_module_init(); if (rv != CKR_OK) goto cleanup; @@ -198,8 +217,10 @@ p11_session_init(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE_PTR phSessio */ for (i = 0; i < ulSlotCount; i++) { rv = p11_module->C_GetMechanismInfo(pSlotList[i], mechanismType, &info); - if (rv == CKR_OK) - break; + if (rv == CKR_OK) { + *pFlags = info.flags; + break; + } } if (i == ulSlotCount) { @@ -220,9 +241,16 @@ cleanup: } static int -p11_mech_available_p(CK_MECHANISM_TYPE mechanismType) +p11_mech_available_p(CK_MECHANISM_TYPE mechanismType, CK_FLAGS reqFlags) { - return p11_session_init(mechanismType, NULL) == CKR_OK; + CK_RV rv; + CK_FLAGS flags; + + rv = p11_session_init(mechanismType, NULL, &flags); + if (rv != CKR_OK) + return 0; + + return (flags & reqFlags) == reqFlags; } static CK_KEY_TYPE @@ -281,20 +309,49 @@ p11_key_init(EVP_CIPHER_CTX *ctx, { CKA_VALUE, (void *)key, ctx->key_len }, { op, &bTrue, sizeof(bTrue) } }; + CK_MECHANISM mechanism = { + mechanismType, + ctx->cipher->iv_len ? ctx->iv : NULL, + ctx->cipher->iv_len + }; struct pkcs11_cipher_ctx *p11ctx = (struct pkcs11_cipher_ctx *)ctx->cipher_data; - p11ctx->cipher_init_done = 0; + CK_FLAGS flags; - rv = p11_session_init(mechanismType, &p11ctx->hSession); - if (rv != CKR_OK) - goto cleanup; + rv = CKR_OK; - assert(p11_module != NULL); + if (p11ctx->hSession != CK_INVALID_HANDLE && key != NULL) + p11_cleanup(ctx); /* refresh session with new key */ - rv = p11_module->C_CreateObject(p11ctx->hSession, attributes, - sizeof(attributes) / sizeof(attributes[0]), - &p11ctx->hSecret); - if (rv != CKR_OK) - goto cleanup; + if (p11ctx->hSession == CK_INVALID_HANDLE) { + rv = p11_session_init(mechanismType, &p11ctx->hSession, &flags); + if (rv != CKR_OK) + goto cleanup; + + if ((flags & (CKF_ENCRYPT|CKF_DECRYPT)) != (CKF_ENCRYPT|CKF_DECRYPT)) { + rv = CKR_MECHANISM_INVALID; + goto cleanup; + } + } + + if (key != NULL) { + assert(p11_module != NULL); + assert(p11ctx->hSecret == CK_INVALID_HANDLE); + + rv = p11_module->C_CreateObject(p11ctx->hSession, attributes, + sizeof(attributes) / sizeof(attributes[0]), + &p11ctx->hSecret); + if (rv != CKR_OK) + goto cleanup; + } + + if (p11ctx->hSecret != CK_INVALID_HANDLE) { + if (op == CKA_ENCRYPT) + rv = p11_module->C_EncryptInit(p11ctx->hSession, &mechanism, p11ctx->hSecret); + else + rv = p11_module->C_DecryptInit(p11ctx->hSession, &mechanism, p11ctx->hSecret); + if (rv != CKR_OK) + goto cleanup; + } cleanup: if (rv != CKR_OK) @@ -310,37 +367,17 @@ p11_do_cipher(EVP_CIPHER_CTX *ctx, unsigned int size) { struct pkcs11_cipher_ctx *p11ctx = (struct pkcs11_cipher_ctx *)ctx->cipher_data; - CK_RV rv = CKR_OK; + CK_RV rv; CK_ULONG ulCipherTextLen = size; - CK_MECHANISM_TYPE mechanismType = (CK_MECHANISM_TYPE)ctx->cipher->app_data; - CK_MECHANISM mechanism = { - mechanismType, - ctx->cipher->iv_len ? ctx->iv : NULL, - ctx->cipher->iv_len - }; assert(p11_module != NULL); - /* The EVP layer only ever calls us with complete cipher blocks */ assert(EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_STREAM_CIPHER || (size % ctx->cipher->block_size) == 0); - if (ctx->encrypt) { - if (!p11ctx->cipher_init_done) { - rv = p11_module->C_EncryptInit(p11ctx->hSession, &mechanism, p11ctx->hSecret); - if (rv == CKR_OK) - p11ctx->cipher_init_done = 1; - } - if (rv == CKR_OK) - rv = p11_module->C_EncryptUpdate(p11ctx->hSession, (unsigned char *)in, size, out, &ulCipherTextLen); - } else { - if (!p11ctx->cipher_init_done) { - rv = p11_module->C_DecryptInit(p11ctx->hSession, &mechanism, p11ctx->hSecret); - if (rv == CKR_OK) - p11ctx->cipher_init_done = 1; - } - if (rv == CKR_OK) - rv = p11_module->C_DecryptUpdate(p11ctx->hSession, (unsigned char *)in, size, out, &ulCipherTextLen); - } + if (ctx->encrypt) + rv = p11_module->C_EncryptUpdate(p11ctx->hSession, (unsigned char *)in, size, out, &ulCipherTextLen); + else + rv = p11_module->C_DecryptUpdate(p11ctx->hSession, (unsigned char *)in, size, out, &ulCipherTextLen); return rv == CKR_OK; } @@ -350,8 +387,6 @@ p11_cleanup(EVP_CIPHER_CTX *ctx) { struct pkcs11_cipher_ctx *p11ctx = (struct pkcs11_cipher_ctx *)ctx->cipher_data; - assert(p11_module != NULL); - if (p11ctx->hSecret != CK_INVALID_HANDLE) { p11_module->C_DestroyObject(p11ctx->hSession, p11ctx->hSecret); p11ctx->hSecret = CK_INVALID_HANDLE; @@ -365,20 +400,33 @@ p11_cleanup(EVP_CIPHER_CTX *ctx) } static int +p11_md_cleanup(EVP_MD_CTX *ctx); + +static int p11_md_hash_init(CK_MECHANISM_TYPE mechanismType, EVP_MD_CTX *ctx) { struct pkcs11_md_ctx *p11ctx = (struct pkcs11_md_ctx *)ctx; CK_RV rv; + CK_FLAGS flags; + CK_MECHANISM mechanism = { mechanismType, NULL, 0 }; - rv = p11_session_init(mechanismType, &p11ctx->hSession); - if (rv == CKR_OK) { - CK_MECHANISM mechanism = { mechanismType, NULL, 0 }; + if (p11ctx->hSession != CK_INVALID_HANDLE) + p11_md_cleanup(ctx); - assert(p11_module != NULL); + rv = p11_session_init(mechanismType, &p11ctx->hSession, &flags); + if (rv != CKR_OK) + goto cleanup; - rv = p11_module->C_DigestInit(p11ctx->hSession, &mechanism); + if ((flags & CKF_DIGEST) != CKF_DIGEST) { + rv = CKR_MECHANISM_INVALID; + goto cleanup; } + assert(p11_module != NULL); + + rv = p11_module->C_DigestInit(p11ctx->hSession, &mechanism); + + cleanup: return rv == CKR_OK; } @@ -389,8 +437,11 @@ p11_md_update(EVP_MD_CTX *ctx, const void *data, size_t length) CK_RV rv; assert(p11_module != NULL); + assert(data != NULL || length == 0); - rv = p11_module->C_DigestUpdate(p11ctx->hSession, (unsigned char *)data, length); + rv = p11_module->C_DigestUpdate(p11ctx->hSession, + data ? (CK_BYTE_PTR)data : (CK_BYTE_PTR)"", + length); return rv == CKR_OK; } @@ -435,7 +486,7 @@ p11_md_cleanup(EVP_MD_CTX *ctx) block_size, \ key_len, \ iv_len, \ - flags, \ + (flags) | EVP_CIPH_ALWAYS_CALL_INIT, \ p11_key_init, \ p11_do_cipher, \ p11_cleanup, \ @@ -449,7 +500,7 @@ p11_md_cleanup(EVP_MD_CTX *ctx) const EVP_CIPHER * \ hc_EVP_pkcs11_##name(void) \ { \ - if (p11_mech_available_p(mechanismType)) \ + if (p11_mech_available_p(mechanismType, CKF_ENCRYPT|CKF_DECRYPT)) \ return &pkcs11_##name; \ else \ return NULL; \ @@ -499,7 +550,7 @@ p11_md_cleanup(EVP_MD_CTX *ctx) p11_md_cleanup \ }; \ \ - if (p11_mech_available_p(mechanismType)) \ + if (p11_mech_available_p(mechanismType, CKF_DIGEST)) \ return &name; \ else \ return NULL; \ diff --git a/lib/hcrypto/evp-wincng.c b/lib/hcrypto/evp-wincng.c index 8a8b91cb1ab9..a9b14e3bbeea 100644 --- a/lib/hcrypto/evp-wincng.c +++ b/lib/hcrypto/evp-wincng.c @@ -196,6 +196,11 @@ wincng_key_init(EVP_CIPHER_CTX *ctx, if (ctx->cipher->app_data == NULL) return 0; + if (cng->hKey) { + BCryptDestroyKey(cng->hKey); /* allow reinitialization */ + cng->hKey = (BCRYPT_KEY_HANDLE)0; + } + /* * Note: ctx->key_len not EVP_CIPHER_CTX_key_length() for * variable length key support. @@ -570,6 +575,11 @@ wincng_md_hash_init(BCRYPT_ALG_HANDLE hAlgorithm, NTSTATUS status; ULONG cbData; + if (cng->hHash) { + BCryptDestroyHash(cng->hHash); /* allow reinitialization */ + cng->hHash = (BCRYPT_HASH_HANDLE)0; + } + status = BCryptGetProperty(hAlgorithm, BCRYPT_OBJECT_LENGTH, (PUCHAR)&cng->cbHashObject, diff --git a/lib/hcrypto/evp.h b/lib/hcrypto/evp.h index a0369db72847..8893362db23e 100644 --- a/lib/hcrypto/evp.h +++ b/lib/hcrypto/evp.h @@ -164,7 +164,7 @@ struct hc_CIPHER { #define hc_EVP_CTRL_INIT 0x0 #define hc_EVP_CIPH_VARIABLE_LENGTH 0x008 /* variable key length */ -#define hc_EVP_CIPH_ALWAYS_CALL_INIT 0x020 +#define hc_EVP_CIPH_ALWAYS_CALL_INIT 0x020 /* backend maintains own cipherstate */ #define hc_EVP_CIPH_RAND_KEY 0x200 int (*init)(EVP_CIPHER_CTX*,const unsigned char*,const unsigned char*,int); diff --git a/lib/hcrypto/md2.c b/lib/hcrypto/md2.c index 25341a93b965..da41e6d83ee0 100644 --- a/lib/hcrypto/md2.c +++ b/lib/hcrypto/md2.c @@ -90,7 +90,7 @@ calc(struct md2 *m, const void *v) } memcpy(m->state, x, 16); - memset(x, 0, sizeof(x)); + memset_s(x, sizeof(x), 0, sizeof(x)); } int diff --git a/lib/hcrypto/rand-fortuna.c b/lib/hcrypto/rand-fortuna.c index 529bf8f301a8..2082f35ec72d 100644 --- a/lib/hcrypto/rand-fortuna.c +++ b/lib/hcrypto/rand-fortuna.c @@ -159,7 +159,7 @@ md_result(MD_CTX * ctx, unsigned char *dst) memcpy(&tmp, ctx, sizeof(*ctx)); SHA256_Final(dst, &tmp); - memset(&tmp, 0, sizeof(tmp)); + memset_s(&tmp, sizeof(tmp), 0, sizeof(tmp)); } /* @@ -234,7 +234,7 @@ enough_time_passed(FState * st) if (ok) memcpy(last, &tv, sizeof(tv)); - memset(&tv, 0, sizeof(tv)); + memset_s(&tv, sizeof(tv), 0, sizeof(tv)); return ok; } @@ -284,8 +284,8 @@ reseed(FState * st) /* use new key */ ciph_init(&st->ciph, st->key, BLOCK); - memset(&key_md, 0, sizeof(key_md)); - memset(buf, 0, BLOCK); + memset_s(&key_md, sizeof(key_md), 0, sizeof(key_md)); + memset_s(buf, sizeof(buf), 0, sizeof(buf)); } /* @@ -335,8 +335,8 @@ add_entropy(FState * st, const unsigned char *data, unsigned len) if (pos == 0) st->pool0_bytes += len; - memset(hash, 0, BLOCK); - memset(&md, 0, sizeof(md)); + memset_s(hash, sizeof(hash), 0, sizeof(hash)); + memset_s(&md, sizeof(hash), 0, sizeof(md)); } /* @@ -372,7 +372,7 @@ startup_tricks(FState * st) encrypt_counter(st, buf + CIPH_BLOCK); md_update(&st->pool[i], buf, BLOCK); } - memset(buf, 0, BLOCK); + memset_s(buf, sizeof(buf), 0, sizeof(buf)); /* Hide the key. */ rekey(st); @@ -468,7 +468,7 @@ fortuna_reseed(void) if ((*hc_rand_unix_method.bytes)(buf, sizeof(buf)) == 1) { add_entropy(&main_state, buf, sizeof(buf)); entropy_p = 1; - memset(buf, 0, sizeof(buf)); + memset_s(buf, sizeof(buf), 0, sizeof(buf)); } } #endif @@ -509,7 +509,7 @@ fortuna_reseed(void) close(fd); } - memset(&u, 0, sizeof(u)); + memset_s(&u, sizeof(u), 0, sizeof(u)); entropy_p = 1; /* sure about this ? */ } @@ -593,7 +593,7 @@ fortuna_cleanup(void) init_done = 0; have_entropy = 0; - memset(&main_state, 0, sizeof(main_state)); + memset_s(&main_state, sizeof(main_state), 0, sizeof(main_state)); HEIMDAL_MUTEX_unlock(&fortuna_mutex); } diff --git a/lib/hdb/db.c b/lib/hdb/db.c index c6cf58813814..4cee8d0097a1 100644 --- a/lib/hdb/db.c +++ b/lib/hdb/db.c @@ -44,6 +44,7 @@ typedef struct { HDB hdb; /* generic members */ int lock_fd; /* DB-specific */ + int do_sync; /* DB-specific */ } DB1_HDB; static krb5_error_code @@ -77,6 +78,25 @@ DB_destroy(krb5_context context, HDB *db) } static krb5_error_code +DB_set_sync(krb5_context context, HDB *db, int on) +{ + DB1_HDB *db1 = (DB1_HDB *)db; + DB *d = (DB*)db->hdb_db; + krb5_error_code ret = 0; + + db1->do_sync = on; + if (on) { + ret = (*d->sync)(d, 0); + if (ret == -1) { + ret = errno; + krb5_set_error_message(context, ret, "Database %s put sync error: %s", + db->hdb_name, strerror(ret)); + } + } + return ret; +} + +static krb5_error_code DB_lock(krb5_context context, HDB *db, int operation) { @@ -203,6 +223,7 @@ static krb5_error_code DB__put(krb5_context context, HDB *db, int replace, krb5_data key, krb5_data value) { + DB1_HDB *db1 = (DB1_HDB *)db; DB *d = (DB*)db->hdb_db; DBT k, v; int code; @@ -222,19 +243,14 @@ DB__put(krb5_context context, HDB *db, int replace, if(code == 1) { return HDB_ERR_EXISTS; } - code = (*d->sync)(d, 0); - if (code == -1) { - code = errno; - krb5_set_error_message(context, code, "Database %s put sync error: %s", - db->hdb_name, strerror(code)); - return code; - } - return 0; + + return db->hdb_set_sync(context, db, db1->do_sync); } static krb5_error_code DB__del(krb5_context context, HDB *db, krb5_data key) { + DB1_HDB *db1 = (DB1_HDB *)db; DB *d = (DB*)db->hdb_db; DBT k; krb5_error_code code; @@ -250,14 +266,7 @@ DB__del(krb5_context context, HDB *db, krb5_data key) db->hdb_name, strerror(code)); return code; } - code = (*d->sync)(d, 0); - if (code == -1) { - code = errno; - krb5_set_error_message(context, code, "Database %s del sync error: %s", - db->hdb_name, strerror(code)); - return code; - } - return 0; + return db->hdb_set_sync(context, db, db1->do_sync); } static DB * @@ -371,8 +380,10 @@ hdb_db1_create(krb5_context context, HDB **db, (*db)->hdb__put = DB__put; (*db)->hdb__del = DB__del; (*db)->hdb_destroy = DB_destroy; + (*db)->hdb_set_sync = DB_set_sync; (*db1)->lock_fd = -1; + (*db1)->do_sync = 1; return 0; } diff --git a/lib/hdb/db3.c b/lib/hdb/db3.c index cd2e33f067ad..0d41369d7101 100644 --- a/lib/hdb/db3.c +++ b/lib/hdb/db3.c @@ -54,6 +54,7 @@ typedef struct { HDB hdb; /* generic members */ int lock_fd; /* DB3-specific */ + int do_sync; /* DB3-specific */ } DB3_HDB; @@ -92,6 +93,32 @@ DB_destroy(krb5_context context, HDB *db) } static krb5_error_code +DB_set_sync(krb5_context context, HDB *db, int on) +{ + DB3_HDB *db3 = (DB3_HDB *)db; + DB *d = (DB*)db->hdb_db; + krb5_error_code ret = 0; + + db3->do_sync = on; + if (on) { + ret = (*d->sync)(d, 0); + if (ret) { + if (ret == EACCES || ret == ENOSPC || ret == EINVAL) { + krb5_set_error_message(context, ret, + "Database %s put sync error: %s", + db->hdb_name, strerror(ret)); + } else { + ret = HDB_ERR_UK_SERROR; + krb5_set_error_message(context, ret, + "Database %s put sync error: unknown (%d)", + db->hdb_name, ret); + } + } + } + return ret; +} + +static krb5_error_code DB_lock(krb5_context context, HDB *db, int operation) { @@ -220,6 +247,7 @@ static krb5_error_code DB__put(krb5_context context, HDB *db, int replace, krb5_data key, krb5_data value) { + DB3_HDB *db3 = (DB3_HDB *)db; DB *d = (DB*)db->hdb_db; DBT k, v; int code; @@ -261,26 +289,13 @@ DB__put(krb5_context context, HDB *db, int replace, } return code; } - code = (*d->sync)(d, 0); - if (code) { - if (code == EACCES || code == ENOSPC || code == EINVAL) { - krb5_set_error_message(context, code, - "Database %s put sync error: %s", - db->hdb_name, strerror(code)); - } else { - code = HDB_ERR_UK_SERROR; - krb5_set_error_message(context, code, - "Database %s put sync error: unknown (%d)", - db->hdb_name, code); - } - return code; - } - return 0; + return db->hdb_set_sync(context, db, db3->do_sync); } static krb5_error_code DB__del(krb5_context context, HDB *db, krb5_data key) { + DB3_HDB *db3 = (DB3_HDB *)db; DB *d = (DB*)db->hdb_db; DBT k; krb5_error_code code; @@ -304,21 +319,7 @@ DB__del(krb5_context context, HDB *db, krb5_data key) } return code; } - code = (*d->sync)(d, 0); - if (code) { - if (code == EACCES || code == ENOSPC || code == EINVAL) { - krb5_set_error_message(context, code, - "Database %s del sync error: %s", - db->hdb_name, strerror(code)); - } else { - code = HDB_ERR_UK_SERROR; - krb5_set_error_message(context, code, - "Database %s del sync error: unknown (%d)", - db->hdb_name, code); - } - return code; - } - return 0; + return db->hdb_set_sync(context, db, db3->do_sync); } #define RD_CACHE_SZ 0x8000 /* Minimal read cache size */ @@ -485,6 +486,7 @@ hdb_db3_create(krb5_context context, HDB **db, (*db)->hdb__put = DB__put; (*db)->hdb__del = DB__del; (*db)->hdb_destroy = DB_destroy; + (*db)->hdb_set_sync = DB_set_sync; (*db3)->lock_fd = -1; return 0; diff --git a/lib/hdb/hdb-ldap.c b/lib/hdb/hdb-ldap.c index 9ce4ba74f823..2ed7a6ba2596 100644 --- a/lib/hdb/hdb-ldap.c +++ b/lib/hdb/hdb-ldap.c @@ -1887,6 +1887,13 @@ LDAP_destroy(krb5_context context, HDB * db) } static krb5_error_code +LDAP_set_sync(krb5_context context, HDB * db, int on) +{ + (void)on; + return 0; +} + +static krb5_error_code hdb_ldap_common(krb5_context context, HDB ** db, const char *search_base, @@ -2020,6 +2027,7 @@ hdb_ldap_common(krb5_context context, (*db)->hdb__put = NULL; (*db)->hdb__del = NULL; (*db)->hdb_destroy = LDAP_destroy; + (*db)->hdb_set_sync = LDAP_set_sync; return 0; } diff --git a/lib/hdb/hdb-mdb.c b/lib/hdb/hdb-mdb.c index 920d7780e844..52d9aed7ac1f 100644 --- a/lib/hdb/hdb-mdb.c +++ b/lib/hdb/hdb-mdb.c @@ -76,6 +76,15 @@ DB_destroy(krb5_context context, HDB *db) } static krb5_error_code +DB_set_sync(krb5_context context, HDB *db, int on) +{ + mdb_info *mi = (mdb_info *)db->hdb_db; + + mdb_env_set_flags(mi->e, MDB_NOSYNC, !on); + return mdb_env_sync(mi->e, 0); +} + +static krb5_error_code DB_lock(krb5_context context, HDB *db, int operation) { db->lock_count++; @@ -240,6 +249,10 @@ DB__put(krb5_context context, HDB *db, int replace, mdb_txn_abort(txn); else code = mdb_txn_commit(txn); + /* + * No need to call mdb_env_sync(); it's done automatically if MDB_NOSYNC is + * not set. + */ if(code == MDB_KEYEXIST) return HDB_ERR_EXISTS; return code; @@ -265,6 +278,10 @@ DB__del(krb5_context context, HDB *db, krb5_data key) mdb_txn_abort(txn); else code = mdb_txn_commit(txn); + /* + * No need to call mdb_env_sync(); it's done automatically if MDB_NOSYNC is + * not set. + */ if(code == MDB_NOTFOUND) return HDB_ERR_NOENTRY; return code; @@ -394,6 +411,7 @@ hdb_mdb_create(krb5_context context, HDB **db, (*db)->hdb__put = DB__put; (*db)->hdb__del = DB__del; (*db)->hdb_destroy = DB_destroy; + (*db)->hdb_set_sync = DB_set_sync; return 0; } #endif /* HAVE_LMDB */ diff --git a/lib/hdb/hdb-mitdb.c b/lib/hdb/hdb-mitdb.c index 4e4fcdc58556..f3f8cf24c271 100644 --- a/lib/hdb/hdb-mitdb.c +++ b/lib/hdb/hdb-mitdb.c @@ -91,6 +91,11 @@ salt: #include "hdb_locl.h" +typedef struct MITDB { + HDB db; /* Generic */ + int do_sync; /* MITDB-specific */ +} MITDB; + static void attr_to_flags(unsigned attr, HDBFlags *flags) { @@ -698,6 +703,18 @@ mdb_destroy(krb5_context context, HDB *db) } static krb5_error_code +mdb_set_sync(krb5_context context, HDB *db, int on) +{ + MITDB *mdb = (MITDB *)db; + DB *d = (DB*)db->hdb_db; + + mdb->do_sync = on; + if (on) + return fsync((*d->fd)(d)); + return 0; +} + +static krb5_error_code mdb_lock(krb5_context context, HDB *db, int operation) { DB *d = (DB*)db->hdb_db; @@ -861,6 +878,7 @@ static krb5_error_code mdb__put(krb5_context context, HDB *db, int replace, krb5_data key, krb5_data value) { + MITDB *mdb = (MITDB *)db; DB *d = (DB*)db->hdb_db; DBT k, v; int code; @@ -873,6 +891,11 @@ mdb__put(krb5_context context, HDB *db, int replace, if(code) return code; code = (*d->put)(d, &k, &v, replace ? 0 : R_NOOVERWRITE); + if (code == 0) { + code = mdb_set_sync(context, db, mdb->do_sync); + db->hdb_unlock(context, db); + return code; + } db->hdb_unlock(context, db); if(code < 0) { code = errno; @@ -880,16 +903,14 @@ mdb__put(krb5_context context, HDB *db, int replace, db->hdb_name, strerror(code)); return code; } - if(code == 1) { - krb5_clear_error_message(context); - return HDB_ERR_EXISTS; - } - return 0; + krb5_clear_error_message(context); + return HDB_ERR_EXISTS; } static krb5_error_code mdb__del(krb5_context context, HDB *db, krb5_data key) { + MITDB *mdb = (MITDB *)db; DB *d = (DB*)db->hdb_db; DBT k; krb5_error_code code; @@ -899,6 +920,11 @@ mdb__del(krb5_context context, HDB *db, krb5_data key) if(code) return code; code = (*d->del)(d, &k, 0); + if (code == 0) { + code = mdb_set_sync(context, db, mdb->do_sync); + db->hdb_unlock(context, db); + return code; + } db->hdb_unlock(context, db); if(code == 1) { code = errno; @@ -1090,8 +1116,9 @@ krb5_error_code hdb_mitdb_create(krb5_context context, HDB **db, const char *filename) { - *db = calloc(1, sizeof(**db)); - if (*db == NULL) { + MITDB **mdb (MITDB **)db; + *mdb = calloc(1, sizeof(**mdb)); + if (*mdb == NULL) { krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } @@ -1104,6 +1131,7 @@ hdb_mitdb_create(krb5_context context, HDB **db, krb5_set_error_message(context, ENOMEM, "malloc: out of memory"); return ENOMEM; } + (*mdb)->do_sync = 1; (*db)->hdb_master_key_set = 0; (*db)->hdb_openp = 0; (*db)->hdb_capability_flags = 0; @@ -1121,6 +1149,7 @@ hdb_mitdb_create(krb5_context context, HDB **db, (*db)->hdb__put = mdb__put; (*db)->hdb__del = mdb__del; (*db)->hdb_destroy = mdb_destroy; + (*db)->hdb_set_sync = mdb_set_sync; return 0; } diff --git a/lib/hdb/hdb-sqlite.c b/lib/hdb/hdb-sqlite.c index bc176b2bb87e..d5eb3f184e84 100644 --- a/lib/hdb/hdb-sqlite.c +++ b/lib/hdb/hdb-sqlite.c @@ -418,6 +418,10 @@ hdb_sqlite_make_database(krb5_context context, HDB *db, const char *filename) created_file = 1; + hdb_sqlite_exec_stmt(context, hsdb, + "PRAGMA main.page_size = 8192", + HDB_ERR_UK_SERROR); + ret = hdb_sqlite_exec_stmt(context, hsdb, HDBSQLITE_CREATE_TABLES, HDB_ERR_UK_SERROR); @@ -803,6 +807,15 @@ hdb_sqlite_destroy(krb5_context context, HDB *db) return ret ? ret : ret2; } +static krb5_error_code +hdb_sqlite_set_sync(krb5_context context, HDB *db, int on) +{ + return hdb_sqlite_exec_stmt(context, (hdb_sqlite_db*)(db->hdb_db), + on ? "PRAGMA main.synchronous = NORMAL" : + "PRAGMA main.synchronous = OFF", + HDB_ERR_UK_SERROR); +} + /* * Not sure if this is needed. */ @@ -1031,6 +1044,7 @@ hdb_sqlite_create(krb5_context context, HDB **db, const char *filename) (*db)->hdb_remove = hdb_sqlite_remove; (*db)->hdb_destroy = hdb_sqlite_destroy; (*db)->hdb_rename = hdb_sqlite_rename; + (*db)->hdb_set_sync = hdb_sqlite_set_sync; (*db)->hdb__get = NULL; (*db)->hdb__put = NULL; (*db)->hdb__del = NULL; diff --git a/lib/hdb/hdb.h b/lib/hdb/hdb.h index 892b8e598581..7c6dfcf9d8d2 100644 --- a/lib/hdb/hdb.h +++ b/lib/hdb/hdb.h @@ -271,9 +271,17 @@ typedef struct HDB { * Check if s4u2self is allowed from this client to this server */ krb5_error_code (*hdb_check_s4u2self)(krb5_context, struct HDB *, hdb_entry_ex *, krb5_const_principal); + + /** + * Enable/disable synchronous updates + * + * Calling this with 0 disables sync. Calling it with non-zero enables + * sync and does an fsync(). + */ + krb5_error_code (*hdb_set_sync)(krb5_context, struct HDB *, int); }HDB; -#define HDB_INTERFACE_VERSION 9 +#define HDB_INTERFACE_VERSION 10 struct hdb_method { int version; diff --git a/lib/hdb/mkey.c b/lib/hdb/mkey.c index 8265776bf7c8..cfc27d424a2f 100644 --- a/lib/hdb/mkey.c +++ b/lib/hdb/mkey.c @@ -226,7 +226,7 @@ read_master_encryptionkey(krb5_context context, const char *filename, } ret = decode_EncryptionKey(buf, len, &key, &ret_len); - memset(buf, 0, sizeof(buf)); + memset_s(buf, sizeof(buf), 0, sizeof(buf)); if(ret) return ret; @@ -279,7 +279,7 @@ read_master_krb4(krb5_context context, const char *filename, memset(&key, 0, sizeof(key)); key.keytype = ETYPE_DES_PCBC_NONE; ret = krb5_data_copy(&key.keyvalue, buf, len); - memset(buf, 0, sizeof(buf)); + memset_s(buf, sizeof(buf), 0, sizeof(buf)); if(ret) return ret; diff --git a/lib/hx509/Makefile.am b/lib/hx509/Makefile.am index b58deb3e37aa..c7ef53182d83 100644 --- a/lib/hx509/Makefile.am +++ b/lib/hx509/Makefile.am @@ -392,7 +392,8 @@ EXTRA_DIST = \ data/ocsp-resp2.der \ data/ocsp-responder.crt \ data/ocsp-responder.key \ - data/openssl.cnf \ + data/openssl.1.0.cnf \ + data/openssl.1.1.cnf \ data/pkinit-proxy-chain.crt \ data/pkinit-proxy.crt \ data/pkinit-proxy.key \ diff --git a/lib/hx509/Makefile.in b/lib/hx509/Makefile.in index cca95bbc04ae..2ebd99d9f1c5 100644 --- a/lib/hx509/Makefile.in +++ b/lib/hx509/Makefile.in @@ -1001,7 +1001,8 @@ EXTRA_DIST = \ data/ocsp-resp2.der \ data/ocsp-responder.crt \ data/ocsp-responder.key \ - data/openssl.cnf \ + data/openssl.1.0.cnf \ + data/openssl.1.1.cnf \ data/pkinit-proxy-chain.crt \ data/pkinit-proxy.crt \ data/pkinit-proxy.key \ diff --git a/lib/hx509/cms.c b/lib/hx509/cms.c index 7aa159cbb2d6..56dafae51966 100644 --- a/lib/hx509/cms.c +++ b/lib/hx509/cms.c @@ -537,7 +537,7 @@ out: * * @param context A hx509 context. * @param flags flags to control the behavior. - * - HX509_CMS_EV_NO_KU_CHECK - Dont check KU on certificate + * - HX509_CMS_EV_NO_KU_CHECK - Don't check KU on certificate * - HX509_CMS_EV_ALLOW_WEAK - Allow weak crytpo * - HX509_CMS_EV_ID_NAME - prefer issuer name and serial number * @param cert Certificate to encrypt the EnvelopedData encryption key diff --git a/lib/hx509/data/ca.crt b/lib/hx509/data/ca.crt index c6c0b2706bd2..b8e7bb789556 100644 --- a/lib/hx509/data/ca.crt +++ b/lib/hx509/data/ca.crt @@ -1,15 +1,32 @@ -----BEGIN CERTIFICATE----- -MIICbDCCAdWgAwIBAgIJAJky3mEOQBmKMA0GCSqGSIb3DQEBBQUAMCoxGzAZBgNV -BAMMEmh4NTA5IFRlc3QgUm9vdCBDQTELMAkGA1UEBhMCU0UwHhcNMDkwNDI2MjAy -OTQwWhcNMTkwNDI0MjAyOTQwWjAqMRswGQYDVQQDDBJoeDUwOSBUZXN0IFJvb3Qg -Q0ExCzAJBgNVBAYTAlNFMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC50xtn -HPdeJoE7gv8DpEO1smMLiVhD/j3gOH2TdLutIaQp2TR58xyMWtaw1xnqzK/gqEAC -HZHxrDaw+wi9zJrht27uCmm/bSvuIIJhBvIYzIkRZH6y/0fRO1Jz61rAA6ZLx0B+ -vOEOZUQ/QIsCglQE2cwsZwG2FoLYM1MX196NXQIDAQABo4GZMIGWMB0GA1UdDgQW -BBRuSBPcv4uVTBPzH5cw3SeWWZsOaDBaBgNVHSMEUzBRgBRuSBPcv4uVTBPzH5cw -3SeWWZsOaKEupCwwKjEbMBkGA1UEAwwSaHg1MDkgVGVzdCBSb290IENBMQswCQYD -VQQGEwJTRYIJAJky3mEOQBmKMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgHmMA0G -CSqGSIb3DQEBBQUAA4GBAFKb5A7uwl238bpH4/6vPVEQ/egNFFgFNqfr2AXlJ29R -uOyQ2QPhvJyTOCFcr05se2xlqZLNlO+orpASFHgtoxWqQvHZRGQsPMC9OkjYgEWL -0XmC4A/fCDxgIW8xR5iuL8uxobnBo3FeSsJn32YKUbWtYAXbAtQa0rlOAQgrw1ev +MIIFcTCCA1mgAwIBAgIJAJll+TTDkMFyMA0GCSqGSIb3DQEBCwUAMCoxGzAZBgNV +BAMMEmh4NTA5IFRlc3QgUm9vdCBDQTELMAkGA1UEBhMCU0UwHhcNMTkwNTIzMTUw +NTExWhcNMzgwMTE2MTUwNTExWjAqMRswGQYDVQQDDBJoeDUwOSBUZXN0IFJvb3Qg +Q0ExCzAJBgNVBAYTAlNFMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA +vQovoPWtDeqaAUSXDD7gFfXXfxbI4M6yho6C+lc9JqnzeVYk5obeyM14Er+HHNS0 +pGJGvgelSeR0UCUmifr12zQT3hne/J225fobuO6UwcRNstTTaRxO1BdYSsIzixq+ +XJzDb3MRCY/TpE3AJZ5SqdXUexfFzCH12FXuMv4wvOlvrq2pbcKiRMBzgrWK756b +LRR2uD9JjsN7KawVSZCRbc0gudiCX++kZAuIviv2G+kys81gBmZXJAVsVPrb+9+y +wQXvRq2p7XPn6XpPndMHaQgD/2iNOTXbuBby0v71rheaOWFtYVbMseiB0rsdv6Ik +Zl/L55usKDGzgLs8w6kPieDpebYmlXQW3V8LW+QyYHWvcdSmNcqej4Y+FiZqDjin +xPzvqPVJQydVw/yi8gWILNLKB947O5O8NjSxhzHCjB+aIXgLx8uSXXY2EesR8lJz +2SZKdCawut+kWSgHqH5UYf5IXKo+Skg+f1hWdjc44OZyMveMLzk4hTJZWYqVNxll +OiBfz/Hke54CXaDKd4S1C3NVbrZ8w6NADaNQTMyFlHy2VEHDXRrqGrl0h0/4HIrF +7i9ZKkz6uhr209chvFAuSbM4M5dPHE/bIMivVkk4UAm2Y1O9hAnzOMMtpkHnb4M+ +7fTwUXTLT4cSWurzcrAsIG20R3KgApQ95mQlw63gebcCAwEAAaOBmTCBljAdBgNV +HQ4EFgQU/cZWcrzqghlIALCji/d5P/cm/CMwWgYDVR0jBFMwUYAU/cZWcrzqghlI +ALCji/d5P/cm/COhLqQsMCoxGzAZBgNVBAMMEmh4NTA5IFRlc3QgUm9vdCBDQTEL +MAkGA1UEBhMCU0WCCQCZZfk0w5DBcjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB +5jANBgkqhkiG9w0BAQsFAAOCAgEAAuwu6a/S/Jc05hjMKWx3VG5leTiUr+DyA+/y +9kHP+FInHa+qd9xil2Ms1kvW4d+A8709On+Gfv96Tzw/FKIr86kgJScwQ5dWHgDV +DN+ogZ9MLW7sjbShSGVrUuJti/nCax5nOw0yzBvkq5tBefDIt185pS+j8utNZYQT +6A1DNVIjWZUywCXZDiAsSXmp+LmAI9fTyUsN5ioLgaVLq/GN8zAUyXmf+VLbNnM3 +k4ZsWmjU98GZYLwuf/cocBiJMf09kwJ3o2NIdb/hgaOjlmY15LehDLVbIuF+FVp3 +hEjohF43zcFxSOLlCLhCVhcM79mzZef+xT9iCtVPiWySEhalmfXIPQ6tTY80doLW +Ed6HhmiRx0sW3yKFfINb12qk4hZJMCMoxBK1AZlEbaB2mQxzz6Iph3kOthIJxilf +/2dmGGi76bT66zz/sK3kz8xHUr+DUCUyVSqDdxS8ODOL4fUxT570JjVZQtzQtD3G +CAq41zsDMGByy+vp61CyU9qrq9OxX2POTQJ7LEegKqLeksGqfFclYnEFKe8VKJRL +kDKIqCk7CeYF3t/7aaUNAHOfNSOiFyRYXYYZLCGmIQyujJFHDz2ziPn/OD/WMkVP +090LkDNjg4FW+DT74Iyda7dl4YQAuE9oZdVk5ZBoruJOOIW7J3e8AuL9znmIBzju +n61nXvY= -----END CERTIFICATE----- diff --git a/lib/hx509/data/ca.key b/lib/hx509/data/ca.key index 04d2516cf188..e635b57ccd09 100644 --- a/lib/hx509/data/ca.key +++ b/lib/hx509/data/ca.key @@ -1,16 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALnTG2cc914mgTuC -/wOkQ7WyYwuJWEP+PeA4fZN0u60hpCnZNHnzHIxa1rDXGerMr+CoQAIdkfGsNrD7 -CL3MmuG3bu4Kab9tK+4ggmEG8hjMiRFkfrL/R9E7UnPrWsADpkvHQH684Q5lRD9A -iwKCVATZzCxnAbYWgtgzUxfX3o1dAgMBAAECgYAT8QS6zw/4yZcKxOcLBADEKe2Z -GlcfjNQlEMrhHSDa1oZge0+3WpCQu1rYxWyhlu+04zljQLsdvUZtPbNVcvSX36Br -RuP/6Z5UCn/9YYv69Hv006PoBUWkVLQ4LFZLX1QD1HcyPGdr7GyDweD6n/CgTkrW -nZVw8nVP/dStf1aeIQJBANr6LnKHr2Hd5p004XaHJcNjcFronW3QnLFozZH3WKWI -t1ug6McwBXuk0io+Zz9ituZ8NabV9AdQKTuVVWORPxUCQQDZPgGvIepGaMuthoE4 -D+54BisUjWWkL/w3MTdh2jkwo1foCXvW1kKKBVbLzGNRYlp5lglx33HWekP7wdxe -0mcpAkEA2HD1PAtVlTyKV9UPDeMjtm8xfQnzobnTR6A5oQ+FNYlfA1iW/Vs/8CjH -+y1XTFW8RzF6rn9IB3p6ZwSCNDo6yQJAX6D0+tPyHdZpulQYM8aHkdwdQKnRkUny -O5V1rKR0Ql3VB3aNRhABMGKTR5kMKzohW55ZQAA9S018+ajnyfHSqQJBALSUXIk0 -C+owiDiHu50Q6xFTJr3EmtudKplUCQTZ9xktNxAK08suxJd1UYeOFxkBuviRFvi8 -BuD/JDKYITDMrZA= +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC9Ci+g9a0N6poB +RJcMPuAV9dd/FsjgzrKGjoL6Vz0mqfN5ViTmht7IzXgSv4cc1LSkYka+B6VJ5HRQ +JSaJ+vXbNBPeGd78nbbl+hu47pTBxE2y1NNpHE7UF1hKwjOLGr5cnMNvcxEJj9Ok +TcAlnlKp1dR7F8XMIfXYVe4y/jC86W+uraltwqJEwHOCtYrvnpstFHa4P0mOw3sp +rBVJkJFtzSC52IJf76RkC4i+K/Yb6TKzzWAGZlckBWxU+tv737LBBe9Grantc+fp +ek+d0wdpCAP/aI05Ndu4FvLS/vWuF5o5YW1hVsyx6IHSux2/oiRmX8vnm6woMbOA +uzzDqQ+J4Ol5tiaVdBbdXwtb5DJgda9x1KY1yp6Phj4WJmoOOKfE/O+o9UlDJ1XD +/KLyBYgs0soH3js7k7w2NLGHMcKMH5oheAvHy5JddjYR6xHyUnPZJkp0JrC636RZ +KAeoflRh/khcqj5KSD5/WFZ2Nzjg5nIy94wvOTiFMllZipU3GWU6IF/P8eR7ngJd +oMp3hLULc1VutnzDo0ANo1BMzIWUfLZUQcNdGuoauXSHT/gcisXuL1kqTPq6GvbT +1yG8UC5Jszgzl08cT9sgyK9WSThQCbZjU72ECfM4wy2mQedvgz7t9PBRdMtPhxJa +6vNysCwgbbRHcqAClD3mZCXDreB5twIDAQABAoICAGl8N5ufu5NaZ9lxRsAkjbJz +Xm6ibjFT5bbD6z56U7sxdpUshqbEd6ihTvFXQrPJ1Yss88CyT39uJaFbOaghC/Pn +mXaEBTP9ZcPqznFhYEzHl3vE2rt6elpLNI9y0oQ6xiKzrzKPiOBHC5hRcnkLYaE3 +mrudRlhkUuUG/kYiJVwk/pcAfNyskRPAODSlzQNtA7YiByVE22z4k89rIO3N5/jX +T/2kXQvfk2HoNcO4kDp+5DYE0iKAFPwaspqw6PQhnYOsJhrQaVQBK1XTVH4C9c2c +FW7+Dl/wN8z/sTwf3UPqE7sVLI32e36C+X53v1/hwGIH7qYs7eH36exZjsy3l90o +jbWvavSNB5U94rNVU42LuQUSL8ftAA9YjpmuqeZlhiumSGaz+ezC/BQ2SE0aUjyg +/C4ZWTbwkMXif5p8DJng9vNofQJQ4qcLGnykan0tvI1naGNyVpvXcL+qGo5znN8E +xH9hPZHk/axbV9U5sIhUM8IjGPCHldU9W+t+Ngy+k+yF9cYVQSwBnyeVM0dlWVOb +Fy4kmXYxG7mZc6HI1aRg1Xd6rQadJ+5RkfPCa+2p2ZafoJIkNr+LbuTsri7AWlrf +aI8MS27Wp6BmXL5YnofX2pFstLL4tStAknAMzK16RtYSs/dd69gbUdaTrmpVCi1s +YzOmtNXFLZs+Lh0X+KgBAoIBAQDl6mycpf3clYkJ/sFaY1svX/L0Zs4BJqajKIuJ +K1SoVCTtmiEcA0n9tZzEBp1rBgpAYdxkI8tWge6weel6Ckbunl8CLYZ0VvmAaYaJ +/VHBzAorcH/RIlAUV/P5WSdGjtAnPK0TSdAARRppW1k01kO+XmIL/f0Mk+6KD4MX +wgiKVKyutJ8/SjOkfzhpe/zyqAMZV0W1aDkq5focaIqy2pVZsuX47jWZyZeeCy8i +OzpYzlCE9os+0sQU107LLcQ3YsmLFP93MA+nsatUaMzeXE5VcHsq1UbqgV3tEPgA +QALbn7ulw6ChGzHrTyJc93dHWqGfqVi0incienn4NRnHZRYBAoIBAQDSfJQSLPBp +UQL6kGkIPc0C8y836cNmrj5QZppbIyoTggA2ZTC8E+qKJ0rHrbzKkBZBwhLhmjcs +qsGwuoOqQfdWW+1AAVIrjrjjoSwrT4CZqOR/vvu/2Rvb1DTxyq8Ysf4Ure/sjDUo +EenufVQTqeBlYpvaIZirMPrvWNq0Ky7AHi5sUYQ0J6nx5uB4iwboWGB7aBf7KSh9 +hMXivYKI1hiHylkvRzGY91OCOsiHyqGrEC77lH4tMGexbkUxc+VnAhuwxdhDDJ3l +34O4iMEhS10gBLYc6Gi174YmHQMpPvbjtcNQ8DjNDqWr7wBYhfUVw3aqpRs5D8JX +Jxco6PRXM7+3AoIBAQC8gGr0NBPjGqb0ju4wEW3ddalYQEF+KBZPhxqAKAqMyBBO +ziN/OCMd5BzXiyTdbmJRTurHH6HDF1x/TDTkXjCxyx7SRkkKcZS2d85arFqvrX5Z +By+EY8GMLGBXe4T8EHMQ+GpeehITZpS09LQ64cFA/1kbw+4ItfDJONaeT/N4ltvN +kUFPPqMAp120/nbw7Fc+G5OHnB/i0BMz33J4GUaB+G8cnRFNOT8Z0MmgIzc/QEg7 ++3dG1r7052IuqyNI1bGwWlLpgXoUX1K9Lf9p//wpiMMy5xHxiodbqqHqcpDlSB0t +VysHa6iN6J+f4TTmR6RjpxCXVT9AAXKm0cKE/JgBAoIBAQDRbUCKoQoHT6KOGddX +at4rnDkUAdP4u0+nAZ99JIy94jBB7wbBa3OGSDgAWx4n0ZtDjEzrCVzyZWfYZouQ +gJgO5eI2N9pBGn1dh0SCR1UmDkRj0mt75BHy9L5FAayb/qVWgAXjL1HIb6J5N1vL +QM/TMHzvWVQkqNRUBu18LCcU4jLAdY77sadG17fqWDHkReKhht2tebMeyFd4FaTm +b1by7OM1xjlUAGmnfsN9UKDwqmaEzKeKYMobYSMZZD4Q8qkIhqF5fPkx+eV+WxsF +/I1IyUdFlfxxYUPxchZuGIbf5D7Url9lr7gpTODkM0y6fcP5X9OpP8PWoT9K5hYP +GZ8bAoIBADA78xaN+InvJYPY/a7mPmLpLm44KsCRvB/aYZmwQl00Cz1miOLZgKC0 +9crfkTdZKt8v/RZSAAduyiYMFNaXMBR9mNYCwmLzFfcNydI4ow6sJYr3nj0SOsN5 +v0XJp+cJxqlC2ZGNlNYZVGcoxXyM00PSAA1AL/oRyplC99o5DgLDhMr01ok1PuPQ +7K3z06yCKBrAwEFXxzhI7YwdN97iY050TQLvOfO+conf5KIbb3EHycfeF0mM4OdO +q4WdmPePVkve8PwRBdENjjrdgbUCPJV9Nk9MiAQOf5CpuH6SvuhhaRQTJgSJnxmN +iW68RMhfob7KD8lBv9mlYZ4ZQSwJRtM= -----END PRIVATE KEY----- diff --git a/lib/hx509/data/crl1.crl b/lib/hx509/data/crl1.crl index 568f6b696534..606efb7240e5 100644 --- a/lib/hx509/data/crl1.crl +++ b/lib/hx509/data/crl1.crl @@ -1,8 +1,16 @@ -----BEGIN X509 CRL----- -MIIBBDBvMA0GCSqGSIb3DQEBBQUAMCoxGzAZBgNVBAMMEmh4NTA5IFRlc3QgUm9v -dCBDQTELMAkGA1UEBhMCU0UXDTA5MDQyNjIwMjk0MVoXDTE5MDMwNTIwMjk0MVow -FDASAgEDFw0wOTA0MjYyMDI5NDFaMA0GCSqGSIb3DQEBBQUAA4GBAGXXCNeUIctd -TfKIUIpMbtHnUXYLA8hcB+6Iyc24VR3m+HNYx9XT6Qp6hY4Wg8Qq4p+0KFTxz4JU -XLTZWduvgB9+AL+ECXIUmx4FHkgwwq5+AyYygDqzYOVJszJ9hNp7HHthobObrRm4 -Q6hn748UG1nd4gp7zKB7ReLvLYff411G +MIIChTBvMA0GCSqGSIb3DQEBBQUAMCoxGzAZBgNVBAMMEmh4NTA5IFRlc3QgUm9v +dCBDQTELMAkGA1UEBhMCU0UXDTE5MDUyMzE1MDUzMFoXDTI5MDMzMTE1MDUzMFow +FDASAgEDFw0xOTA1MjMxNTA1MzBaMA0GCSqGSIb3DQEBBQUAA4ICAQBV451IywmB +L153EAciLerLs05gqigj3qrqnmzS7AVV9u05u4bq/XYllIIWua7kCnGXmx0xqY+p +FpFlS3BKrSIOkSHL4gpwMOmZmCssaOivd88/tHCGeOtMKz3q811m4q8MyfzEc+T3 +EHg6yjsCWrWbZmrM+A8MYO2S/XZOPG88N87nQxKYbrZA/SDspNODujdXdKFMI8Qj +9xY7aqI6w9GYiTYDXrJ+2VGtFacYwVrY1Xk3pt7DoFbq6VwVfpsYHf0zRag/xfGW +EbIQywJDhLuLWB3gtWTYnZ3MD2LS5uCEfolckuFBw66JOZCmUq66VscTHOE5d59q +bld2YoPVUme4QJfYMygWgyi8rnN4YkSfYaCxnDPO9vFk968N6PA+py5jHjecyVw9 +ih2rXNIk/Ia2wvyN84MBu/vpC7GyD0bBpB+aMxQvHuNYUDDnIeMRCu+Hs2Td6U57 +lmdFudCxJ8S0kF6eCx5HdOrvyRtHagsGPt1aFLxnNEc2x4ewJa1iggTBcs+X5qXC +pk6D5FDLN5TXooi9NbLFSCdLWpoMI+KOB40Ma3KaGej0a2pZiJe8j4EPQ6WhR6Og +nZSdwCtgTyoynI6g6YeGzkD0ZzuPujt8rsyu+cBZOdxnhuAn7F1UtIcwE4jVmmca +EuMR2oFhjnEH4ooS/kWmgmzGPEMixKSbpA== -----END X509 CRL----- diff --git a/lib/hx509/data/crl1.der b/lib/hx509/data/crl1.der Binary files differindex c1e08c0b524c..f42512706a12 100644 --- a/lib/hx509/data/crl1.der +++ b/lib/hx509/data/crl1.der diff --git a/lib/hx509/data/gen-req.sh b/lib/hx509/data/gen-req.sh index b832a43d9646..09f0dfb0bcd2 100644..100755 --- a/lib/hx509/data/gen-req.sh +++ b/lib/hx509/data/gen-req.sh @@ -7,13 +7,20 @@ openssl=openssl +# workaround until openssl -objects lands +if ${openssl} version | grep '^OpenSSL 1\.[1-9]' >/dev/null ; then + config=openssl.1.1.cnf +else + config=openssl.1.0.cnf +fi + gen_cert() { - keytype=${6:-rsa:1024} + keytype=${6:-rsa:4096} ${openssl} req \ -new \ -subj "$1" \ - -config openssl.cnf \ + -config ${config} \ -newkey $keytype \ -sha1 \ -nodes \ @@ -23,9 +30,9 @@ gen_cert() if [ "$3" = "ca" ] ; then ${openssl} x509 \ -req \ - -days 3650 \ + -days 182500 \ -in cert.req \ - -extfile openssl.cnf \ + -extfile ${config} \ -extensions $4 \ -signkey out.key \ -out cert.crt @@ -39,12 +46,12 @@ gen_cert() ${openssl} x509 \ -req \ -in cert.req \ - -days 3650 \ + -days 182500 \ -out cert.crt \ -CA $2.crt \ -CAkey $2.key \ -CAcreateserial \ - -extfile openssl.cnf \ + -extfile ${config} \ -extensions $4 name=$5 @@ -52,14 +59,14 @@ gen_cert() ${openssl} ca \ -name $4 \ - -days 3650 \ + -days 182500 \ -cert $2.crt \ -keyfile $2.key \ -in cert.req \ -out cert.crt \ -outdir . \ -batch \ - -config openssl.cnf + -config ${config} name=$3 fi @@ -109,7 +116,7 @@ ${openssl} ca \ -cert ca.crt \ -keyfile ca.key \ -revoke revoke.crt \ - -config openssl.cnf + -config ${config} ${openssl} pkcs12 \ -export \ @@ -348,6 +355,6 @@ ${openssl} ca \ -cert ca.crt \ -crl_reason superseded \ -out crl1.crl \ - -config openssl.cnf + -config ${config} ${openssl} crl -in crl1.crl -outform der -out crl1.der diff --git a/lib/hx509/data/https.crt b/lib/hx509/data/https.crt index 2056c899c8cb..0d393a8e1db0 100644 --- a/lib/hx509/data/https.crt +++ b/lib/hx509/data/https.crt @@ -2,25 +2,51 @@ Certificate: Data: Version: 3 (0x2) Serial Number: 9 (0x9) - Signature Algorithm: sha1WithRSAEncryption + Signature Algorithm: sha1WithRSAEncryption Issuer: CN=hx509 Test Root CA, C=SE Validity - Not Before: Apr 26 20:29:41 2009 GMT - Not After : Apr 24 20:29:41 2019 GMT + Not Before: May 23 15:05:17 2019 GMT + Not After : Jan 16 15:05:17 2038 GMT Subject: C=SE, CN=www.test.h5l.se Subject Public Key Info: Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) + Public-Key: (4096 bit) Modulus: - 00:c6:f4:94:25:2b:d5:fa:e9:3d:00:a9:46:24:f1: - bf:fe:61:df:bd:cc:da:74:b7:f9:36:c1:ce:51:d2: - 01:6f:79:ba:b3:4a:d5:a4:43:5a:c7:ad:e4:e0:50: - e2:a6:bf:54:73:ad:a5:86:0a:bd:56:c4:4f:b5:f5: - 7f:7e:fe:10:78:17:e2:35:4c:bb:cc:4b:74:35:d0: - ab:63:b1:02:72:94:a7:9a:dc:10:ef:28:82:a9:6c: - dc:19:8d:b8:3e:5b:21:52:1f:88:51:a6:5a:f8:67: - cd:cb:48:6f:f5:8b:71:7c:4d:52:da:bb:f9:26:8a: - 27:9c:7e:8a:d1:99:54:35:7f + 00:b5:58:e9:eb:2d:b3:7c:94:b7:a2:08:ec:fd:50: + c2:61:a4:35:c8:eb:ad:d6:93:4c:50:9a:ad:e0:9a: + 00:ae:4e:ef:ed:5e:ef:d9:cb:98:a6:5e:65:7f:a6: + 38:c0:ee:17:48:90:80:4c:6c:71:7a:11:af:11:22: + 1b:17:2c:db:c2:cc:2c:d0:0e:de:ea:95:6a:d0:42: + bb:b0:a1:eb:7c:9e:f0:28:64:dd:44:7f:c8:f6:d5: + 48:e4:80:be:f7:58:18:d6:d4:57:7a:09:07:3f:23: + d8:00:53:84:0f:72:e9:0d:a8:b9:49:57:80:f4:00: + 9c:92:16:bd:a7:ea:12:81:96:59:48:8b:ff:b9:8b: + 9d:68:e6:7c:0d:fb:c8:57:cc:ba:6a:4c:57:cc:e4: + eb:af:cc:6e:38:80:e6:47:a0:f2:e4:09:39:79:fb: + 42:c4:29:b2:8d:f1:8f:b9:45:1f:47:c2:e8:30:84: + a5:e7:fa:7c:df:f0:07:89:1e:fd:6f:a5:1d:88:57: + 4e:76:bf:91:c7:39:ac:87:6f:b0:29:0b:c0:04:89: + 95:9a:8a:b3:4a:22:63:7c:26:e2:ea:fc:e5:f8:43: + b5:67:50:0f:99:e0:9d:e2:2b:3f:fa:19:e4:61:1a: + e4:c7:68:66:43:a1:05:15:24:c4:09:3b:5d:b4:3a: + f8:87:d4:d8:80:cf:6c:ed:fa:b1:b7:7d:2b:68:ca: + 3a:26:a6:49:1e:e7:27:fc:4f:89:7b:19:ce:8d:c9: + 9d:cd:55:63:72:29:b1:2b:1b:35:a4:07:32:4f:13: + f1:bd:03:1f:b4:fc:f0:05:c4:9e:b0:c8:72:37:2c: + 0c:82:bc:d4:a7:87:d3:33:10:f3:80:fe:bf:61:1b: + 5e:c0:5b:c0:09:3d:db:c0:9d:91:92:c4:7c:7a:eb: + ec:b0:8e:69:a1:47:66:53:02:51:55:90:d1:e2:9a: + 86:70:7b:63:d4:b9:03:18:c8:01:69:c6:e9:63:bc: + 2b:b5:75:dc:03:5f:ef:b2:d3:3a:c8:db:3c:b6:3d: + 59:91:fc:7d:96:bf:43:97:5a:40:d6:f2:f8:82:44: + fb:9d:36:47:3f:3a:33:43:6d:9c:44:ba:60:1a:9d: + 77:02:44:14:d0:73:99:53:6d:ef:70:34:0b:11:b1: + 16:c3:c9:4b:41:66:64:4c:88:fe:12:8f:3d:4f:29: + 2f:b3:e8:15:8b:26:5a:ba:f9:fc:6b:ec:9d:8a:d9: + 65:17:de:e5:ce:a7:84:1b:1e:f1:ad:32:b3:78:15: + 7a:08:e3:93:9e:e5:eb:3c:33:9e:d5:2a:21:20:62: + 90:c7:d8:3e:d4:1e:0f:06:20:01:6e:22:a4:67:de: + 68:f0:b9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: @@ -28,26 +54,63 @@ Certificate: X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Subject Key Identifier: - 8A:BB:2D:06:4B:BD:DE:9A:BA:7C:5A:35:D0:E2:19:37:48:29:0E:9C + 91:03:3F:14:E3:BD:43:98:B2:D4:7F:46:C2:A7:B7:BB:0F:74:99:F3 Signature Algorithm: sha1WithRSAEncryption - 90:35:ec:8c:f2:62:14:76:8a:29:52:99:44:c1:d7:c8:9e:74: - ef:90:4f:e7:ea:4d:cf:8f:c1:73:0c:d9:49:06:93:30:b0:19: - 5e:de:9c:11:93:66:02:4d:8f:e9:8c:52:fc:26:26:9e:09:69: - a5:a7:63:d2:2d:40:de:e5:d8:d5:51:c3:32:60:6a:2f:26:13: - 91:69:36:f6:67:e4:b0:54:9e:77:68:22:5f:51:b8:3c:42:bd: - e3:09:dc:11:9b:ed:db:63:df:90:57:38:00:90:be:89:e7:ea: - 8e:d8:21:cd:96:68:69:4b:a3:15:50:ce:63:80:2a:99:4b:ff: - dd:1c + 27:3f:d8:cb:68:c8:ef:35:ed:a0:50:d7:58:60:77:48:76:45: + 7a:2c:20:22:81:62:e3:e2:0d:10:48:d7:74:23:95:76:fb:78: + c3:98:d2:39:13:13:7f:2a:38:dc:2a:80:ba:33:0a:51:d6:9e: + 0c:44:04:84:f0:ae:20:1e:e6:e8:89:09:cd:87:66:1b:80:21: + e7:bc:03:e0:c7:15:19:23:b7:05:0b:f9:64:50:b6:6f:7d:14: + 68:96:bb:4d:d6:c0:29:7f:e3:a1:48:c4:ad:6f:a7:bf:d2:63: + de:b7:fa:4f:8c:5e:ad:8e:c8:7e:4f:a4:9a:95:71:29:10:64: + 78:a0:55:ac:ec:9a:f0:27:03:2e:c4:ec:fb:4f:d2:a0:7e:98: + 90:88:30:02:45:07:10:d5:ad:f6:a8:e7:01:6c:87:c7:2e:0d: + d1:35:3a:e6:b0:e9:19:c9:c9:f7:ce:5e:77:d1:50:84:8a:c3: + d1:f1:56:2d:6e:65:0d:6f:e2:a0:c5:0e:48:82:6e:da:37:42: + fa:cf:5d:92:84:3a:67:bd:41:28:19:b8:81:1c:c3:eb:00:f0: + b0:a9:59:17:79:87:4b:d9:4f:e8:cf:30:76:42:55:9c:57:00: + d1:b2:2e:19:59:31:24:c2:9c:fa:c1:0b:54:56:a5:29:19:fd: + 14:82:c0:3f:a8:d1:a1:c9:6d:1e:f4:11:89:50:58:4f:8d:8a: + f8:f2:47:29:8c:a8:2d:21:1b:9b:ef:c6:1f:63:90:85:f1:c7: + d0:40:a0:53:29:9b:49:6a:73:38:d2:25:95:f7:52:2f:a0:24: + 1c:af:f1:f9:6e:78:d3:81:03:cd:3d:91:b0:99:45:fb:87:39: + 6e:b3:7c:fb:f7:60:01:86:71:40:5f:85:8b:7e:fb:cf:95:df: + 76:cc:7b:2c:06:d9:a5:cf:4d:f7:62:ab:57:2c:da:83:6e:34: + bc:bd:d8:d1:d4:5f:1b:94:78:c0:d3:b1:8c:82:d7:b1:f5:2c: + e5:30:bf:59:3e:d2:1f:a4:8e:0b:0c:d6:d1:fd:08:24:2c:31: + cb:b0:e6:36:3f:d7:b0:46:99:e1:48:18:8f:9f:42:fd:44:cb: + 6d:cc:b3:07:3b:7c:eb:44:d2:b4:52:12:2a:ba:c3:cb:f8:04: + 65:02:27:61:b9:35:9c:0d:0b:70:a1:d4:e7:c8:49:91:37:03: + 9e:8f:6e:a5:91:e8:6e:5e:ec:c4:17:4c:f6:dd:93:11:9d:40: + ad:e2:3c:05:dc:22:ff:1a:04:d7:b0:d4:a4:c0:03:e3:ba:4c: + 5e:b3:7a:bc:08:73:52:92:42:ab:7a:85:e1:64:e1:4e:b5:63: + 98:a9:b1:fb:23:61:1e:d5 -----BEGIN CERTIFICATE----- -MIICADCCAWmgAwIBAgIBCTANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw -OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA5MDQyNjIwMjk0MVoXDTE5 -MDQyNDIwMjk0MVowJzELMAkGA1UEBhMCU0UxGDAWBgNVBAMMD3d3dy50ZXN0Lmg1 -bC5zZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxvSUJSvV+uk9AKlGJPG/ -/mHfvczadLf5NsHOUdIBb3m6s0rVpENax63k4FDipr9Uc62lhgq9VsRPtfV/fv4Q -eBfiNUy7zEt0NdCrY7ECcpSnmtwQ7yiCqWzcGY24PlshUh+IUaZa+GfNy0hv9Ytx -fE1S2rv5JoonnH6K0ZlUNX8CAwEAAaM5MDcwCQYDVR0TBAIwADALBgNVHQ8EBAMC -BeAwHQYDVR0OBBYEFIq7LQZLvd6aunxaNdDiGTdIKQ6cMA0GCSqGSIb3DQEBBQUA -A4GBAJA17IzyYhR2iilSmUTB18iedO+QT+fqTc+PwXMM2UkGkzCwGV7enBGTZgJN -j+mMUvwmJp4JaaWnY9ItQN7l2NVRwzJgai8mE5FpNvZn5LBUnndoIl9RuDxCveMJ -3BGb7dtj35BXOACQvonn6o7YIc2WaGlLoxVQzmOAKplL/90c +MIIFBTCCAu2gAwIBAgIBCTANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw +OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTE5MDUyMzE1MDUxN1oXDTM4 +MDExNjE1MDUxN1owJzELMAkGA1UEBhMCU0UxGDAWBgNVBAMMD3d3dy50ZXN0Lmg1 +bC5zZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALVY6ests3yUt6II +7P1QwmGkNcjrrdaTTFCareCaAK5O7+1e79nLmKZeZX+mOMDuF0iQgExscXoRrxEi +Gxcs28LMLNAO3uqVatBCu7Ch63ye8Chk3UR/yPbVSOSAvvdYGNbUV3oJBz8j2ABT +hA9y6Q2ouUlXgPQAnJIWvafqEoGWWUiL/7mLnWjmfA37yFfMumpMV8zk66/MbjiA +5keg8uQJOXn7QsQpso3xj7lFH0fC6DCEpef6fN/wB4ke/W+lHYhXTna/kcc5rIdv +sCkLwASJlZqKs0oiY3wm4ur85fhDtWdQD5ngneIrP/oZ5GEa5MdoZkOhBRUkxAk7 +XbQ6+IfU2IDPbO36sbd9K2jKOiamSR7nJ/xPiXsZzo3Jnc1VY3IpsSsbNaQHMk8T +8b0DH7T88AXEnrDIcjcsDIK81KeH0zMQ84D+v2EbXsBbwAk928CdkZLEfHrr7LCO +aaFHZlMCUVWQ0eKahnB7Y9S5AxjIAWnG6WO8K7V13ANf77LTOsjbPLY9WZH8fZa/ +Q5daQNby+IJE+502Rz86M0NtnES6YBqddwJEFNBzmVNt73A0CxGxFsPJS0FmZEyI +/hKPPU8pL7PoFYsmWrr5/GvsnYrZZRfe5c6nhBse8a0ys3gVegjjk57l6zwzntUq +ISBikMfYPtQeDwYgAW4ipGfeaPC5AgMBAAGjOTA3MAkGA1UdEwQCMAAwCwYDVR0P +BAQDAgXgMB0GA1UdDgQWBBSRAz8U471DmLLUf0bCp7e7D3SZ8zANBgkqhkiG9w0B +AQUFAAOCAgEAJz/Yy2jI7zXtoFDXWGB3SHZFeiwgIoFi4+INEEjXdCOVdvt4w5jS +ORMTfyo43CqAujMKUdaeDEQEhPCuIB7m6IkJzYdmG4Ah57wD4McVGSO3BQv5ZFC2 +b30UaJa7TdbAKX/joUjErW+nv9Jj3rf6T4xerY7Ifk+kmpVxKRBkeKBVrOya8CcD +LsTs+0/SoH6YkIgwAkUHENWt9qjnAWyHxy4N0TU65rDpGcnJ985ed9FQhIrD0fFW +LW5lDW/ioMUOSIJu2jdC+s9dkoQ6Z71BKBm4gRzD6wDwsKlZF3mHS9lP6M8wdkJV +nFcA0bIuGVkxJMKc+sELVFalKRn9FILAP6jRocltHvQRiVBYT42K+PJHKYyoLSEb +m+/GH2OQhfHH0ECgUymbSWpzONIllfdSL6AkHK/x+W5404EDzT2RsJlF+4c5brN8 ++/dgAYZxQF+Fi377z5Xfdsx7LAbZpc9N92KrVyzag240vL3Y0dRfG5R4wNOxjILX +sfUs5TC/WT7SH6SOCwzW0f0IJCwxy7DmNj/XsEaZ4UgYj59C/UTLbcyzBzt860TS +tFISKrrDy/gEZQInYbk1nA0LcKHU58hJkTcDno9upZHobl7sxBdM9t2TEZ1AreI8 +Bdwi/xoE17DUpMAD47pMXrN6vAhzUpJCq3qF4WThTrVjmKmx+yNhHtU= -----END CERTIFICATE----- diff --git a/lib/hx509/data/https.key b/lib/hx509/data/https.key index ee6065a0006f..1a1c28e5eac8 100644 --- a/lib/hx509/data/https.key +++ b/lib/hx509/data/https.key @@ -1,16 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMb0lCUr1frpPQCp -RiTxv/5h373M2nS3+TbBzlHSAW95urNK1aRDWset5OBQ4qa/VHOtpYYKvVbET7X1 -f37+EHgX4jVMu8xLdDXQq2OxAnKUp5rcEO8ogqls3BmNuD5bIVIfiFGmWvhnzctI -b/WLcXxNUtq7+SaKJ5x+itGZVDV/AgMBAAECgYBfO282I7d3NPGYQW5r/LPUBfFd -HpNqzy0hQr+JdqZtP61YaPe+eucXMWue29jBzE+WV4YllTpwL+Ofy3VNyjsDCIva -acqVrimYl5EAT1yiqvC1DNC0SvAfEsBlpMJr7w8F4M7wbSxvGIWjRVeZtLd7H4pw -8ooDNZNlcXPyrBozQQJBAPGxPPiO66EpiN66ffRiqnof1lGUFaZPqBKYF/M3mybt -X7vMKQsrQpdNQTbtR2u42yBUJGw4trhIn1qDInkgXfECQQDSu61Z/m5xRVlBk3mj -QMqSVX+FoD3WtSry003lcxGfNsuguJtYHXHHhPbPNMUaDEtErkbUMQHNFX5mEjGp -0RpvAkEAwbDhhOy8pw5rMtvP3w9HQdHL5tq/MuY5cpVS9EaG335yL0VhSyMjHa/6 -6HLlvs2JRnJIMjaNMEh69IWNFfc7cQJBAIOzIy3BI0jLLHMdNcHfdjpqEJ50fPE4 -nDTR9jbV6Ud1uWEivoMdM8SbxpvMwPn8gPXVbRKj5hpDupEUAdG9iyUCQQCNSVcl -NREl42G5ZQ2Q+zYtYIJbe9SAxu7WcfzctFleRbmKPLqrcnCLWenWWHtrzZLRgFhw -rLiglEkVDRXivfhq +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC1WOnrLbN8lLei +COz9UMJhpDXI663Wk0xQmq3gmgCuTu/tXu/Zy5imXmV/pjjA7hdIkIBMbHF6Ea8R +IhsXLNvCzCzQDt7qlWrQQruwoet8nvAoZN1Ef8j21UjkgL73WBjW1Fd6CQc/I9gA +U4QPcukNqLlJV4D0AJySFr2n6hKBlllIi/+5i51o5nwN+8hXzLpqTFfM5OuvzG44 +gOZHoPLkCTl5+0LEKbKN8Y+5RR9HwugwhKXn+nzf8AeJHv1vpR2IV052v5HHOayH +b7ApC8AEiZWairNKImN8JuLq/OX4Q7VnUA+Z4J3iKz/6GeRhGuTHaGZDoQUVJMQJ +O120OviH1NiAz2zt+rG3fStoyjompkke5yf8T4l7Gc6NyZ3NVWNyKbErGzWkBzJP +E/G9Ax+0/PAFxJ6wyHI3LAyCvNSnh9MzEPOA/r9hG17AW8AJPdvAnZGSxHx66+yw +jmmhR2ZTAlFVkNHimoZwe2PUuQMYyAFpxuljvCu1ddwDX++y0zrI2zy2PVmR/H2W +v0OXWkDW8viCRPudNkc/OjNDbZxEumAanXcCRBTQc5lTbe9wNAsRsRbDyUtBZmRM +iP4Sjz1PKS+z6BWLJlq6+fxr7J2K2WUX3uXOp4QbHvGtMrN4FXoI45Oe5es8M57V +KiEgYpDH2D7UHg8GIAFuIqRn3mjwuQIDAQABAoICAQCmrGPCHSzcEat9J4r5f2JI +b65nTgVmM9duNdwdlC2QB0kI97qmiDNypUvQOKvs1mdb8EOa+giJ0vr+WkRf1oDc +1t9REnnbTRzw8ISk4Q0YatP7rEiZjoDcLEdkjNf3aWba/CqyJN4eMAl0s02rDUgZ +n7s8J0qD+JPuySviyoXbyJ2iydltZV51bXETQRhvaeDjlesUjEn6N4AOOpprtwfG +gpvq+v3wYQqU3zHjbB5FzGOvRBtfzJ89CtVCN9Ni63TrPKMHDSck3mMtz38vGneP +NAzmDxidyGF7WBozM+EBfumZXMIaAZHarzmL2oRGo3sls1RaUAHl3va2LXQAFDsa +vwAZBc5vcoBvnBCmnQCGnOF4NLSvo+x1CBWpDl7hatUfO35D/aLtIPZh6RofEVCy +IQAM/ScZfk9kGyy7QfoTiPNjzCx+YF8iXQV/04Q2E2/nHRhq5OnyL3gzXd5PWuzM +SLsEcYZecAJ3K4OJCtXTMguaaPNQqdGbkBKW47/lun216QL2CVAeKcRnqC+xNJ51 +Rv9sQTMrBhByPZvhO7I6m0PA1CU5ACcVYHHx1zkVRNYbC9Wv8KSk3Nj3Yi0br8wO +akPDFCUcA5VSysQ3Be5VxF5yUiwuAb+sjl1E815l+ElvVFH4I1AY8GyC1kgBg0Q4 +L3lTiKS7EVZJTOvDGgH4iQKCAQEA6ufkBK3t6JOgq1LRl5+XdSZtMklwh7/0E7ma +Kwma55gpmiOZmEK5mkBowR2J7NS1XXtOJkV2oj9vVU6hFFipU/5eNTEc7FqhJzxs +WPtsJmVrwzEXq9rTDQ+EsOoyfPamocg3eMeWIfpjtWue7rn779/enamkUVuxal+C +Tpw7zC/V3cg8jvjOMktafCUGtO4GtsRyxJeiNxWkd1Dfb4WYkc9pye6m7SpciKUJ +HunNtLzHuXCc0nlt60JffecGgfGl6M2rWDPROYR64WXmYufus4JrP/qdBiWYV9zl +33NNuTRuLKitFQsPv12+MHB6vUWj2x5SpfH5sJAK0LiMRTQW9wKCAQEAxaHMdh7e +Votke9cQ8n/AXAkczLEI2XnGUFYkqCirqw+kQhNyzyy0iO36N1bUY5GyaJP2xz4X +gUYoxcNnnjXghiJ8aEqnrbpcS/4YxvgVf4wMDaBgc3PNFA5zrKplYDVzUT8rYsmR +6m/q84CGcmPYelP/reVBpMqJKucB4vIY+tbBoF2jre1EPJBTjNggaHavQ+j5Hi6Q +ec+n18KhXZt+vFKFHmkYxMweHnOFEMNDY5s7q5pwnee93f+2NCtYmcmkNaNRUMRf +3N4t8HRPLbtObYYp9A3u8C8p3Zcj7GjiWA7uzKOB0hCQaf8zEKmVky5GuvawZhm3 +vT1FSKJ1aQXZzwKCAQA1xLh7nbg8KTZ4oK9a7mvDo/UQsqCwYe6jaTNxsHQlmL3F +C2sH4BYNybpwoatFa3bMHAJKXlIGV1DLjQDv4E9561pzAHfnXeNPUNRYFcyuiT5+ +YklRy/fNIIU13ZWK5wZDN8oCumSSCHc0OpsZd7bENFEHc6IqATv95ji0d6x0U2q3 +pjK+YxMHjhn7GpqLZYRh51uBxleaFjkcGoXaSBEhJwHG9/p7hNvDZ0tMKSYtvZxV +xQIQZz0SwZGMBwqFSeO5AwK6YLn+WWWrHCD8+Ku5qRuVfG7ezlItomF3oTPkNa0W +SdG8ZFjJa9Kx0b02f68+45T1aQrHMGFZXzS0TnUHAoIBAHPAxZF1mQIVmKAUIj/2 +ZUNCrxSQqD9AXNAW9FdtosaJXcq5u2fupjsBL6mT+MfswRMRftvJ2ViFMEJMpfb7 +VWsa7cTj3PwbCA4WYIrBKU5QR4r/oR5d+ALESCocj03fYJB4sD+nEgi+zl0arSR4 +qIVVh45hlaYgXmC7dtZmuAzLFhOIZOLs8ieK3PTEbY7h3Nuoq6hq24INByCPRZYf +CgbhSki6g6BYcVeij5B23ZSMilGDHmzOG93X9O7vaHCCsuQbqPfmXMNvena4mNuP +NmtdxlrEgms5JIs+B/Nipxeuf11qcxIHU55Rs6YRvaK72v+Ml1rlu0Fijp7xUFVX +8O8CggEBALa5eXFkbBLudIrvum4+trQDD1WWjUO6WmR+VuddKSsEsKj4q6ubbCEZ +Dj4RyRNlDJ4yCaJtMFdfT8bjRcbLrHw5ZVgUpvtPBWGAvuVc9Tr/xq1Hn75w6isu +BEeWN2DSWSofpWCaAQk20EKzXxkIrzgzt1Ht5t22wsZ9Def07G6eUWlRQy1hRbH+ +G8sv+E5soYm5/3mAcUuUqsbyCqm4zaxSPquvbuywYPjQXyU24tfr8TtQz3XiWpzM +ZS0Wou4EgiJQUZGcwV8rX5j8ELSTNkm5UnBaLRWT/raG3s30F6B3WjLbsxr926mB +2zmdO3l0e9ryWpkYHrKaEdZhkQx6ryE= -----END PRIVATE KEY----- diff --git a/lib/hx509/data/kdc.crt b/lib/hx509/data/kdc.crt index 95ea4a4b8350..6a0e32934a6d 100644 --- a/lib/hx509/data/kdc.crt +++ b/lib/hx509/data/kdc.crt @@ -2,25 +2,51 @@ Certificate: Data: Version: 3 (0x2) Serial Number: 8 (0x8) - Signature Algorithm: sha1WithRSAEncryption + Signature Algorithm: sha1WithRSAEncryption Issuer: CN=hx509 Test Root CA, C=SE Validity - Not Before: Apr 26 20:29:40 2009 GMT - Not After : Apr 24 20:29:40 2019 GMT + Not Before: May 23 15:05:16 2019 GMT + Not After : Jan 16 15:05:16 2038 GMT Subject: C=SE, CN=kdc Subject Public Key Info: Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) + Public-Key: (4096 bit) Modulus: - 00:d2:41:7a:f8:4b:55:b2:af:11:f9:43:9b:43:81: - 09:3b:9a:94:cf:00:f4:85:75:92:d7:2a:a5:11:f1: - a8:50:6e:c6:84:74:24:17:da:84:c8:03:37:b2:20: - f3:ba:b5:59:36:21:4d:ab:70:e2:c3:09:93:68:14: - 12:79:c5:bb:9e:1b:4a:f0:c6:24:59:25:c3:1c:a8: - 70:66:5b:3e:41:8e:e3:25:71:9a:94:a0:5b:46:91: - 6f:dd:58:14:ec:89:e5:8c:96:c5:38:60:e4:ab:f2: - 75:ee:6e:62:fc:e1:bd:03:47:ff:c4:be:0f:ca:70: - 73:e3:74:58:3a:2f:04:2d:39 + 00:ab:f2:c2:da:bb:d1:bc:5a:96:c0:76:11:4e:7a: + 52:49:8b:84:ae:ca:44:4c:5b:30:ad:9a:6d:94:5b: + 1a:52:3f:d5:9b:d9:62:4b:96:51:bd:e3:55:be:5b: + 09:65:7b:3a:3b:2a:1f:9b:a2:95:e5:a6:f6:85:1f: + 7b:35:b8:2c:55:14:19:13:91:bd:56:6e:5b:f7:49: + 03:a8:53:01:16:27:53:8e:3e:71:1d:9c:dc:38:30: + 38:c2:55:e3:58:15:bb:de:53:8d:2a:5f:68:b0:49: + e4:7f:dc:38:57:fe:89:1b:6f:5d:52:fc:fd:cc:ef: + 37:71:e6:70:13:3f:24:5a:a2:8d:b5:a4:90:4a:2a: + 0e:e0:c2:6f:4d:0e:ef:ab:c9:2f:90:0a:ee:20:e8: + be:6b:bb:4e:43:8b:56:9f:50:aa:e0:71:2b:0f:2b: + b6:68:d6:11:c0:c4:31:b0:ab:32:a1:2e:93:54:6d: + ab:d3:c1:84:4f:c3:fc:10:a5:fa:6a:ae:8c:80:05: + 7c:54:4c:c1:aa:bc:50:ec:3c:19:9e:aa:df:82:0c: + e7:6e:ed:c9:f4:46:3e:60:6b:81:d9:b3:d7:64:19: + 5f:64:bc:b5:a6:f6:38:03:02:ab:f2:b3:ba:2f:4f: + be:e3:c3:34:cb:d8:01:42:3d:43:81:9d:a9:4f:5e: + 6f:14:d1:84:05:b6:f3:f0:9b:fa:b5:e8:1f:e6:40: + e2:b9:ce:a9:eb:1c:c4:da:85:b2:6b:b1:c7:a5:91: + 0f:a0:79:7a:85:b2:b4:b5:4e:a6:8c:cd:c6:45:5c: + 97:d2:e8:3c:01:2a:77:b2:e1:a7:2f:ed:2c:bf:42: + 77:94:a4:47:bf:c7:58:43:14:08:66:4e:5d:24:99: + bd:5f:0d:e1:b1:56:f1:c3:db:97:f6:b5:22:92:23: + eb:a5:f5:49:4d:76:80:4a:83:af:a8:17:31:38:b6: + 3b:49:1e:37:5e:fb:e7:9e:90:1d:8c:b0:8a:c2:dd: + 5e:1d:1c:2f:c4:71:aa:d2:2b:c5:16:09:f1:5d:63: + 7c:02:dc:b6:e0:b9:f6:2b:a1:56:1b:20:8f:13:c4: + 60:d0:21:c9:91:a4:43:de:f9:64:d8:4a:5c:4a:cd: + 51:87:66:55:ec:9c:2d:10:b3:23:6e:0e:48:44:2b: + 86:01:73:2e:77:28:5b:6e:43:09:ea:0f:cc:0e:da: + da:88:f9:ef:6b:37:48:bd:e4:47:4a:4f:f9:72:bd: + b9:c4:a0:bc:67:29:ec:5a:55:22:b6:8e:f0:23:9f: + c1:fb:86:9c:18:59:43:4c:eb:b6:bd:2e:18:fb:44: + ae:27:15:e7:3d:6d:9a:c7:6f:61:99:e1:7a:80:de: + 64:a8:e7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: @@ -28,32 +54,69 @@ Certificate: X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Extended Key Usage: - pkkdcekuoid + Signing KDC Response X509v3 Subject Key Identifier: - 3A:D3:73:FF:AB:DB:7D:8D:C6:3A:A2:26:3E:AE:78:95:80:C9:E6:31 + E6:0A:BC:C8:0C:58:A4:53:82:C7:15:E0:42:D6:73:67:26:2C:39:D1 X509v3 Subject Alternative Name: othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption - 83:f4:14:a7:6e:59:ff:80:64:e7:fa:cf:13:80:86:e1:ed:02: - 38:ad:96:72:25:e5:06:7a:9a:bc:24:74:a9:75:55:b2:49:80: - 69:45:95:4a:4c:76:a9:e3:4e:49:d3:c2:69:5a:95:03:eb:ba: - 72:23:9c:fd:3d:8b:c6:07:82:3b:f4:f3:ef:6c:2e:9e:0b:ac: - 9e:6c:bb:37:4a:a1:9e:73:d1:dc:97:61:ba:fc:d3:49:a6:c2: - 4c:55:2e:06:37:76:b5:ef:57:e7:57:58:8a:71:63:f3:eb:e7: - 55:68:0d:f6:46:4c:fb:f9:43:bb:0c:92:4f:4e:22:7b:63:e8: - 4f:9c + 31:6b:88:4f:57:8a:4b:7b:25:d8:53:0f:04:e9:52:a7:e3:93: + 12:ed:bc:96:03:c3:ae:53:6a:10:60:76:18:85:1d:9c:b6:93: + d8:92:d1:d8:e5:af:23:d6:64:93:11:f3:23:8e:ed:43:12:dc: + 5d:1b:d5:49:b8:3d:fd:e7:52:58:a9:26:2c:cb:49:09:d4:54: + 6e:e6:45:c9:1c:3f:50:b9:f3:13:65:84:45:a7:1c:23:48:ad: + 93:c0:f9:b2:fa:1e:25:d0:40:d5:8f:7a:c8:8c:72:ba:88:22: + 19:a7:3a:08:cf:7d:9c:45:da:3e:12:64:3f:b4:e0:c4:36:97: + a9:be:ef:e2:4a:1a:cc:c7:f9:8f:4f:30:04:11:f4:16:cf:ff: + 6e:85:f1:cf:98:3d:09:e9:f1:98:30:ff:a2:3c:d5:96:50:3d: + cb:21:db:89:56:8c:f4:a6:87:e3:78:44:49:c5:53:c9:19:a1: + ff:a0:0d:4e:a7:89:d9:11:52:39:21:b4:b9:21:e8:af:39:9e: + 2c:41:3d:82:3e:20:b8:60:8a:b6:de:d6:6c:f3:b7:5a:10:ce: + ba:92:a7:6a:0d:5f:22:e6:98:e4:2c:d7:2d:7a:d4:22:bd:15: + ce:2c:79:7f:d6:d0:78:f8:d9:a6:e7:87:84:cb:0b:8b:1e:aa: + 0c:57:4b:8c:3a:a9:e5:66:92:eb:00:b2:2c:05:1f:14:ab:23: + 7a:61:b0:00:02:bf:24:42:8e:0e:1d:52:20:11:93:94:b5:2a: + 56:33:f4:bb:63:21:ea:64:cf:d2:92:8c:70:7e:b5:f9:4a:c2: + aa:a5:81:36:bb:76:cb:ec:98:bb:3c:8c:67:1a:0c:3e:97:f1: + 4c:dc:25:e2:59:a2:6d:fd:db:54:ea:9b:14:5f:18:dc:2c:e1: + 45:89:27:a0:b7:f0:09:57:94:b5:dd:9e:84:51:35:98:12:c7: + 20:ad:75:4d:42:54:44:30:e2:b9:cb:25:0f:e0:a9:6d:d5:6d: + 7a:97:b6:fe:b7:54:4e:83:ed:bb:4d:d3:80:99:2b:1b:ee:a1: + 3b:b8:69:52:64:f7:d2:bc:2f:18:73:d6:8d:04:54:c1:3f:14: + 05:65:fb:cf:c2:38:25:92:33:cc:f1:48:cf:e5:d1:a6:c2:57: + 1d:06:d8:1d:a1:0d:d6:e6:8e:ba:b6:d6:88:3c:a7:87:02:bb: + 32:47:82:aa:d6:5f:8a:69:d8:5e:38:99:a6:1d:09:a8:d5:b8: + 4c:80:23:ed:83:67:5f:b8:8e:f2:c4:8f:8b:76:b6:a2:09:b5: + 44:1c:70:d2:5b:61:cb:c6:68:f9:9b:93:72:5a:bc:08:98:80: + 90:64:a7:d3:a1:f8:ee:b7 -----BEGIN CERTIFICATE----- -MIICVDCCAb2gAwIBAgIBCDANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw -OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA5MDQyNjIwMjk0MFoXDTE5 -MDQyNDIwMjk0MFowGzELMAkGA1UEBhMCU0UxDDAKBgNVBAMMA2tkYzCBnzANBgkq -hkiG9w0BAQEFAAOBjQAwgYkCgYEA0kF6+EtVsq8R+UObQ4EJO5qUzwD0hXWS1yql -EfGoUG7GhHQkF9qEyAM3siDzurVZNiFNq3DiwwmTaBQSecW7nhtK8MYkWSXDHKhw -Zls+QY7jJXGalKBbRpFv3VgU7InljJbFOGDkq/J17m5i/OG9A0f/xL4PynBz43RY -Oi8ELTkCAwEAAaOBmDCBlTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DASBgNVHSUE -CzAJBgcrBgEFAgMFMB0GA1UdDgQWBBQ603P/q9t9jcY6oiY+rniVgMnmMTBIBgNV -HREEQTA/oD0GBisGAQUCAqAzMDGgDRsLVEVTVC5INUwuU0WhIDAeoAMCAQGhFzAV -GwZrcmJ0Z3QbC1RFU1QuSDVMLlNFMA0GCSqGSIb3DQEBBQUAA4GBAIP0FKduWf+A -ZOf6zxOAhuHtAjitlnIl5QZ6mrwkdKl1VbJJgGlFlUpMdqnjTknTwmlalQPrunIj -nP09i8YHgjv08+9sLp4LrJ5suzdKoZ5z0dyXYbr800mmwkxVLgY3drXvV+dXWIpx -Y/Pr51VoDfZGTPv5Q7sMkk9OIntj6E+c +MIIFWTCCA0GgAwIBAgIBCDANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw +OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTE5MDUyMzE1MDUxNloXDTM4 +MDExNjE1MDUxNlowGzELMAkGA1UEBhMCU0UxDDAKBgNVBAMMA2tkYzCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBAKvywtq70bxalsB2EU56UkmLhK7KRExb +MK2abZRbGlI/1ZvZYkuWUb3jVb5bCWV7OjsqH5uileWm9oUfezW4LFUUGRORvVZu +W/dJA6hTARYnU44+cR2c3DgwOMJV41gVu95TjSpfaLBJ5H/cOFf+iRtvXVL8/czv +N3HmcBM/JFqijbWkkEoqDuDCb00O76vJL5AK7iDovmu7TkOLVp9QquBxKw8rtmjW +EcDEMbCrMqEuk1Rtq9PBhE/D/BCl+mqujIAFfFRMwaq8UOw8GZ6q34IM527tyfRG +PmBrgdmz12QZX2S8tab2OAMCq/Kzui9PvuPDNMvYAUI9Q4GdqU9ebxTRhAW28/Cb ++rXoH+ZA4rnOqescxNqFsmuxx6WRD6B5eoWytLVOpozNxkVcl9LoPAEqd7Lhpy/t +LL9Cd5SkR7/HWEMUCGZOXSSZvV8N4bFW8cPbl/a1IpIj66X1SU12gEqDr6gXMTi2 +O0keN177556QHYywisLdXh0cL8RxqtIrxRYJ8V1jfALctuC59iuhVhsgjxPEYNAh +yZGkQ975ZNhKXErNUYdmVeycLRCzI24OSEQrhgFzLncoW25DCeoPzA7a2oj572s3 +SL3kR0pP+XK9ucSgvGcp7FpVIraO8COfwfuGnBhZQ0zrtr0uGPtEricV5z1tmsdv +YZnheoDeZKjnAgMBAAGjgZgwgZUwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwEgYD +VR0lBAswCQYHKwYBBQIDBTAdBgNVHQ4EFgQU5gq8yAxYpFOCxxXgQtZzZyYsOdEw +SAYDVR0RBEEwP6A9BgYrBgEFAgKgMzAxoA0bC1RFU1QuSDVMLlNFoSAwHqADAgEB +oRcwFRsGa3JidGd0GwtURVNULkg1TC5TRTANBgkqhkiG9w0BAQUFAAOCAgEAMWuI +T1eKS3sl2FMPBOlSp+OTEu28lgPDrlNqEGB2GIUdnLaT2JLR2OWvI9ZkkxHzI47t +QxLcXRvVSbg9/edSWKkmLMtJCdRUbuZFyRw/ULnzE2WERaccI0itk8D5svoeJdBA +1Y96yIxyuogiGac6CM99nEXaPhJkP7TgxDaXqb7v4koazMf5j08wBBH0Fs//boXx +z5g9CenxmDD/ojzVllA9yyHbiVaM9KaH43hEScVTyRmh/6ANTqeJ2RFSOSG0uSHo +rzmeLEE9gj4guGCKtt7WbPO3WhDOupKnag1fIuaY5CzXLXrUIr0Vzix5f9bQePjZ +pueHhMsLix6qDFdLjDqp5WaS6wCyLAUfFKsjemGwAAK/JEKODh1SIBGTlLUqVjP0 +u2Mh6mTP0pKMcH61+UrCqqWBNrt2y+yYuzyMZxoMPpfxTNwl4lmibf3bVOqbFF8Y +3CzhRYknoLfwCVeUtd2ehFE1mBLHIK11TUJURDDiucslD+CpbdVtepe2/rdUToPt +u03TgJkrG+6hO7hpUmT30rwvGHPWjQRUwT8UBWX7z8I4JZIzzPFIz+XRpsJXHQbY +HaEN1uaOurbWiDynhwK7MkeCqtZfimnYXjiZph0JqNW4TIAj7YNnX7iO8sSPi3a2 +ogm1RBxw0lthy8Zo+ZuTclq8CJiAkGSn06H47rc= -----END CERTIFICATE----- diff --git a/lib/hx509/data/kdc.key b/lib/hx509/data/kdc.key index f6be6eb5e123..bdb97b919a9e 100644 --- a/lib/hx509/data/kdc.key +++ b/lib/hx509/data/kdc.key @@ -1,16 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANJBevhLVbKvEflD -m0OBCTualM8A9IV1ktcqpRHxqFBuxoR0JBfahMgDN7Ig87q1WTYhTatw4sMJk2gU -EnnFu54bSvDGJFklwxyocGZbPkGO4yVxmpSgW0aRb91YFOyJ5YyWxThg5Kvyde5u -YvzhvQNH/8S+D8pwc+N0WDovBC05AgMBAAECgYAw4vS6opmMcFRXhralHW2OJEUR -VIGGPm4kBVBYOb4O5ZLW3UI/IZnZ/5WFn0/MS7owcdHjWN4Ax0s02eXp1mXm0sua -gr6JuWTTv5y2Vjrq2AQ9RqNIaRp346gbtqt2/Nhoyl3BMcVPuq69WcbDVq+GPNE5 -K5plwS32AQJsceitWQJBAP6M2xJ4cOh3keOOfYnVvoBRsS++ErViBOtHgjdriJXz -Hy9uNPp4HGpKExPWBVRozBQ5HMYUY2Wv+Zsku+mlgzsCQQDTdAqkOzzhJ2+uD2et -MyMDBm2oKiPUrpSBTFo1EiDH6ECrNAJd0FyYFwYvcI5b7BK06SFRmd80GSvBeOMI -TKIbAkB2zFIpqqA3PiaOJyAbxe+kf3vMJk8g6+AT1knFh6A1K0QwpKSBCLFqQavp -pAbUwBwOjCELqNRCzwAVEe3JO3+lAkEAhRhedl8/A62R8yqJJJCycf4C2b2kjgNR -QE1x3kPJ1GqRAfIbpzc2gRjE8OlVAfEHGU5AhZ9nyeAqFX5k0N2DjwJAZpJApfQo -VoCVZyPPASHV4B6k5b/DUcLo9XnNYkcm5EsdjJXR8TWCrkbBxPM3i1Nn/2Lpa0xp -FiD4cMhNHreApQ== +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCr8sLau9G8WpbA +dhFOelJJi4SuykRMWzCtmm2UWxpSP9Wb2WJLllG941W+Wwllezo7Kh+bopXlpvaF +H3s1uCxVFBkTkb1Wblv3SQOoUwEWJ1OOPnEdnNw4MDjCVeNYFbveU40qX2iwSeR/ +3DhX/okbb11S/P3M7zdx5nATPyRaoo21pJBKKg7gwm9NDu+ryS+QCu4g6L5ru05D +i1afUKrgcSsPK7Zo1hHAxDGwqzKhLpNUbavTwYRPw/wQpfpqroyABXxUTMGqvFDs +PBmeqt+CDOdu7cn0Rj5ga4HZs9dkGV9kvLWm9jgDAqvys7ovT77jwzTL2AFCPUOB +nalPXm8U0YQFtvPwm/q16B/mQOK5zqnrHMTahbJrscelkQ+geXqFsrS1TqaMzcZF +XJfS6DwBKney4acv7Sy/QneUpEe/x1hDFAhmTl0kmb1fDeGxVvHD25f2tSKSI+ul +9UlNdoBKg6+oFzE4tjtJHjde++eekB2MsIrC3V4dHC/EcarSK8UWCfFdY3wC3Lbg +ufYroVYbII8TxGDQIcmRpEPe+WTYSlxKzVGHZlXsnC0QsyNuDkhEK4YBcy53KFtu +QwnqD8wO2tqI+e9rN0i95EdKT/lyvbnEoLxnKexaVSK2jvAjn8H7hpwYWUNM67a9 +Lhj7RK4nFec9bZrHb2GZ4XqA3mSo5wIDAQABAoICAHA3A/df76ausAd2hiDjL2ST +ysmPczcppAEH8U+KjQj0Y+FL4xxVQ49bF5AdNWqnGv+Vo/8cAhtX9TY3r18FjNkR +PrRIvnnzl80wN1TYprLgg2UnVwbuYcHBpqkdCDtqI6sad9wZW+cAskDHZXX3xV7E +NPF97dyamWKZ8rZ81KrZvwW2Gfxsqj0AZ0aw4rUHnSSyHWoYunzwRklKXAOoz3ue +H23NJ0QPwJI+9/bGI0qRbNECqcqOVl0AGDZ9O4n30/WQnu0dEp7sOxuQtV+ZQDhN +V5RLVys11Gt0fc+n0H+hF2JUzW/i6/b6/WBs7qsFrhxSPthxZZDnDnE+hUoo5PBt +OTn3eeyMBP4SdZmB8z3ekWeDd6qS+EnbEee0Y8CwW3YU2KKo5jRCpL18regVW0HW +4t2NRjB4ioMLCSVrCukiWM6vPnStaeg5klTnb9GzsO99ruXNDSENjStEcoRCGjfk +9OPb4inrKIcKiNxvfOOvXNtpi9+7UDR9w15oHscxU13LySMQVPc2TCwACx6G55iD +MFGPDkDsm9m4Xee96To0abxiu/7Vc1H9lrnOMXfZP0DgNcOWFwa73QfSJvKwTl1w +kHQTnk9yDYHgn/DPLAbhELxkNkIJNTz66tknhak8pkIFTsrTdEwMOqvdRCr9z7XL +tStd7GcxCSVQskthkSSxAoIBAQDYYHjCGoEKojMUZzCbNDq+Z3ZiZ7m/sl8xduO5 +zUvY0sWuJi5ijOLfiGwDm+wEIannQhSnhVskevFC6ZXoynYufzSBD1z4wPsLpIwY +TAxUB1NEHKBONWECiOpXeiEP0itRXxqoV4Gb9SFjrRbA/yvQqonNtMoeWZ/Sco1O +CAzi20/LRtv/oMUsEzyOnvsDlHORIKgu1hpj/d/ik6e1F+k/1lqtzaRKLwPwgwfA +LbLlYppu/6MzhAI5E3ujq3NeiqPU29tpxrQJnEOxPaPTrpwKjM/qBLF/H5o5e9Q0 +MkZFkPKQWLVQJFb+AWTWAGJzFdcw6X7KFURoafljsrN7DlPNAoIBAQDLb4YCUUDk +pIzizpSuhhJCmh6B7/bSvoCr9pMwJadPhuADs9f4AZhaJGv745uxjaNx9seWCP4s +4tEEhYFASzYyTfi6ChJZb+5+RJlkYkUplx1RVFCrEmi+X0Sy4SlhdTxTsnVd3Qtb +0Ak7br422pc75YiEGf7Iz2k/ry8xif6pRsU7eeXm3e/rNIAr0x9RZ5aRl9Xg43N9 +GYcjdTK7G2KTUPYkRwFT/u3WK0DulTVnRX1+qraemq+fiyelox/SwY6n0c6K9hiD +M21LOGBmjEirWU/OtCD6fsIYIilEu+u6RhyoKNWYwRxmdKQoKfow52gpyGU7lCI7 +plFXCFyJxeODAoIBAQDFwlZcQVETYO+ChFV+ZJwUDge7JMY2GFa8pMa5uJLL1sfp +xOe8Frv8RXlDSyzJEeNxg4nRGicVDnCXEVp76x9cm9Jm6p20lNxd5cRNKKRT4GYP +6IHzOQIzCOP1k5/ID/SbaGq61U+WNNKRgU88kXuAOX29TrE0UAGsnBnd6amtZXhm +d5r25f+Pqv079L3CpdmCGPDd7b0tComnUgCDmRkLyWQTWdIAIzxcg8V/tcS9tgMj +0+1bVhmaBN6J1leZXukh0NeWs481AWc1BPtIq1veoJgecK+xWjbgtvZZxmFHj5TC +rPD6EFyZxrhchvlz6dBF2gKRvCJLtB/FKTy1CYE5AoIBAGFbqgKJ6EiEB3iz7Kvp +Nevx3g/JS5Jn4SRrCN3N51hD8AlVlFH4UXUyYQtXTjeW1VXBCJthCmNo2ScUzVp7 +pCBG+HXwQ//RdY2wPsivzvGshDdb5o84bDBPX41L/IXLmWdkzI5zLvBtiz2KLjYK +Pr5HhyHRXwGzYWc865UFuX5BhDqGh+QI6rzhj0Vp8F8A+CoNRCowMCD6ipYJjJHG +9VITOPj7kkMkiaYpZRXJCpm1w+1Ovb8BwHLWIc8/VgeC4kamPfZ6+BgyEGgjPt9U +26JFR9BgnDfFWhY6ow1l8dZfn29Ku44zPOg7giRGkpm85Ti50tjEd+2cFulT8xVs +QwkCggEAJ5+tgWw3kHch4pK94R8hSzv5OzNQUZvdXYZk751/k92ZSrYeiZ7cj8de +kcFLiQjY5pkOrkF7oKUKDZXyVU2BQN0jjX5/0Hqpwwj9gBXuXnit4J0mrPDFBEh6 +KcC2Cjw/ul7MdzWlJEdAgu0sR9EPIPmTO9pdziH2k6uNSfj1S+hIAPNQ1tvME4zg +M+0THn2pVqhAZxBj4VREbGzk8tIBl1LZEx88REdSbe9FKcS/wiGCpnttQqL/WSu0 +9pXx0T27VSdxXoSQF3kVdEdQ9EEsfAi9t95UJqOfpkKamEefao3xDrE5whSddD+q +HWEzextsObokaNciuMPKlJLizq1W+w== -----END PRIVATE KEY----- diff --git a/lib/hx509/data/mkcert.sh b/lib/hx509/data/mkcert.sh index 5faa571206a8..c06528dc82ae 100755 --- a/lib/hx509/data/mkcert.sh +++ b/lib/hx509/data/mkcert.sh @@ -2,8 +2,7 @@ set -e -# For now, avoid going past the 2038 32-bit clock rollover -DAYS=$(( ( 0x7fffffff - $(date +%s) ) / 86400 - 1 )) +DAYS=182500 key() { local key=$1; shift diff --git a/lib/hx509/data/no-proxy-test.crt b/lib/hx509/data/no-proxy-test.crt index 3c316fd99663..7e38cd9b564f 100644 --- a/lib/hx509/data/no-proxy-test.crt +++ b/lib/hx509/data/no-proxy-test.crt @@ -1,13 +1,30 @@ -----BEGIN CERTIFICATE----- -MIICDDCCAXWgAwIBAgIJAMJEvwnR1+3VMA0GCSqGSIb3DQEBBQUAMCExCzAJBgNV -BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQwHhcNMDkwNDI2MjAyOTQxWhcNMTkw -NDI0MjAyOTQxWjA0MQswCQYDVQQGEwJTRTESMBAGA1UEAwwJVGVzdCBjZXJ0MREw -DwYDVQQDDAhuby1wcm94eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoj9n -WflMrV4pTKogjZSsR0ayv0SnNJDalEKSvEge7NeWJm/qOl63ZFp/Fu76CX5sw0um -3y08szXc7PQ3bfeaOASI3DRjeq/Bdo91189IudKjRQGmpwvaLaB+geiJ0zxL8MbO -zYCKZR2HtwmnyAtuVxBzg/JkbRivZNY6eFujez0CAwEAAaM5MDcwCQYDVR0TBAIw -ADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFAsSc5J6beDqU81cycJGR+e284BXMA0G -CSqGSIb3DQEBBQUAA4GBANmfFhAMyYld728X7ne9GFLKKOSmWNUBlI7imwZcXo3P -QgCBmjhDiadCLdntQNCGAtBMUUM/jf3SCzWyEUtvCfqNCeFbYuS4CNStrACtDNjb -iw34aVAORleFr4hzAe9c61UH8nIkQbMYH264yUA/RJC1U01b/26YlKAVq75l3d36 +MIIFETCCAvmgAwIBAgIJAKQmPUkmhyKoMA0GCSqGSIb3DQEBCwUAMCExCzAJBgNV +BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQwHhcNMTkwNTIzMTUwNTI2WhcNMzgw +MTE2MTUwNTI2WjA0MQswCQYDVQQGEwJTRTESMBAGA1UEAwwJVGVzdCBjZXJ0MREw +DwYDVQQDDAhuby1wcm94eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +AJ++Eu48QHbj9zWx743IdmFihU06xR/IAezZPoZYhQsxw0kVQXNnC1sdGqpl7DWe +IQGmokhpfRq0LPOtK4QhZBAqvpWohdreJfPrEM75U9LdPQXtKcbzV5hfz4tVUbcH +jvgvH+M5Zyr1SvDWsK7/CEyNC7d9EYfLcVtas+uPtq6YWtRW7A1SeHiZKGPikkQy +cSwtsqtyrbNyHvz32GdasW1exOLXwqH4dXNeO/C7EQCQu8gv/klWfKC9d3wBp+6h +LQsXoTh3JqaszucAMhen4RihyRcofsEbWLpmzGIyIDIB2IQ/ZYwF1xfOFi7gTGFF +Il80EdEvw8x7GcZFVMJUQzYH8rnHEU73bzAuEVJay4vR5SwWjGIgIcZl5gYWSGMq +4VhLQisIVfo1hcLniPCSQH3GExCQ8QvVi8Ks8tkd+0zs/24B5HFzWHJspKSnuOya +dZreKjAvNWPPflolipjKDORxocJDojIbW03cgZwHULRP6sU8H/dXnLBw8t9natJk +zHGslG8rZoR61QHVcalk2qAzP78lhRfOU/XlGTkOX8zbfnaVS/O6IbBxhagtBApc +Ms2aunf0H6fxyyzSAllAu+fnDsUMBhQWTkQmK2GmEEba8FYbS+K5rbn/fzn+xaS4 ++Lh3GaaPI67+2EwcDWdfBAzHC4Mj3UF2i4o3r3fAazHrAgMBAAGjOTA3MAkGA1Ud +EwQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBQU3CICEd4bSVDR3MKEOFoAqRYt +8jANBgkqhkiG9w0BAQsFAAOCAgEAMAG64y2s7lZi+1yZtIfvgBe/QwO0s3TrZVc/ +VTSmVgcsI4pOW9A2NYxJR5RwEg1fNAoKPz8+D/9FeZwVED8Q9xUAuvtEsr2npd6d +ogQblbVBFkuQ+3Wt7ILYBKXgFQB+473yu91o/k7Mg07/2XsWMhkNspMpBo4frUo1 +7JlXH4wLs1pAGbhFZ7e4s+8Xm3zSPa9UuhYNDqwheeVulwiP4v4zf5DZD9iyFcYj +9COnCYNvY2gSi+GaT712jLR9/0CUfFbiY02e6VS9TI8pvHlCbOaUAqTeYAr8GkpH +qupkvOmTWwgubeK7BrDvuKJIavK8sN5mqK/KzFpzRjMzzppeuv/ArKMnjbr52BtG +fZK8LxbeXuxbcqHpxRT2uFIoQAtIxf1oMYoqac2TNZ2V+x3nRMfsgW6JK+huoQpB +Z9pyRNTGb5B6JNDaW5qeXmJz3zVKWFCRO9kwWajBDmQcd9A2BMukCtcWIDR9PSuO +zqRXI64gh/Pm+pHrG+U8/m/WhEmMquJHjbeU7lpd7wiRwHyvGqka/pHIKt3Eozkh +FCthDU5sK1pLWCyQU+DmrL3+LKJaL+Yiok0lKiPT42II3d0yVIeV6BtVHpFQLYBm +rJHozXOvFEE1i8o4jl7mjvXJHfkUHgmpuny5RicuxOrE12YrdQIq4qyTZiskd4N4 +fDTnu7M= -----END CERTIFICATE----- diff --git a/lib/hx509/data/no-proxy-test.key b/lib/hx509/data/no-proxy-test.key index 2a6006cdc80e..37d7f29962ff 100644 --- a/lib/hx509/data/no-proxy-test.key +++ b/lib/hx509/data/no-proxy-test.key @@ -1,16 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAKI/Z1n5TK1eKUyq -II2UrEdGsr9EpzSQ2pRCkrxIHuzXliZv6jpet2Rafxbu+gl+bMNLpt8tPLM13Oz0 -N233mjgEiNw0Y3qvwXaPddfPSLnSo0UBpqcL2i2gfoHoidM8S/DGzs2AimUdh7cJ -p8gLblcQc4PyZG0Yr2TWOnhbo3s9AgMBAAECgYBWdSjy1hkZDWM+mi3MpFwFg1P+ -/muHZGVFuhANSvVHyj4V729GeXCKhnrQ0rnk0zzL+QVMSgPdj6dRkXX0IIxJ0iyI -k7ZVoaCuC8dmc/rF9pJ58saqKYCqQFtjdFO68E3aQbnk89ai69AzgdjegRSVmOQ8 -yJ9ArHcggxbEqGq94QJBANOk9UWdI72KbIRElrTtWAvIrNaF4iixR+AdYuFL2+cJ -WaGApfFtcNppllmbWxh0IayIDzRpWzSpTILNLQdqF9UCQQDEQDzfZ04+x2RhX28o -O1Vzqkado6OvyhwVlzp19ZGstMWq6IVNZEJDBYCilk7dkIkjBHojaVEu/k9vMUZS -KzHJAkBk6xmRUjbCoIjSISqDp1D+fXf86uZGZRJSyXBm4Zc/+XNl0URPdNIFM6ff -nna3mFiePlqRsVMuLzQugstf57TpAkAYCvqqMADRBiKRH10B48sDQaAnHe4m0i8A -oidiXjR7oSX6W0RBh//qMBljUeDVmiiC5sCD6BovFK7so2/HD02pAkA9zFWyVTdq -Y3t01+ZG6TfcxwKGCgpwS3x9OQbMVb34JPQ65U0JzW7ubmYFMD5Fl1RPjDbLc+wm -uSnStI7RGOt+ +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQCfvhLuPEB24/c1 +se+NyHZhYoVNOsUfyAHs2T6GWIULMcNJFUFzZwtbHRqqZew1niEBpqJIaX0atCzz +rSuEIWQQKr6VqIXa3iXz6xDO+VPS3T0F7SnG81eYX8+LVVG3B474Lx/jOWcq9Urw +1rCu/whMjQu3fRGHy3FbWrPrj7aumFrUVuwNUnh4mShj4pJEMnEsLbKrcq2zch78 +99hnWrFtXsTi18Kh+HVzXjvwuxEAkLvIL/5JVnygvXd8AafuoS0LF6E4dyamrM7n +ADIXp+EYockXKH7BG1i6ZsxiMiAyAdiEP2WMBdcXzhYu4ExhRSJfNBHRL8PMexnG +RVTCVEM2B/K5xxFO928wLhFSWsuL0eUsFoxiICHGZeYGFkhjKuFYS0IrCFX6NYXC +54jwkkB9xhMQkPEL1YvCrPLZHftM7P9uAeRxc1hybKSkp7jsmnWa3iowLzVjz35a +JYqYygzkcaHCQ6IyG1tN3IGcB1C0T+rFPB/3V5ywcPLfZ2rSZMxxrJRvK2aEetUB +1XGpZNqgMz+/JYUXzlP15Rk5Dl/M2352lUvzuiGwcYWoLQQKXDLNmrp39B+n8css +0gJZQLvn5w7FDAYUFk5EJithphBG2vBWG0viua25/385/sWkuPi4dxmmjyOu/thM +HA1nXwQMxwuDI91BdouKN693wGsx6wIDAQABAoICAQCVA0tHf18nSOrf5PexjFGZ +8Lym2W7vgbUCC3m++y5Izgf80d43V+WI/jJUyDU7oyHpF1eFMxpn4bGZMm5ImJlu +V2Fn3EfZbqd6zUnluUHPj2AQejchhvishJvnvxQ2J8/fhp45ad/qe92Hos44wGEu +f9hxNzM2OLqq3Ia/9FUWs7rvH5KdrtQAs+awnreQ9HkMHCjytEyC+68ajd0KNNkU +THZfoaPHUi3GDB7gJrDqlRkG2nZcVVh23adrP2Q3P5T0JvvW35dnngZ4CH+x/4IE +Z09d0gHEA82WPLTl2Rqda4ldfIIux3fple6tlcDKcCJrKvh/6g29XwwhH6W8jbwP +Xq++ZK8SYY5Fk2puBzDGH/pX+ljxRh0jRD7FpsUwF+9Bk0aqkycbX+75T8R3LLXt +mi2n/gBs5CyQHRBKnrui85KkM5nCQiYiUQbyilcbZSHOKPQi7bNGBK4/idEcmDjR +iIwpV/lvAJPMetFJe+3c3CSqU8xHKz3vK97LX1qoQJE/ozUU+iCv6qVMUZjOCiNh +p/Oa5/UWO1GDrM9rcmeufjwKu/OuZyoivi4Je4GDVVfPHswIyAg72bmhFmx0M8Qu ++G9QidwDfRjezX/hFFtMqaC+PKyabHVfoNKm+bv/XjXq4mbsmUUK67qrZhdwyRyV +XRIpnsBs6pEjmzUiQI21OQKCAQEAzWsewm+YCfmuY/W61Q88F4ew4CnYjI/saP0J +kDOLNeKh/1UeWhAaHrZxW0c1F+R57aYMyQtzh92OQ7bd218DXwkzsdX5VXH4ThvK +jW/hLe178RBABk9lWXYU3u1UndbfDH3FRa3fKfd7uQXoSdK02l9i9WtHFdSqv1uW +jjXIC4tfBlIaN+H2KSvNAxmejcwfnCEZgdoUGfXbzyOaiIj/J8EORty7n4HdFM8L +AUT+vNDARHKY/5L01Dp92bsWltibIFuCX53fPZ51ZCfNeDe3e/zgxr+VUL5VVy7P +6r28ersysIzhDK3YiSMaCl9EI8YOHOedp1Gh6MO/taoRTp0mrQKCAQEAxxOyTG2G +qzGqXgI1uduPo1DBfNKJYSA9d7lJneANjCtBj4ovMt2mzwojgPOaYj9lit5xnXFU +qki8wZI1+xM8ylE7AKzUt/Jb7EE02QihUBgItFF1xyVIyvHDGrf9KRO7JVM2/erq +NeF5Ol5eI61azNEzCAm8X47R5DvyYZApO/+gU2t9U2dNXJ9w+7YU3oeMxj+YMfud +IZTmIXQgFVezwLf/VMSxJa5eeffCdCW6BKGArYvwk2eg7fbhCw6MDmOtAFOoI5Eu +8zVlbvg/1IjJ+YEJZZqugzQxVL5x217dCnLdu1Hnf5SxvJ2cfoRbEIqJByVDSSxs +Qe7PG8O59d+F9wKCAQEAs/Rk1Qc4FX0TZmSOUTpwdVic/jQKjlFDVVJfP2G4UfOB +4ZJq7ZFvoHpJ4iIGhDDXE/dE+hc7FcplaDLaNuUMqgQAsol2TYFzetHj53YcucRz +sOKAhEanzfChJg6Z81CaxHGmEX3ZpAU38QYY0htx7mBj7AYYFyrgjpUo1tqMrnhh +PcNNTql4oebKSi32ddhd1MQ2eUhYFcoJz3QsW/JQPT5mSHP1Ni5pRGKBDJKp6zWh +ShVurW7LZuT6/XRlvK5zb6xbEXLXcD7SLnSkDu4YotkM/XA22a50StUqtkWTyZ0X +Mg2o1heyO6lxlaaRphlKoc3SkhL0mVprJzWexdTsXQKCAQAjoNnLJdrxLo1QD9Mv +tSTK1LwcK83cbRmzIJ0VPTEPgfpUxyVVVCfza9wYywA5TyFMLi1lQRAm/aeSeSli +CvpZNxp5L3VOinh7Gtxrb0j3faWpJ98NShXyBDynvn/3ZwmaT39LCEzsYbMBiDwO +5IqYl2Qrrxpge74Cu9vQLC3FCCXYaCdg0t8ckYh19AteHCJMpLsHTwG7LdvV5uOL +DkwkVInE0QLnPIK6D2ZkxQ+6nnDaHm5q4yQBEqsKAIt+U8Z1hYNVAjnF2yuRJaq+ +zdBf8AEPhxRudNvTT9YurZaftRkL2ke1JJZ+rDKCzgtCNZj6h2e4Y9PoJOY6ENhq +MZvXAoIBAQCFrLrJwWFpRCAUGRygAVeyEMiSHhWuG38dHLrDd6t+8taoOSy2AsXo +vPyCKAFwElan0cehYY31WTSg1L9KfnIw2S2e6dMJEiJidMj95v9+Vh5+X4WJeF6F +WtwmgyN24p/6ymEPSuCeENAZQjyWFj1gT5jp0KjbCFYZ8V2ubERpNzt0CLqZ0zJb +WTgptd/MKT398ENPU1fQRnFScm74SHnxbvhPzuhRI66vBC6ofx0Irx4KWfQaEGcD +OzU0LeCarXE7JWSbG3+AHOglPYBRCQ3/KaTOZiDALR3KKaJ6od7EkPqNWzTUd23K +IMZ41x5JPzpQTmrb056vt40ifw3+I946 -----END PRIVATE KEY----- diff --git a/lib/hx509/data/ocsp-req1.der b/lib/hx509/data/ocsp-req1.der Binary files differindex c975bfeede9f..650c87976956 100644 --- a/lib/hx509/data/ocsp-req1.der +++ b/lib/hx509/data/ocsp-req1.der diff --git a/lib/hx509/data/ocsp-req2.der b/lib/hx509/data/ocsp-req2.der Binary files differindex 1c0cce1b7e1e..1c010149a2f3 100644 --- a/lib/hx509/data/ocsp-req2.der +++ b/lib/hx509/data/ocsp-req2.der diff --git a/lib/hx509/data/ocsp-resp1-ca.der b/lib/hx509/data/ocsp-resp1-ca.der Binary files differindex 6090b61dc6db..38efc09e8cc1 100644 --- a/lib/hx509/data/ocsp-resp1-ca.der +++ b/lib/hx509/data/ocsp-resp1-ca.der diff --git a/lib/hx509/data/ocsp-resp1-keyhash.der b/lib/hx509/data/ocsp-resp1-keyhash.der Binary files differindex e9bf421190f7..b3b3feb76509 100644 --- a/lib/hx509/data/ocsp-resp1-keyhash.der +++ b/lib/hx509/data/ocsp-resp1-keyhash.der diff --git a/lib/hx509/data/ocsp-resp1-ocsp-no-cert.der b/lib/hx509/data/ocsp-resp1-ocsp-no-cert.der Binary files differindex f901f2e08df0..ec51b0c94e4e 100644 --- a/lib/hx509/data/ocsp-resp1-ocsp-no-cert.der +++ b/lib/hx509/data/ocsp-resp1-ocsp-no-cert.der diff --git a/lib/hx509/data/ocsp-resp1-ocsp.der b/lib/hx509/data/ocsp-resp1-ocsp.der Binary files differindex f8e219b5bf42..864f8dc32d35 100644 --- a/lib/hx509/data/ocsp-resp1-ocsp.der +++ b/lib/hx509/data/ocsp-resp1-ocsp.der diff --git a/lib/hx509/data/ocsp-resp2.der b/lib/hx509/data/ocsp-resp2.der Binary files differindex 2a738920c96d..f600bd64d97e 100644 --- a/lib/hx509/data/ocsp-resp2.der +++ b/lib/hx509/data/ocsp-resp2.der diff --git a/lib/hx509/data/ocsp-responder.crt b/lib/hx509/data/ocsp-responder.crt index ceba439062b3..7df15421a7df 100644 --- a/lib/hx509/data/ocsp-responder.crt +++ b/lib/hx509/data/ocsp-responder.crt @@ -2,25 +2,51 @@ Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) - Signature Algorithm: sha1WithRSAEncryption + Signature Algorithm: sha1WithRSAEncryption Issuer: CN=hx509 Test Root CA, C=SE Validity - Not Before: Apr 26 20:29:40 2009 GMT - Not After : Apr 24 20:29:40 2019 GMT + Not Before: May 23 15:05:11 2019 GMT + Not After : Jan 16 15:05:11 2038 GMT Subject: C=SE, CN=OCSP responder Subject Public Key Info: Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) + Public-Key: (4096 bit) Modulus: - 00:f1:38:9c:a0:5e:b9:0e:73:19:b6:f5:57:2b:9c: - 0c:ef:a6:c7:57:0f:8d:3c:05:03:8f:53:28:f0:b6: - f8:d1:0d:c9:dc:13:37:2d:f1:76:36:b7:5c:6b:5d: - a5:22:02:7c:86:84:9e:b5:e3:8b:e6:9e:82:d9:97: - 96:02:9f:3c:7b:74:e6:1b:b6:c9:fa:b3:b7:8b:53: - 6e:26:fb:b2:3f:ae:2a:7f:f9:67:df:1a:e1:de:87: - 97:47:76:80:a3:c4:bf:5c:2c:0d:ab:36:97:13:2d: - b8:c2:65:41:47:e8:34:54:f8:45:fc:38:76:b8:99: - 3f:ee:83:f6:49:40:96:16:71 + 00:a0:76:7e:fa:ce:3d:80:e7:2a:c4:1f:02:27:f1: + 4d:72:1f:78:57:3f:30:9d:06:2f:d4:3e:64:15:a2: + 16:78:de:9d:f9:db:81:b2:96:50:b4:e8:3b:c1:bd: + 6f:80:00:4a:3b:b7:ef:5e:8f:20:dd:1d:6e:36:8f: + e4:05:66:c7:17:7f:ad:5d:e1:1a:a1:fa:5e:d2:84: + 24:fa:00:46:26:8b:e8:68:ed:c0:86:3c:45:f5:64: + 0f:3b:00:cb:cb:3f:45:3d:98:11:f3:cc:de:e2:cb: + e5:b5:91:59:43:99:41:86:79:75:a2:42:4e:5e:16: + 7a:f3:0f:ec:e4:c0:e2:9d:b5:cf:9b:a9:ea:97:70: + 7a:20:20:8c:30:56:4b:16:29:04:d5:c6:6e:ad:14: + 73:2d:cf:23:a5:38:11:5d:c9:bd:9d:57:f3:1a:c9: + ff:16:64:97:d5:60:0c:08:2b:1f:a9:99:3b:5c:ac: + b2:d7:3e:d5:f3:32:62:6e:20:8a:c2:74:29:6e:aa: + 35:72:1b:25:dd:d1:33:94:1e:87:e8:51:9b:35:45: + 62:19:70:b7:d7:a7:64:48:02:08:74:c3:aa:2b:21: + f6:bc:3c:b4:74:b7:25:7a:41:23:1a:5e:e3:1b:0f: + 1c:cd:98:d0:1a:d3:f6:7a:4a:fb:78:cf:85:6d:02: + c4:e6:be:c7:4d:ba:90:59:c2:33:13:5e:3e:89:3c: + 76:9f:bb:68:03:cb:26:e6:bf:fa:fd:8b:54:42:69: + c9:12:e8:57:e3:2d:72:f5:be:7b:35:b4:60:9a:a7: + 3d:29:9f:e6:f5:38:5a:96:36:72:ad:d8:9e:26:0c: + d0:2a:58:34:8a:dc:75:ef:ad:a5:f2:36:68:b0:6a: + 1c:8e:c3:9f:43:09:5c:53:48:16:6e:58:4c:46:1e: + a6:d0:d8:de:7a:85:d0:59:cb:10:e6:86:5e:a4:71: + d5:8e:8b:4e:d9:a5:8a:8e:91:30:23:fc:22:35:fc: + 78:8b:aa:66:2b:e2:f0:2f:c9:72:ee:ab:ec:a9:0f: + 1c:ad:7a:15:f3:dc:7d:db:39:bd:e1:ee:88:de:04: + 5f:43:d4:3d:7a:1b:f8:b9:9e:38:6b:06:8d:04:28: + 5a:93:8b:2d:16:03:99:ac:60:a5:40:c3:94:10:0f: + 87:0d:3b:db:74:59:fa:c2:5f:f7:ef:2c:87:29:f0: + 76:7e:50:29:86:5c:cc:7b:89:6b:11:e3:b2:9b:aa: + 9d:36:58:d1:89:ad:77:53:9f:e3:85:89:65:29:6f: + d8:f7:79:68:49:c6:09:97:e5:fa:a2:79:23:b7:48: + c7:da:98:ea:ba:bc:16:9b:3c:ca:71:0c:6a:10:08: + df:ef:1b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: @@ -30,27 +56,64 @@ Certificate: X509v3 Extended Key Usage: OCSP No Check, OCSP Signing X509v3 Subject Key Identifier: - FD:2F:3F:35:BC:72:5C:51:52:4F:5F:D6:20:CB:D1:CB:56:2F:BC:0A + D4:A0:90:A6:79:F7:F8:6A:CE:29:92:37:2D:36:32:22:B5:41:75:45 Signature Algorithm: sha1WithRSAEncryption - 24:95:11:a0:f2:10:58:4d:4e:20:e5:d3:4d:17:b5:4b:37:aa: - fe:c8:28:79:e4:ca:15:b1:9e:28:93:fc:45:99:d5:4a:8a:a0: - 0a:e4:9e:75:64:f9:a4:63:96:dd:2a:9e:c7:0f:03:83:86:44: - c5:1c:a4:34:b6:b7:74:e3:ff:e3:97:0f:11:b5:00:bd:10:fd: - 91:db:ec:2d:14:9b:16:c7:e5:48:b0:08:62:d1:58:be:92:69: - a6:5a:3d:7e:58:39:f0:bb:bc:71:08:b9:76:6c:9b:e6:57:1c: - 25:1b:d6:7a:98:70:9f:95:50:09:17:d9:1a:d9:20:db:d6:8a: - be:9e + 1c:37:c2:22:e7:c3:1e:f9:b5:7a:9b:ee:fe:bc:15:89:cb:34: + 59:2c:b9:c5:e1:c6:56:3a:da:6a:6b:08:df:f4:69:3c:5d:62: + 4d:b9:e2:65:8f:23:48:30:8b:9a:a3:55:7b:8a:4b:d2:ab:8b: + 85:31:78:09:45:2d:9b:fc:59:ad:67:0b:ef:20:b5:70:23:71: + 21:26:d2:e1:c4:4c:54:8f:02:1e:84:35:ff:7b:67:90:05:7c: + 25:2e:ca:13:a4:32:ba:0a:9a:aa:6b:79:53:81:6b:3b:95:fe: + 17:51:57:89:71:22:6b:3e:15:06:6f:1c:d6:8a:9c:e1:49:67: + 4b:3f:4e:f5:2b:b3:8f:89:5b:f7:c9:94:78:02:b7:f9:db:c3: + b9:2f:b9:17:9b:0c:ba:e2:ab:49:e7:5f:0d:85:ef:4b:35:f2: + 39:e7:4c:ef:6a:88:81:99:7e:a7:8c:b1:f7:d9:ec:fd:70:92: + 8d:12:1d:22:49:3e:ef:62:54:92:34:e7:67:27:a1:5c:38:d5: + 1e:b8:95:c2:9b:12:95:4f:8c:64:d6:c5:06:a6:bf:19:fe:c3: + b7:fd:68:d7:7f:f2:7d:7f:aa:4f:71:7a:78:c2:af:b6:6a:5a: + 56:cf:5a:99:82:4b:39:d3:83:03:07:b9:7b:35:31:6c:ac:4c: + c6:8c:46:dc:d3:4c:57:3d:01:6d:5e:76:94:53:9c:ba:e8:42: + d9:8b:2e:88:4d:9a:8f:12:c7:2b:cc:e2:f9:9f:1d:b1:5f:55: + bb:15:4e:e6:f5:bc:7d:03:a1:00:47:b0:1f:26:0e:58:64:24: + a8:ef:96:51:d5:66:cc:4b:0d:0b:37:16:33:ef:d3:a6:c2:05: + e1:6c:38:b6:21:f2:c3:0f:3e:65:d0:6a:0f:37:4b:c5:db:01: + 0a:ce:f7:c5:e1:4e:3f:55:aa:8a:51:23:7b:66:59:ab:20:64: + 7a:0d:bd:dc:cb:79:46:0b:57:51:cf:6f:37:94:03:96:19:a5: + 61:e4:a8:4d:7c:84:0b:b8:79:ba:22:8c:e0:67:0f:8c:ff:44: + 02:3b:a2:54:6e:3f:f9:a6:d0:46:b3:ed:e1:d1:18:16:ea:4a: + 56:b5:9b:a0:b6:ab:40:2e:6b:c4:8d:7f:75:c9:92:b6:ed:31: + 92:1a:24:94:c7:67:16:fe:6d:9b:d1:f8:2b:25:9d:34:a6:18: + 21:8f:33:5c:9b:81:31:69:c6:f4:b3:f2:51:2e:7d:17:96:50: + 33:07:f6:f7:1d:df:62:bf:29:a7:da:8e:15:e2:62:83:36:a5: + 77:17:f7:29:11:0d:cf:8f:e0:97:b7:24:6c:b6:64:78:8d:e7: + f6:97:d0:1a:3d:ea:38:4f -----BEGIN CERTIFICATE----- -MIICHzCCAYigAwIBAgIBATANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw -OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA5MDQyNjIwMjk0MFoXDTE5 -MDQyNDIwMjk0MFowJjELMAkGA1UEBhMCU0UxFzAVBgNVBAMMDk9DU1AgcmVzcG9u -ZGVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDxOJygXrkOcxm29VcrnAzv -psdXD408BQOPUyjwtvjRDcncEzct8XY2t1xrXaUiAnyGhJ6144vmnoLZl5YCnzx7 -dOYbtsn6s7eLU24m+7I/rip/+WffGuHeh5dHdoCjxL9cLA2rNpcTLbjCZUFH6DRU -+EX8OHa4mT/ug/ZJQJYWcQIDAQABo1kwVzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF -4DAeBgNVHSUEFzAVBgkrBgEFBQcwAQUGCCsGAQUFBwMJMB0GA1UdDgQWBBT9Lz81 -vHJcUVJPX9Ygy9HLVi+8CjANBgkqhkiG9w0BAQUFAAOBgQAklRGg8hBYTU4g5dNN -F7VLN6r+yCh55MoVsZ4ok/xFmdVKiqAK5J51ZPmkY5bdKp7HDwODhkTFHKQ0trd0 -4//jlw8RtQC9EP2R2+wtFJsWx+VIsAhi0Vi+kmmmWj1+WDnwu7xxCLl2bJvmVxwl -G9Z6mHCflVAJF9ka2SDb1oq+ng== +MIIFJDCCAwygAwIBAgIBATANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw +OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTE5MDUyMzE1MDUxMVoXDTM4 +MDExNjE1MDUxMVowJjELMAkGA1UEBhMCU0UxFzAVBgNVBAMMDk9DU1AgcmVzcG9u +ZGVyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoHZ++s49gOcqxB8C +J/FNch94Vz8wnQYv1D5kFaIWeN6d+duBspZQtOg7wb1vgABKO7fvXo8g3R1uNo/k +BWbHF3+tXeEaofpe0oQk+gBGJovoaO3AhjxF9WQPOwDLyz9FPZgR88ze4svltZFZ +Q5lBhnl1okJOXhZ68w/s5MDinbXPm6nql3B6ICCMMFZLFikE1cZurRRzLc8jpTgR +Xcm9nVfzGsn/FmSX1WAMCCsfqZk7XKyy1z7V8zJibiCKwnQpbqo1chsl3dEzlB6H +6FGbNUViGXC316dkSAIIdMOqKyH2vDy0dLclekEjGl7jGw8czZjQGtP2ekr7eM+F +bQLE5r7HTbqQWcIzE14+iTx2n7toA8sm5r/6/YtUQmnJEuhX4y1y9b57NbRgmqc9 +KZ/m9ThaljZyrdieJgzQKlg0itx1762l8jZosGocjsOfQwlcU0gWblhMRh6m0Nje +eoXQWcsQ5oZepHHVjotO2aWKjpEwI/wiNfx4i6pmK+LwL8ly7qvsqQ8crXoV89x9 +2zm94e6I3gRfQ9Q9ehv4uZ44awaNBChak4stFgOZrGClQMOUEA+HDTvbdFn6wl/3 +7yyHKfB2flAphlzMe4lrEeOym6qdNljRia13U5/jhYllKW/Y93loScYJl+X6onkj +t0jH2pjqurwWmzzKcQxqEAjf7xsCAwEAAaNZMFcwCQYDVR0TBAIwADALBgNVHQ8E +BAMCBeAwHgYDVR0lBBcwFQYJKwYBBQUHMAEFBggrBgEFBQcDCTAdBgNVHQ4EFgQU +1KCQpnn3+GrOKZI3LTYyIrVBdUUwDQYJKoZIhvcNAQEFBQADggIBABw3wiLnwx75 +tXqb7v68FYnLNFksucXhxlY62mprCN/0aTxdYk254mWPI0gwi5qjVXuKS9Kri4Ux +eAlFLZv8Wa1nC+8gtXAjcSEm0uHETFSPAh6ENf97Z5AFfCUuyhOkMroKmqpreVOB +azuV/hdRV4lxIms+FQZvHNaKnOFJZ0s/TvUrs4+JW/fJlHgCt/nbw7kvuRebDLri +q0nnXw2F70s18jnnTO9qiIGZfqeMsffZ7P1wko0SHSJJPu9iVJI052cnoVw41R64 +lcKbEpVPjGTWxQamvxn+w7f9aNd/8n1/qk9xenjCr7ZqWlbPWpmCSznTgwMHuXs1 +MWysTMaMRtzTTFc9AW1edpRTnLroQtmLLohNmo8SxyvM4vmfHbFfVbsVTub1vH0D +oQBHsB8mDlhkJKjvllHVZsxLDQs3FjPv06bCBeFsOLYh8sMPPmXQag83S8XbAQrO +98XhTj9VqopRI3tmWasgZHoNvdzLeUYLV1HPbzeUA5YZpWHkqE18hAu4eboijOBn +D4z/RAI7olRuP/mm0Eaz7eHRGBbqSla1m6C2q0Aua8SNf3XJkrbtMZIaJJTHZxb+ +bZvR+CslnTSmGCGPM1ybgTFpxvSz8lEufReWUDMH9vcd32K/KafajhXiYoM2pXcX +9ykRDc+P4Je3JGy2ZHiN5/aX0Bo96jhP -----END CERTIFICATE----- diff --git a/lib/hx509/data/ocsp-responder.key b/lib/hx509/data/ocsp-responder.key index c9dcb302e914..98cdf65d0b18 100644 --- a/lib/hx509/data/ocsp-responder.key +++ b/lib/hx509/data/ocsp-responder.key @@ -1,16 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAPE4nKBeuQ5zGbb1 -VyucDO+mx1cPjTwFA49TKPC2+NENydwTNy3xdja3XGtdpSICfIaEnrXji+aegtmX -lgKfPHt05hu2yfqzt4tTbib7sj+uKn/5Z98a4d6Hl0d2gKPEv1wsDas2lxMtuMJl -QUfoNFT4Rfw4driZP+6D9klAlhZxAgMBAAECgYEA0hUg69azSu9ZhOtVeOiWp51T -3PHxakVfnVKqxEJGnyNoG6AsnXm/H9Y/yk4rhFwwAaO86eJ8NGT2xvTrM+tk6tua -iNokJ1uWzpt7XPTr5XvkYEYAx7Pf3VmAja2SQkD0m20AXM9QfXsRvyQVwB2RxIhl -pa45Gm+PjSNXRaTzs0ECQQD/L+doN/fBbooCRcRYM/vNnHq5Hh1IdHSp3hI9MMLb -yOU1x6iWfg43xPImODCSippAh74Ummo2SPxVDbuu0Mq5AkEA8f1Rsfh8hcd7RsUu -LKHl4wyVD9fzpjbsFjyuTOq/bDsXLtdktDr1pn37jker/DKm82wHfAELtij74piN -FYHteQJAET7eh6eIodTjlMW8QC27LakOjiYf2n6sR7KPTv1Vnd7Uxq6okQsR0OkJ -aFXRyoV9aTEDQocw+Fw0WVclQOoxWQJBAIUaoWUTGOs83kH/E3bZVmmc8iDU1+AF -NbbFidolBUWy+v143JuGEriRc1y/b4o5EjuyoCtFJ/v6bxIkdvXtkYECQQCxcBgn -ohgcWmple2sTMOEoWu2IvqmLwexvmVf1Z6R8Nhc2ayQTNwe0nCVaTtOY1NanQP/T -U/uo7ISsA/8luXu2 +MIIJRQIBADANBgkqhkiG9w0BAQEFAASCCS8wggkrAgEAAoICAQCgdn76zj2A5yrE +HwIn8U1yH3hXPzCdBi/UPmQVohZ43p3524GyllC06DvBvW+AAEo7t+9ejyDdHW42 +j+QFZscXf61d4Rqh+l7ShCT6AEYmi+ho7cCGPEX1ZA87AMvLP0U9mBHzzN7iy+W1 +kVlDmUGGeXWiQk5eFnrzD+zkwOKdtc+bqeqXcHogIIwwVksWKQTVxm6tFHMtzyOl +OBFdyb2dV/Mayf8WZJfVYAwIKx+pmTtcrLLXPtXzMmJuIIrCdCluqjVyGyXd0TOU +HofoUZs1RWIZcLfXp2RIAgh0w6orIfa8PLR0tyV6QSMaXuMbDxzNmNAa0/Z6Svt4 +z4VtAsTmvsdNupBZwjMTXj6JPHafu2gDyybmv/r9i1RCackS6FfjLXL1vns1tGCa +pz0pn+b1OFqWNnKt2J4mDNAqWDSK3HXvraXyNmiwahyOw59DCVxTSBZuWExGHqbQ +2N56hdBZyxDmhl6kcdWOi07ZpYqOkTAj/CI1/HiLqmYr4vAvyXLuq+ypDxytehXz +3H3bOb3h7ojeBF9D1D16G/i5njhrBo0EKFqTiy0WA5msYKVAw5QQD4cNO9t0WfrC +X/fvLIcp8HZ+UCmGXMx7iWsR47Kbqp02WNGJrXdTn+OFiWUpb9j3eWhJxgmX5fqi +eSO3SMfamOq6vBabPMpxDGoQCN/vGwIDAQABAoICAQCHnl8H3xPARKCyjXqnA5zv +HYX6R1/w9u+ptOmmFw5jLdPa/xkJNV4U6ErJHjCEwLn86yKWiuW9vEgQOWEA57LR +O4ntVHnL+O33gtQ1r9GadpkBRiB3061VDzKILc4Qg/MjccmKgtbGXIpTAPuu1HK7 +EyDG+L9/agSUNhuD4zolDSrgZ6XsRJYTXS7fE6/2lMiPXVzhT+1hBDceRtr2p7Fo +sJK5S4wbAv4Iy1qf9MKX9vhjBVtJ7MOq/iSO61Ybr03tSFJPlH5WkZ/ESmGXipFh +Xrjgw5G95K4u5fj7pvvF5LjCs5PZKYm1YCQo/5V2ozk20zbf1dH13jXYD5y3W6XK +APscRKXMjP4sXBq1GrjSqeWbgHpLeL9Gct3E40ytNw93hkjWDdT8xihlDrekT/hQ +bUcB+4ok1qXqurZzf7A49UGK9la/5/jHDMNvG0L5Ssecz9zPtEdA5dcTwVZtndmk +QzrxykvHZPSlcTm4plySGMo0JWvDhBQlAZdnzkEF84OTkT1Irc0SXQ65N0N5ouRI +p5f8/e6hjPKjhRetg7wYmgZbsR9HHFJQrGiSUeQi83PHmmJtn/EUCgFIiGDNkUge +djIY4OSwk8vsfwVgw6Alc0X3pqOcc3jJpHtwtKvAHBaeI1+qXywqK6IeXMzKDNyz +wP2Raxms7IVcTAEXdVs9AQKCAQEA07PS3OfV6of8E7l+kMdN3a2xrlMEtHVjGQ2L +tzaUbn35mE9xDCCgaEjQcx2VU9imGrSnv24KFNPIzmzH6N2ftyCQ/8XVnerEGmle +L4AMIEV9VUIIf3Au5oW0zw+pVU6my9Q40cBGnun84oUMW55mEA0QNrfQh4br10H3 ++D4Z4NYT64ecyvexX1a7oKGJTSBSWV4+KxS8Yk9Q9llLI9GEr+nXY2IwMKjjYpaJ +g26AWhsnPy/xkGmus5ed10HkG67+fsHr/zmucDgI8Jj023nsnggiv1NrbrYld6QF +1CyhA+dvza+o4jriLb77kVHc7wVrfVhxDRwloTmbHfvdgIt12wKCAQEAwgnxrvph +Ko+kARo+00s0rlEAqHiJ21Ty8YWZQH2LuSN9BK3POWzKSQJpxRFzTKdhXU1FVU5r +gULdsGlA0MSNoZxSgYkVJFywFR8SYHDekjIYyoLVtRxKepmLqVUHbefbvRDu8NVD +7elBmgCinGWigPNlCsnxSN9HtQ+exhQAYx6eoLQzZfocyf/i4QVnRnHSj93yTTT5 +u/OmNEJPLEb9Tt5OoYRMHf4IR+rNxm+H474XrYdn01h2nNUkEG2L3W7qJXPocWSZ +43HnNYuwFUKF78EghO3eGWLv7H4laD0MpF842eJmt2PGOGcWYOLpn2Df8fEPXOZd +I5xnoY4BxVDPwQKCAQEAq90MjjHXw/JpfknUqgxi9lgQKwlShH3X2XrZtf8lOR4k +BrZXfBTwpDiYoRufItZ64qtOk2Xt4UKdfpdpI27oPm69yCb/aJgyY46u27kEHx7K +xPA6ndqg+JwLUR3RxmN3nXnINt/1dQVYOzzv72EEUnuIciN/ssahp7ryaCFiONkS +it8pNs0mvdNXtuvs3yQiNlL//VF0LgteGuAa1BU/tuAL767CmH5DOsIjGQQYRw5M +Kkvtu+NP5JRtm1burFrAWH9t62EUcB3NhCVogtTUdub77n72dIaCnEIYSUuB2/2D +EmRMonxTKfglmq/uwEySGsw12wLCucReXVUfWT/eiQKCAQEAktIdaq4PmbnIegEW +6qAsQ34NRmy2uxxjG3dgh5i3gaYlscWmWChGQ8osqC3VFXpNROD0BmFpHQywXAy4 +O3+OP2veTh+gvLvZjJHPQOQGtY5sjcdD11+Jx4ypTb6F+ZaIAV5vvhFQ7hMiTVoP +sNGCjZodqXU2OlKgmpMwK2b1CAsiMi1H+vCumfYiAOwqwfXcQnnJHrxn/tyUtVQ7 +PiCVCPlTfAlz4vnV4Dz96Rl5NE0g82/SkuuMDI2GVVveifWj/CThC/P4MU59iVmi +KeQFHm3+ojauaH0hV8v3mBEhoLpgdRVHbZp0YTc3iqYH6k3OBe7GFiBE924gR/EA +zAGiwQKCAQEAtNHidzC/J8qQql9+DPczfpSSu5wiZPf7y3rLK5flByysg/TmnjG1 +21V5JnOETy69sTAqEz4pzuf14lsNHlz4fjUKo8u3LKLtmrYlfaM3XT8B1vGIkZYv +XZ1U8DReOIgAgjDgs3MTHJZ2JeAo6naHNIheQDWm+PUuRfG2ojz8srfVFvp+6M8l +yv7UOmSKJZTWc4KFntdsPv5leEw+Mm428mdnw+mqAspEv1i27JC5eJ9c3wi8IBus +YDwA8sGkOyty1rELE28s8rOJ2LqT2Pf/SoZfvp2O1FUuU0T7Ma/zg+oYJ/heUkPu +Nv1cW+onrP/nvshX+2f5xy2Yy6uQYK9Khg== -----END PRIVATE KEY----- diff --git a/lib/hx509/data/openssl.cnf b/lib/hx509/data/openssl.1.0.cnf index b0146564592a..b0146564592a 100644 --- a/lib/hx509/data/openssl.cnf +++ b/lib/hx509/data/openssl.1.0.cnf diff --git a/lib/hx509/data/openssl.1.1.cnf b/lib/hx509/data/openssl.1.1.cnf new file mode 100644 index 000000000000..110073f268f0 --- /dev/null +++ b/lib/hx509/data/openssl.1.1.cnf @@ -0,0 +1,185 @@ +[ca] + +default_ca = user + +[usr] +database = index.txt +serial = serial +x509_extensions = usr_cert +default_md=sha1 +policy = policy_match +email_in_dn = no +certs = . + +[ocsp] +database = index.txt +serial = serial +x509_extensions = ocsp_cert +default_md=sha1 +policy = policy_match +email_in_dn = no +certs = . + +[usr_ke] +database = index.txt +serial = serial +x509_extensions = usr_cert_ke +default_md=sha1 +policy = policy_match +email_in_dn = no +certs = . + +[usr_ds] +database = index.txt +serial = serial +x509_extensions = usr_cert_ds +default_md=sha1 +policy = policy_match +email_in_dn = no +certs = . + +[pkinit_client] +database = index.txt +serial = serial +x509_extensions = pkinit_client_cert +default_md=sha1 +policy = policy_match +email_in_dn = no +certs = . + +[pkinit_kdc] +database = index.txt +serial = serial +x509_extensions = pkinit_kdc_cert +default_md=sha1 +policy = policy_match +email_in_dn = no +certs = . + +[https] +database = index.txt +serial = serial +x509_extensions = https_cert +default_md=sha1 +policy = policy_match +email_in_dn = no +certs = . + +[subca] +database = index.txt +serial = serial +x509_extensions = v3_ca +default_md=sha1 +policy = policy_match +email_in_dn = no +certs = . + + +[req] +distinguished_name = req_distinguished_name +x509_extensions = v3_ca # The extensions to add to the self signed cert + +string_mask = utf8only + +[v3_ca] + +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints = CA:true +keyUsage = cRLSign, keyCertSign, keyEncipherment, nonRepudiation, digitalSignature + +[usr_cert] +basicConstraints=CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +subjectKeyIdentifier = hash + +[usr_cert_ke] +basicConstraints=CA:FALSE +keyUsage = nonRepudiation, keyEncipherment +subjectKeyIdentifier = hash + +[proxy_cert] +basicConstraints=CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +subjectKeyIdentifier = hash +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:0,policy:text:foo + +[pkinitc_principals] +princ1 = GeneralString:bar + +[pkinitc_principal_seq] +name_type = EXP:0,INTEGER:1 +name_string = EXP:1,SEQUENCE:pkinitc_principals + +[pkinitc_princ_name] +realm = EXP:0,GeneralString:TEST.H5L.SE +principal_name = EXP:1,SEQUENCE:pkinitc_principal_seq + +[pkinit_client_cert] +basicConstraints=CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +subjectKeyIdentifier = hash +subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitc_princ_name + +[https_cert] +basicConstraints=CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +#extendedKeyUsage = https-server XXX +subjectKeyIdentifier = hash + +[pkinit_kdc_cert] +basicConstraints=CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = 1.3.6.1.5.2.3.5 +subjectKeyIdentifier = hash +subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitkdc_princ_name + +[pkinitkdc_princ_name] +realm = EXP:0,GeneralString:TEST.H5L.SE +principal_name = EXP:1,SEQUENCE:pkinitkdc_principal_seq + +[pkinitkdc_principal_seq] +name_type = EXP:0,INTEGER:1 +name_string = EXP:1,SEQUENCE:pkinitkdc_principals + +[pkinitkdc_principals] +princ1 = GeneralString:krbtgt +princ2 = GeneralString:TEST.H5L.SE + +[proxy10_cert] +basicConstraints=CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +subjectKeyIdentifier = hash +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:10,policy:text:foo + +[usr_cert_ds] +basicConstraints=CA:FALSE +keyUsage = nonRepudiation, digitalSignature +subjectKeyIdentifier = hash + +[ocsp_cert] +basicConstraints=CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +# ocsp-nocheck and kp-OCSPSigning +extendedKeyUsage = 1.3.6.1.5.5.7.48.1.5, 1.3.6.1.5.5.7.3.9 +subjectKeyIdentifier = hash + +[req_distinguished_name] +countryName = Country Name (2 letter code) +countryName_default = SE +countryName_min = 2 +countryName_max = 2 + +organizationalName = Organizational Unit Name (eg, section) + +commonName = Common Name (eg, YOUR name) +commonName_max = 64 + +#[req_attributes] +#challengePassword = A challenge password +#challengePassword_min = 4 +#challengePassword_max = 20 + +[policy_match] +countryName = match +commonName = supplied diff --git a/lib/hx509/data/pkinit-ec.crt b/lib/hx509/data/pkinit-ec.crt index 4e8300d0c05f..7029daa66e5a 100644 --- a/lib/hx509/data/pkinit-ec.crt +++ b/lib/hx509/data/pkinit-ec.crt @@ -2,50 +2,80 @@ Certificate: Data: Version: 3 (0x2) Serial Number: 7 (0x7) - Signature Algorithm: sha1WithRSAEncryption + Signature Algorithm: sha1WithRSAEncryption Issuer: CN=hx509 Test Root CA, C=SE Validity - Not Before: Apr 26 20:29:40 2009 GMT - Not After : Apr 24 20:29:40 2019 GMT + Not Before: May 23 15:05:15 2019 GMT + Not After : Jan 16 15:05:15 2038 GMT Subject: C=SE, CN=pkinit-ec Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) - pub: - 04:df:d7:32:eb:d6:71:78:19:5d:4f:59:6a:85:12: - 20:2f:97:61:aa:e8:6e:71:ac:b7:de:42:82:2a:8b: - 8b:33:86:d3:fc:4e:a5:49:9a:ca:19:6b:1b:ab:3d: - fd:4d:c5:7a:f4:a0:10:b2:a0:8c:05:3a:d7:55:e5: - c9:f5:89:67:07 + pub: + 04:57:a2:25:14:5b:a7:ac:55:9e:e0:ea:c2:92:98: + c9:13:91:d3:c4:13:00:0c:f9:d6:29:a4:45:c3:53: + f2:f6:92:8e:d9:ce:d4:24:48:56:80:1c:04:8e:13: + ec:49:c1:4d:78:5e:f5:1c:d7:c2:0e:8d:93:da:a4: + 79:18:6b:0a:9a ASN1 OID: prime256v1 + NIST CURVE: P-256 X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Subject Key Identifier: - BB:8C:16:71:C8:21:FB:21:0F:81:11:A1:BB:43:12:C8:EF:C8:DA:64 + 1D:2E:2D:D0:63:94:5A:99:95:87:DD:A3:11:F8:82:5A:2A:43:2B:28 X509v3 Subject Alternative Name: othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption - 08:6e:66:b5:58:e0:e3:fb:15:04:11:89:f0:73:a0:d1:17:c4: - b8:7e:dd:ce:34:fb:7b:ab:ae:bb:af:6f:4d:47:1f:02:f8:e7: - 7c:c9:33:37:7e:7c:2c:2a:4a:26:38:e1:e5:a9:dd:7c:e1:f8: - 5a:2c:c7:6f:26:aa:f2:b0:7f:d4:85:0a:33:b7:ec:df:93:fe: - e4:04:a0:3e:e2:65:ac:1a:f4:b0:50:d6:cf:9e:bb:ce:90:ca: - 34:7a:13:f5:6f:30:bd:ec:af:c5:b9:dd:fa:bc:37:b8:34:6e: - bb:12:5e:aa:d2:bf:91:64:d8:fe:c0:fb:9a:b0:10:ba:95:02: - be:9b + b3:3e:84:9b:be:cd:a0:cc:21:dd:f7:12:41:90:8e:9e:25:30: + 0b:2d:b5:1c:35:a1:15:76:9c:7e:dc:23:33:16:bf:ab:60:82: + ad:3a:2e:4f:84:f1:62:21:7c:1c:a1:37:45:01:12:cf:99:aa: + a3:b4:72:fe:c9:e3:bd:25:ef:4d:bf:b5:e2:ac:15:3f:b3:b7: + df:78:2b:0e:2d:95:71:0b:c7:6c:31:54:c0:c1:e0:8f:00:10: + 31:20:a6:5e:71:bd:d6:6f:45:cc:25:11:3d:ce:26:75:8b:ba: + 03:3c:d4:87:89:c7:93:5b:d9:76:b1:20:96:83:07:91:34:05: + 12:2d:56:e8:18:b2:4a:2d:ba:b0:59:02:65:81:60:3b:92:96: + 7d:d1:c9:ab:bf:ac:bb:aa:f7:b3:a5:0b:de:e5:cb:0c:16:ac: + 65:1c:da:6a:c5:16:43:15:b7:14:55:b9:6d:0f:f0:79:ef:b1: + d0:6e:bf:85:fb:bb:93:6b:30:69:98:db:da:8c:f2:3a:e8:a3: + c9:57:3c:d0:fa:7e:db:cd:48:93:7a:cd:af:a4:71:06:3d:a6: + 94:b4:99:3a:2e:9c:3a:ac:2f:19:f5:19:1d:71:3d:96:00:74: + c9:99:58:40:0d:c2:bf:cf:85:8f:dd:f6:ff:b0:cf:1a:84:6d: + 02:87:4d:96:7d:db:2f:f1:8a:e5:39:30:8b:89:c4:8d:34:60: + 05:85:96:92:fc:a0:6a:b9:df:54:53:e6:f3:9a:27:2d:bc:9d: + 8d:a5:44:bd:81:83:d3:8a:d6:96:b1:71:b3:4b:40:b6:95:e2: + 45:19:e3:a5:3c:17:af:a8:39:2a:52:68:e4:7c:0f:fa:fd:15: + 07:fd:e5:e8:1c:cb:b3:2c:d4:97:21:7b:86:fb:fb:78:9a:6a: + f2:71:0b:b7:2e:d7:df:96:cb:2e:83:2e:81:29:50:0f:e0:50: + 0f:d5:34:7d:13:eb:a2:68:d2:a1:26:35:15:08:a9:ac:7e:f5: + 8d:4c:68:01:a2:01:05:db:5b:7d:ea:ba:45:ea:34:93:db:89: + 0e:46:58:6e:a3:6f:aa:4a:6c:ac:28:58:a0:48:cc:e2:75:54: + e4:79:19:b3:d5:6c:c9:04:b3:d0:9b:51:f5:07:0e:e1:a0:07: + 61:e9:53:dc:0f:83:3c:7f:54:7b:ca:7e:35:b9:6c:0a:e5:b4: + 61:48:11:a1:92:27:1d:2e:57:07:67:f0:b0:66:61:0b:a5:15: + d1:1a:10:05:34:90:52:a3:c4:a8:19:cf:3e:52:b3:c9:ab:49: + e8:84:96:a9:9f:d7:bb:a4:43:2b:ef:b2:bf:8b:01:46:b0:48: + e4:80:b8:3e:4a:ab:85:5f -----BEGIN CERTIFICATE----- -MIIB7TCCAVagAwIBAgIBBzANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw -OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA5MDQyNjIwMjk0MFoXDTE5 -MDQyNDIwMjk0MFowITELMAkGA1UEBhMCU0UxEjAQBgNVBAMMCXBraW5pdC1lYzBZ -MBMGByqGSM49AgEGCCqGSM49AwEHA0IABN/XMuvWcXgZXU9ZaoUSIC+XYarobnGs -t95CgiqLizOG0/xOpUmayhlrG6s9/U3FevSgELKgjAU611XlyfWJZwejczBxMAkG -A1UdEwQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBS7jBZxyCH7IQ+BEaG7QxLI -78jaZDA4BgNVHREEMTAvoC0GBisGAQUCAqAjMCGgDRsLVEVTVC5INUwuU0WhEDAO -oAMCAQGhBzAFGwNiYXIwDQYJKoZIhvcNAQEFBQADgYEACG5mtVjg4/sVBBGJ8HOg -0RfEuH7dzjT7e6uuu69vTUcfAvjnfMkzN358LCpKJjjh5andfOH4WizHbyaq8rB/ -1IUKM7fs35P+5ASgPuJlrBr0sFDWz567zpDKNHoT9W8wveyvxbnd+rw3uDRuuxJe -qtK/kWTY/sD7mrAQupUCvps= +MIIDbjCCAVagAwIBAgIBBzANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw +OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTE5MDUyMzE1MDUxNVoXDTM4 +MDExNjE1MDUxNVowITELMAkGA1UEBhMCU0UxEjAQBgNVBAMMCXBraW5pdC1lYzBZ +MBMGByqGSM49AgEGCCqGSM49AwEHA0IABFeiJRRbp6xVnuDqwpKYyROR08QTAAz5 +1imkRcNT8vaSjtnO1CRIVoAcBI4T7EnBTXhe9RzXwg6Nk9qkeRhrCpqjczBxMAkG +A1UdEwQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBQdLi3QY5RamZWH3aMR+IJa +KkMrKDA4BgNVHREEMTAvoC0GBisGAQUCAqAjMCGgDRsLVEVTVC5INUwuU0WhEDAO +oAMCAQGhBzAFGwNiYXIwDQYJKoZIhvcNAQEFBQADggIBALM+hJu+zaDMId33EkGQ +jp4lMAsttRw1oRV2nH7cIzMWv6tggq06Lk+E8WIhfByhN0UBEs+ZqqO0cv7J470l +702/teKsFT+zt994Kw4tlXELx2wxVMDB4I8AEDEgpl5xvdZvRcwlET3OJnWLugM8 +1IeJx5Nb2XaxIJaDB5E0BRItVugYskoturBZAmWBYDuSln3Ryau/rLuq97OlC97l +ywwWrGUc2mrFFkMVtxRVuW0P8HnvsdBuv4X7u5NrMGmY29qM8jroo8lXPND6ftvN +SJN6za+kcQY9ppS0mTounDqsLxn1GR1xPZYAdMmZWEANwr/PhY/d9v+wzxqEbQKH +TZZ92y/xiuU5MIuJxI00YAWFlpL8oGq531RT5vOaJy28nY2lRL2Bg9OK1paxcbNL +QLaV4kUZ46U8F6+oOSpSaOR8D/r9FQf95egcy7Ms1Jche4b7+3iaavJxC7cu19+W +yy6DLoEpUA/gUA/VNH0T66Jo0qEmNRUIqax+9Y1MaAGiAQXbW33qukXqNJPbiQ5G +WG6jb6pKbKwoWKBIzOJ1VOR5GbPVbMkEs9CbUfUHDuGgB2HpU9wPgzx/VHvKfjW5 +bArltGFIEaGSJx0uVwdn8LBmYQulFdEaEAU0kFKjxKgZzz5Ss8mrSeiElqmf17uk +Qyvvsr+LAUawSOSAuD5Kq4Vf -----END CERTIFICATE----- diff --git a/lib/hx509/data/pkinit-ec.key b/lib/hx509/data/pkinit-ec.key index 874b8a53e770..846bb51aae15 100644 --- a/lib/hx509/data/pkinit-ec.key +++ b/lib/hx509/data/pkinit-ec.key @@ -1,5 +1,5 @@ -----BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgL/JpadcZH3wtaXm9 -hbeKhG4YsKoN/WffC88YldqhFYChRANCAATf1zLr1nF4GV1PWWqFEiAvl2Gq6G5x -rLfeQoIqi4szhtP8TqVJmsoZaxurPf1NxXr0oBCyoIwFOtdV5cn1iWcH +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgf0P72e36G4JST5z5 +hGIETF9eViQ6rCu3pu3793hC6DuhRANCAARXoiUUW6esVZ7g6sKSmMkTkdPEEwAM ++dYppEXDU/L2ko7ZztQkSFaAHASOE+xJwU14XvUc18IOjZPapHkYawqa -----END PRIVATE KEY----- diff --git a/lib/hx509/data/pkinit-proxy-chain.crt b/lib/hx509/data/pkinit-proxy-chain.crt index 2d2553fdae74..15fd65fdc846 100644 --- a/lib/hx509/data/pkinit-proxy-chain.crt +++ b/lib/hx509/data/pkinit-proxy-chain.crt @@ -1,40 +1,82 @@ -----BEGIN CERTIFICATE----- -MIICMTCCAZqgAwIBAgIJAOFd/6I9Oly5MA0GCSqGSIb3DQEBBQUAMB4xCzAJBgNV -BAYTAlNFMQ8wDQYDVQQDDAZwa2luaXQwHhcNMDkwNDI2MjAyOTQwWhcNMTkwNDI0 -MjAyOTQwWjA1MQswCQYDVQQGEwJTRTEPMA0GA1UEAwwGcGtpbml0MRUwEwYDVQQD -DAxwa2luaXQtcHJveHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANKxpMj4 -is1Zy+3RQfaZyhIbPkK+1237l10YqJmh5vB4WF+VriouCw8bXK/Q84rnGlr48fYa -3qquiuT7TzUyBJ/vGMhuBosnO4zI3usM7wcp9zfmykesP/5ef1HRe8Lv2F1HZkLc -6N4jo5lIGtnlnXe4qJjbjTPsY4x0PVl5QV0DAgMBAAGjYDBeMAkGA1UdEwQCMAAw -CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBStm+lnDlopIzCh6tdbGhDyHDDdlzAlBggr -BgEFBQcBDgEB/wQWMBQCAQAwDwYIKwYBBQUHFQAEA2ZvbzANBgkqhkiG9w0BAQUF -AAOBgQB/udiUzrV5n+klF473NEMaajNvxC/u4/60vHXt6U42U4zHWWRuWTMDkPA/ -6LorSPIk+ZvWLAFHVR2EdeVFZzxbsb9IAsM+giZxv7bYfloBZHhbzc3r8IDSZa1H -totfxDb/wZrFAbNiuuAdmKuRGxwGYE4ykw3ebLSuoRYPI2Szxw== +MIIFNjCCAx6gAwIBAgIJAJd7zCsMMPvCMA0GCSqGSIb3DQEBCwUAMB4xCzAJBgNV +BAYTAlNFMQ8wDQYDVQQDDAZwa2luaXQwHhcNMTkwNTIzMTUwNTE1WhcNMzgwMTE2 +MTUwNTE1WjA1MQswCQYDVQQGEwJTRTEPMA0GA1UEAwwGcGtpbml0MRUwEwYDVQQD +DAxwa2luaXQtcHJveHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCh +U0hTlQYhDONlH8153Wn2/H6/OW15S9pvg/RcQ9+Mc7a3kOEnImHt4B/zevv1rfYa +EernC2mrTxvSSy2Oxx3yNFsV1Kys+kMYiIygswPohTHYhMQKEjqGPTN97E1JcvMQ +iZy19sl6tG+kLZKa5pSTUoFrlqw2NN9U1WjlgaZ7WnLxwLlatQnZOnA6+MoU1bJe +pkPUAcjOOQZTd2D/3tAOcBKfQ6z97XFqfxzcnclz+9BXgFdZWTR1efd5yYNy17ny +8hoEHuc34+a/hrrhfiFiXYKFF6f07YI6lt+ElPOc93oz19fE4wVskXjvxLOwahzM +q2jRalsj/XlYCEHrZqaYjHvY8MYNFleThQEwJ/zldgQjx2MMnUD3ApxRDutfYM9e +MFSv0ATDFoKi55mGySMD3dMpI1I/TER459Am5c88SfxJNJXAW/2GJXQAJ7tCL3dM +sYcqkl5uVZXPJxSQbfFCl95lhlzOtoXZTS1+cxYN0oz9YfLoG3tz3x5Xtxo0eUbI +NJBq1sWi6bO6+6GyQOxs45sawl906XFqW/qzSywNOOsT/hcuEvc4IGdZKLP/wxF0 +HJzeaqDwfmiT1tz8jArGsbqw/i77xND6tq+56rur5/BhfIapXZ9wKDfawQttpDnX +PTcaT8BSqQejfZa0RiRvt70pypm98eZ1XRzWhC6bvQIDAQABo2AwXjAJBgNVHRME +AjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUzoShaVViBQhilqB70YV+yuLcWIEw +JQYIKwYBBQUHAQ4BAf8EFjAUAgEAMA8GCCsGAQUFBxUABANmb28wDQYJKoZIhvcN +AQELBQADggIBAL45/vKz88cBG7c11gyePde86H7qWgIKrWocohn6eoXF1p2ZkLvP +na4o7WVr/WC7t4DiBZVUNVvrqss/nOI3wMVjU9Mn9wrJbycvrVPAWH1nIhlKR3gM +H8PTcZiHI+Vf14aHTjeRFEXxy0i+K7JxtKRQC/Bi+MuwnBvPwvar3tqFLXprRk4p +p42I7/ngT8WcAzz/LWj0rWYNl/TEFU3esDBr3rz+B5TFVcp2dLpcZW7ScFRh9bLT +OwJ/QNhzvnH5cwsWlb8cpDTFVeyTOBgqh9t6ut6SnDfCu03xIBVuCk+P5KhOGWAS +3cOVqvGn3Y3q1glE2XdKgyYqU2z3itneUyiCeopItFaKZIV52s4WuIuGO+PK8XOi +QhwtnsWO91toEFUpUNkxf/C6C61G4xuvHeMVLdTzO1Xi5kuHyN9gD8rLAuUfaV1c +Zv3f2S8WpvEGkSSu8Ap1k3ExfIaFhgxzu3pjGL5e6YV2lK9d/UGXOpDRFZOUuoRm +dyowQcF3XcH6zTDu+ThXlPSq5bkjrnMnNt2z2LfqGb/GFp1vl11LsXeLgpHmFTq2 +4umDDUwMHVzrmFoa3BtUkgO3BUoSrt2l63TFqTQZgZAf/D042jBcmOhV6Mt5MsDK +MFZkoYjtv+8jTeRwxP2zi3EceCvGkV1Mf3t2/h4wYGa25J6HFq86VVRU -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 6 (0x6) - Signature Algorithm: sha1WithRSAEncryption + Signature Algorithm: sha1WithRSAEncryption Issuer: CN=hx509 Test Root CA, C=SE Validity - Not Before: Apr 26 20:29:40 2009 GMT - Not After : Apr 24 20:29:40 2019 GMT + Not Before: May 23 15:05:15 2019 GMT + Not After : Jan 16 15:05:15 2038 GMT Subject: C=SE, CN=pkinit Subject Public Key Info: Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) + Public-Key: (4096 bit) Modulus: - 00:b2:47:42:dc:46:f8:94:e3:66:2b:f9:26:14:56: - 41:68:e1:7a:04:cd:55:45:ae:e0:a8:48:80:33:58: - fc:86:4f:e8:67:62:89:f7:d4:ba:d1:bb:9a:6a:83: - 1b:4e:01:b5:7c:9e:b2:d2:bf:84:21:98:58:1d:b6: - 4d:fa:af:f2:e5:e8:d4:d6:78:a3:06:da:69:15:09: - d8:fa:07:09:97:cf:1a:3b:2c:69:b2:58:a2:0b:48: - 4e:37:11:2c:f5:7a:8f:50:e4:40:14:29:28:30:ac: - 0b:b5:0a:1e:60:b4:9a:d4:8d:bc:38:c9:2f:a9:d1: - 35:e7:c9:d4:18:66:1c:15:2d + 00:bf:4b:44:8f:d1:dd:56:18:41:5c:c2:c4:2b:ff: + 28:e6:7f:68:26:d4:0f:08:e6:af:dd:72:28:9b:ec: + 5f:5a:2f:f1:9a:7b:21:0f:c2:01:96:d8:85:32:20: + 5c:c7:91:fb:2d:71:33:d7:dc:81:06:32:2e:e5:ec: + 61:37:8a:0b:0c:23:57:cd:9c:ae:93:79:58:26:1e: + de:26:18:12:52:c3:76:7a:d1:6a:dc:98:67:13:4d: + 73:dc:8f:7f:7b:dc:97:15:dd:eb:6e:0b:54:cc:f7: + ef:db:14:8f:d2:89:47:3e:8c:e7:de:ef:61:34:67: + 10:60:8a:87:13:6d:86:91:9d:8a:92:64:72:5c:ef: + 64:57:b9:0e:91:ea:41:2c:03:e0:67:c7:51:cf:ea: + 09:5a:e9:0e:ba:eb:be:53:10:90:e5:0f:87:33:3b: + e6:53:11:1c:6d:75:34:ea:4a:7c:59:f4:6b:da:82: + 30:4d:f5:72:ad:ae:41:f7:c1:ca:b2:7e:74:a4:45: + bd:2d:80:c5:47:d3:ed:c2:02:fb:d9:85:76:00:3d: + a6:ab:da:2a:ef:a4:c7:d6:74:c4:88:02:63:d5:a0: + 5f:6b:88:ee:bc:df:0f:43:78:8f:62:1a:c6:c8:e5: + 3a:43:aa:75:94:d0:71:15:a4:8a:f9:67:5d:93:93: + bd:78:04:46:39:90:48:22:05:78:17:ec:b9:26:3f: + 4f:7b:a9:e2:79:b3:cf:13:ce:34:9f:3c:7a:8f:a8: + b7:b4:12:39:01:4f:26:44:33:b9:7d:eb:c7:0d:c7: + 1c:d3:c5:52:2b:cb:65:a2:48:b8:c6:b2:e5:17:d3: + df:ed:ef:e9:ea:21:5f:2e:42:23:40:35:7e:97:23: + 28:42:0e:22:25:79:f6:ea:ae:a3:cf:c6:c4:ef:ed: + c3:1f:14:05:5f:66:ab:20:a0:5e:80:11:32:1f:ff: + 69:10:e2:8e:d6:70:e4:97:ab:82:89:37:57:74:43: + 81:e6:85:ca:6e:3b:1d:ae:3f:ca:7f:da:2b:7b:db: + ee:ab:ad:a1:a1:16:38:9c:b6:f2:af:be:b0:19:e1: + 63:14:6f:26:24:f4:a8:3a:04:0e:9a:9c:5a:0a:bd: + 22:91:c4:c3:ab:2f:ea:54:d7:ca:ad:ed:b7:a0:98: + 8a:c8:94:15:ea:13:22:97:29:df:3a:85:4c:80:0d: + ee:3f:d0:66:3d:9c:0f:41:2b:fd:1e:90:f5:8a:fb: + 4c:10:20:3b:91:cc:fc:ab:d8:89:ac:7a:9f:bc:c9: + e4:09:fe:81:ba:53:cf:f5:13:1b:4b:b0:f3:bf:34: + 3d:3d:2c:8c:90:89:d6:37:78:cc:7c:f0:a8:97:08: + ac:ea:f5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: @@ -42,29 +84,66 @@ Certificate: X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Subject Key Identifier: - E8:3F:1A:8B:C2:8A:9C:F9:B4:4F:95:D9:55:29:0C:A5:0B:0E:13:C6 + 76:9F:AA:4D:D1:1E:92:61:23:CE:AE:DC:C3:CD:07:EB:A7:13:43:2F X509v3 Subject Alternative Name: othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption - b5:ab:c2:d5:f8:30:fc:bb:b3:53:c2:42:a0:f1:4d:a0:5c:92: - 1a:c7:dc:01:df:42:6a:d2:c8:79:18:ae:a7:09:8e:ea:1c:97: - 80:93:b1:e3:23:4d:ca:15:f5:f8:c2:d0:38:5d:0d:76:7b:41: - 47:f1:a4:77:26:86:2c:69:2a:5c:86:32:00:09:da:04:3c:d6: - 30:9d:a3:0a:e2:b1:a6:36:2f:ff:3c:80:d6:e7:2a:8b:49:dd: - d8:24:98:7a:15:0a:29:f0:4b:30:ae:73:b5:af:70:7a:3a:b0: - 40:27:a7:4e:74:8c:46:1e:2f:bb:cc:57:63:30:bf:b1:38:81: - 10:bd + 3d:2f:62:54:90:6a:d1:f1:93:cc:21:b6:45:d2:d8:d3:ae:c8: + c4:63:6d:9a:25:a1:c3:33:3a:c0:90:ea:ac:4b:67:a4:af:dd: + 75:3f:03:13:44:a9:7e:5a:9e:3b:6f:df:06:d0:6d:ae:bf:fc: + bf:23:b0:5e:c9:1b:98:d1:e6:6c:20:83:48:2f:b1:8d:ef:c1: + 33:fd:d1:7f:d0:ca:03:9a:e4:3a:42:17:0d:e6:40:25:2f:f3: + 80:83:36:c4:cc:8e:4b:7b:90:9d:22:ca:83:c1:a3:d0:c9:13: + af:b4:a6:d7:d9:3b:be:fd:d1:5a:da:71:f8:6e:18:c8:8e:82: + d0:b8:a6:de:58:c8:9b:8f:c1:20:ab:81:a8:3b:29:81:2d:cb: + a2:f3:b2:9b:81:7d:78:c6:55:ed:05:75:7f:4c:64:6b:fe:00: + e7:2b:6e:17:d5:32:de:e1:1d:33:f6:ce:89:4b:c6:be:92:54: + f7:16:ea:91:b7:af:46:80:41:8f:6c:47:d6:07:d7:62:34:1b: + 7c:69:e8:6c:ac:6f:39:b2:3c:60:cd:b3:89:95:3a:9e:ef:75: + fa:b1:ad:b4:bc:89:69:1c:69:53:dd:94:25:93:7c:64:56:75: + 0a:a9:8d:2b:6d:ed:9c:e7:cf:9a:ad:02:ca:79:f4:fa:59:4e: + 51:33:c3:f9:4d:a6:35:62:50:e7:f3:2d:aa:32:b3:60:2f:1e: + e3:71:6b:78:98:f7:9f:fe:0f:0f:f1:a5:6a:4f:f7:01:22:52: + 60:6b:62:b5:5b:15:6d:4f:41:e0:23:a0:43:45:39:70:f3:a0: + bd:30:14:63:01:01:f4:1f:fb:65:43:c8:99:57:aa:47:2d:53: + 0c:f6:c2:65:f3:1a:64:69:67:f3:7b:b1:2f:0f:c1:e8:a2:5e: + 78:bd:df:a6:d8:3e:ce:6a:fc:bb:c6:14:a1:6b:de:fa:47:5d: + ce:6a:24:60:da:1b:5d:fd:c1:5f:27:34:a2:b6:dc:bb:e5:f4: + cb:14:88:e6:66:e7:49:e8:a0:22:49:da:af:1a:30:f6:ac:a7: + 99:56:5e:b4:b0:19:71:67:59:cd:0d:67:4b:82:54:0d:c9:88: + cb:ea:36:7f:60:d5:df:8a:74:78:25:2a:b5:ca:89:ac:9a:0b: + bc:a4:25:f9:38:c0:13:58:1b:5c:60:0a:b7:9c:74:de:b1:7b: + e2:5e:1d:85:50:e0:69:22:c5:2f:e1:1a:1c:ca:cd:a7:ab:0d: + a2:ce:f1:88:92:68:10:fa:1d:ca:f4:62:6d:cd:8b:1b:72:2f: + 67:a1:b6:f6:ef:b9:f1:e8:bd:42:54:d8:4b:e0:8b:9b:6d:2d: + 1c:ca:c3:eb:79:5c:d7:00 -----BEGIN CERTIFICATE----- -MIICMTCCAZqgAwIBAgIBBjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw -OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA5MDQyNjIwMjk0MFoXDTE5 -MDQyNDIwMjk0MFowHjELMAkGA1UEBhMCU0UxDzANBgNVBAMMBnBraW5pdDCBnzAN -BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAskdC3Eb4lONmK/kmFFZBaOF6BM1VRa7g -qEiAM1j8hk/oZ2KJ99S60buaaoMbTgG1fJ6y0r+EIZhYHbZN+q/y5ejU1nijBtpp -FQnY+gcJl88aOyxpsliiC0hONxEs9XqPUORAFCkoMKwLtQoeYLSa1I28OMkvqdE1 -58nUGGYcFS0CAwEAAaNzMHEwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0O -BBYEFOg/GovCipz5tE+V2VUpDKULDhPGMDgGA1UdEQQxMC+gLQYGKwYBBQICoCMw -IaANGwtURVNULkg1TC5TRaEQMA6gAwIBAaEHMAUbA2JhcjANBgkqhkiG9w0BAQUF -AAOBgQC1q8LV+DD8u7NTwkKg8U2gXJIax9wB30Jq0sh5GK6nCY7qHJeAk7HjI03K -FfX4wtA4XQ12e0FH8aR3JoYsaSpchjIACdoEPNYwnaMK4rGmNi//PIDW5yqLSd3Y -JJh6FQop8EswrnO1r3B6OrBAJ6dOdIxGHi+7zFdjML+xOIEQvQ== +MIIFNjCCAx6gAwIBAgIBBjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw +OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTE5MDUyMzE1MDUxNVoXDTM4 +MDExNjE1MDUxNVowHjELMAkGA1UEBhMCU0UxDzANBgNVBAMMBnBraW5pdDCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL9LRI/R3VYYQVzCxCv/KOZ/aCbU +Dwjmr91yKJvsX1ov8Zp7IQ/CAZbYhTIgXMeR+y1xM9fcgQYyLuXsYTeKCwwjV82c +rpN5WCYe3iYYElLDdnrRatyYZxNNc9yPf3vclxXd624LVMz379sUj9KJRz6M597v +YTRnEGCKhxNthpGdipJkclzvZFe5DpHqQSwD4GfHUc/qCVrpDrrrvlMQkOUPhzM7 +5lMRHG11NOpKfFn0a9qCME31cq2uQffByrJ+dKRFvS2AxUfT7cIC+9mFdgA9pqva +Ku+kx9Z0xIgCY9WgX2uI7rzfD0N4j2IaxsjlOkOqdZTQcRWkivlnXZOTvXgERjmQ +SCIFeBfsuSY/T3up4nmzzxPONJ88eo+ot7QSOQFPJkQzuX3rxw3HHNPFUivLZaJI +uMay5RfT3+3v6eohXy5CI0A1fpcjKEIOIiV59uquo8/GxO/twx8UBV9mqyCgXoAR +Mh//aRDijtZw5Jergok3V3RDgeaFym47Ha4/yn/aK3vb7qutoaEWOJy28q++sBnh +YxRvJiT0qDoEDpqcWgq9IpHEw6sv6lTXyq3tt6CYisiUFeoTIpcp3zqFTIAN7j/Q +Zj2cD0Er/R6Q9Yr7TBAgO5HM/KvYiax6n7zJ5An+gbpTz/UTG0uw8780PT0sjJCJ +1jd4zHzwqJcIrOr1AgMBAAGjczBxMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMB0G +A1UdDgQWBBR2n6pN0R6SYSPOrtzDzQfrpxNDLzA4BgNVHREEMTAvoC0GBisGAQUC +AqAjMCGgDRsLVEVTVC5INUwuU0WhEDAOoAMCAQGhBzAFGwNiYXIwDQYJKoZIhvcN +AQEFBQADggIBAD0vYlSQatHxk8whtkXS2NOuyMRjbZolocMzOsCQ6qxLZ6Sv3XU/ +AxNEqX5anjtv3wbQba6//L8jsF7JG5jR5mwgg0gvsY3vwTP90X/QygOa5DpCFw3m +QCUv84CDNsTMjkt7kJ0iyoPBo9DJE6+0ptfZO7790VracfhuGMiOgtC4pt5YyJuP +wSCrgag7KYEty6LzspuBfXjGVe0FdX9MZGv+AOcrbhfVMt7hHTP2zolLxr6SVPcW +6pG3r0aAQY9sR9YH12I0G3xp6GysbzmyPGDNs4mVOp7vdfqxrbS8iWkcaVPdlCWT +fGRWdQqpjStt7Zznz5qtAsp59PpZTlEzw/lNpjViUOfzLaoys2AvHuNxa3iY95/+ +Dw/xpWpP9wEiUmBrYrVbFW1PQeAjoENFOXDzoL0wFGMBAfQf+2VDyJlXqkctUwz2 +wmXzGmRpZ/N7sS8PweiiXni936bYPs5q/LvGFKFr3vpHXc5qJGDaG139wV8nNKK2 +3Lvl9MsUiOZm50nooCJJ2q8aMPasp5lWXrSwGXFnWc0NZ0uCVA3JiMvqNn9g1d+K +dHglKrXKiayaC7ykJfk4wBNYG1xgCrecdN6xe+JeHYVQ4GkixS/hGhzKzaerDaLO +8YiSaBD6Hcr0Ym3NixtyL2ehtvbvufHovUJU2Evgi5ttLRzKw+t5XNcA -----END CERTIFICATE----- diff --git a/lib/hx509/data/pkinit-proxy.crt b/lib/hx509/data/pkinit-proxy.crt index 28da269f4bac..3fe393e4193e 100644 --- a/lib/hx509/data/pkinit-proxy.crt +++ b/lib/hx509/data/pkinit-proxy.crt @@ -1,14 +1,30 @@ -----BEGIN CERTIFICATE----- -MIICMTCCAZqgAwIBAgIJAOFd/6I9Oly5MA0GCSqGSIb3DQEBBQUAMB4xCzAJBgNV -BAYTAlNFMQ8wDQYDVQQDDAZwa2luaXQwHhcNMDkwNDI2MjAyOTQwWhcNMTkwNDI0 -MjAyOTQwWjA1MQswCQYDVQQGEwJTRTEPMA0GA1UEAwwGcGtpbml0MRUwEwYDVQQD -DAxwa2luaXQtcHJveHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANKxpMj4 -is1Zy+3RQfaZyhIbPkK+1237l10YqJmh5vB4WF+VriouCw8bXK/Q84rnGlr48fYa -3qquiuT7TzUyBJ/vGMhuBosnO4zI3usM7wcp9zfmykesP/5ef1HRe8Lv2F1HZkLc -6N4jo5lIGtnlnXe4qJjbjTPsY4x0PVl5QV0DAgMBAAGjYDBeMAkGA1UdEwQCMAAw -CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBStm+lnDlopIzCh6tdbGhDyHDDdlzAlBggr -BgEFBQcBDgEB/wQWMBQCAQAwDwYIKwYBBQUHFQAEA2ZvbzANBgkqhkiG9w0BAQUF -AAOBgQB/udiUzrV5n+klF473NEMaajNvxC/u4/60vHXt6U42U4zHWWRuWTMDkPA/ -6LorSPIk+ZvWLAFHVR2EdeVFZzxbsb9IAsM+giZxv7bYfloBZHhbzc3r8IDSZa1H -totfxDb/wZrFAbNiuuAdmKuRGxwGYE4ykw3ebLSuoRYPI2Szxw== +MIIFNjCCAx6gAwIBAgIJAJd7zCsMMPvCMA0GCSqGSIb3DQEBCwUAMB4xCzAJBgNV +BAYTAlNFMQ8wDQYDVQQDDAZwa2luaXQwHhcNMTkwNTIzMTUwNTE1WhcNMzgwMTE2 +MTUwNTE1WjA1MQswCQYDVQQGEwJTRTEPMA0GA1UEAwwGcGtpbml0MRUwEwYDVQQD +DAxwa2luaXQtcHJveHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCh +U0hTlQYhDONlH8153Wn2/H6/OW15S9pvg/RcQ9+Mc7a3kOEnImHt4B/zevv1rfYa +EernC2mrTxvSSy2Oxx3yNFsV1Kys+kMYiIygswPohTHYhMQKEjqGPTN97E1JcvMQ +iZy19sl6tG+kLZKa5pSTUoFrlqw2NN9U1WjlgaZ7WnLxwLlatQnZOnA6+MoU1bJe +pkPUAcjOOQZTd2D/3tAOcBKfQ6z97XFqfxzcnclz+9BXgFdZWTR1efd5yYNy17ny +8hoEHuc34+a/hrrhfiFiXYKFF6f07YI6lt+ElPOc93oz19fE4wVskXjvxLOwahzM +q2jRalsj/XlYCEHrZqaYjHvY8MYNFleThQEwJ/zldgQjx2MMnUD3ApxRDutfYM9e +MFSv0ATDFoKi55mGySMD3dMpI1I/TER459Am5c88SfxJNJXAW/2GJXQAJ7tCL3dM +sYcqkl5uVZXPJxSQbfFCl95lhlzOtoXZTS1+cxYN0oz9YfLoG3tz3x5Xtxo0eUbI +NJBq1sWi6bO6+6GyQOxs45sawl906XFqW/qzSywNOOsT/hcuEvc4IGdZKLP/wxF0 +HJzeaqDwfmiT1tz8jArGsbqw/i77xND6tq+56rur5/BhfIapXZ9wKDfawQttpDnX +PTcaT8BSqQejfZa0RiRvt70pypm98eZ1XRzWhC6bvQIDAQABo2AwXjAJBgNVHRME +AjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUzoShaVViBQhilqB70YV+yuLcWIEw +JQYIKwYBBQUHAQ4BAf8EFjAUAgEAMA8GCCsGAQUFBxUABANmb28wDQYJKoZIhvcN +AQELBQADggIBAL45/vKz88cBG7c11gyePde86H7qWgIKrWocohn6eoXF1p2ZkLvP +na4o7WVr/WC7t4DiBZVUNVvrqss/nOI3wMVjU9Mn9wrJbycvrVPAWH1nIhlKR3gM +H8PTcZiHI+Vf14aHTjeRFEXxy0i+K7JxtKRQC/Bi+MuwnBvPwvar3tqFLXprRk4p +p42I7/ngT8WcAzz/LWj0rWYNl/TEFU3esDBr3rz+B5TFVcp2dLpcZW7ScFRh9bLT +OwJ/QNhzvnH5cwsWlb8cpDTFVeyTOBgqh9t6ut6SnDfCu03xIBVuCk+P5KhOGWAS +3cOVqvGn3Y3q1glE2XdKgyYqU2z3itneUyiCeopItFaKZIV52s4WuIuGO+PK8XOi +QhwtnsWO91toEFUpUNkxf/C6C61G4xuvHeMVLdTzO1Xi5kuHyN9gD8rLAuUfaV1c +Zv3f2S8WpvEGkSSu8Ap1k3ExfIaFhgxzu3pjGL5e6YV2lK9d/UGXOpDRFZOUuoRm +dyowQcF3XcH6zTDu+ThXlPSq5bkjrnMnNt2z2LfqGb/GFp1vl11LsXeLgpHmFTq2 +4umDDUwMHVzrmFoa3BtUkgO3BUoSrt2l63TFqTQZgZAf/D042jBcmOhV6Mt5MsDK +MFZkoYjtv+8jTeRwxP2zi3EceCvGkV1Mf3t2/h4wYGa25J6HFq86VVRU -----END CERTIFICATE----- diff --git a/lib/hx509/data/pkinit-proxy.key b/lib/hx509/data/pkinit-proxy.key index 9bb546fcdd81..3567bf5d1d7e 100644 --- a/lib/hx509/data/pkinit-proxy.key +++ b/lib/hx509/data/pkinit-proxy.key @@ -1,16 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANKxpMj4is1Zy+3R -QfaZyhIbPkK+1237l10YqJmh5vB4WF+VriouCw8bXK/Q84rnGlr48fYa3qquiuT7 -TzUyBJ/vGMhuBosnO4zI3usM7wcp9zfmykesP/5ef1HRe8Lv2F1HZkLc6N4jo5lI -GtnlnXe4qJjbjTPsY4x0PVl5QV0DAgMBAAECgYEAo99RWJKferqV92GjmYbh+RVB -Zq6CZmOhxeHw+JVJRs2Dhsynit0G8vgILiMp2WaIRCuOHiml+EELfK/OWoSNvOGy -q0ss+mu0Jm3d9bQUYE7O6fBbFtY9zYIYOVWP4YCIyA0su48W3Fk+wQeNewKj396Q -7tx4aBn5f8DARkZrVRECQQDxX81pSf8VTnNQNhvp76YhANGtBhiJ8OtADCNUoJT+ -sKAPa8HiBTHL2alkBbi/b4whOzePCJSjHTinkEBE+iuJAkEA33XtpR3ACDCtrvAo -WNdE7zt4yV4tByzmQCK3u3ZxSJOPKinR55tUjZynqghZmpS+XSE5rRwmsx75ZwkP -oNdlKwJBALcPmZJI9JUMMpia8QCzKKPPIza+cM3tUf35NrJwN5ASFNKdPyZUGjgo -lDevvzYxO23Yo4JvV4t+FgG/fX7S3UECQFh1/tXWqSaU3qzaNZ612Xw7Nt3AgmLM -y3moRMPZZ48rmwk99PKS8y38TgNpus8PAy0q8gItmsReBq1bUOyDWHECQDQOIlRO -k1OWBLD4PLYaxB1c5F59tfCV+cRlm/sYTnDjdDWWu8D2Qhjhz367iLLMJvV2Klyu -7FwUNyfKI6Tk3oY= +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQChU0hTlQYhDONl +H8153Wn2/H6/OW15S9pvg/RcQ9+Mc7a3kOEnImHt4B/zevv1rfYaEernC2mrTxvS +Sy2Oxx3yNFsV1Kys+kMYiIygswPohTHYhMQKEjqGPTN97E1JcvMQiZy19sl6tG+k +LZKa5pSTUoFrlqw2NN9U1WjlgaZ7WnLxwLlatQnZOnA6+MoU1bJepkPUAcjOOQZT +d2D/3tAOcBKfQ6z97XFqfxzcnclz+9BXgFdZWTR1efd5yYNy17ny8hoEHuc34+a/ +hrrhfiFiXYKFF6f07YI6lt+ElPOc93oz19fE4wVskXjvxLOwahzMq2jRalsj/XlY +CEHrZqaYjHvY8MYNFleThQEwJ/zldgQjx2MMnUD3ApxRDutfYM9eMFSv0ATDFoKi +55mGySMD3dMpI1I/TER459Am5c88SfxJNJXAW/2GJXQAJ7tCL3dMsYcqkl5uVZXP +JxSQbfFCl95lhlzOtoXZTS1+cxYN0oz9YfLoG3tz3x5Xtxo0eUbINJBq1sWi6bO6 ++6GyQOxs45sawl906XFqW/qzSywNOOsT/hcuEvc4IGdZKLP/wxF0HJzeaqDwfmiT +1tz8jArGsbqw/i77xND6tq+56rur5/BhfIapXZ9wKDfawQttpDnXPTcaT8BSqQej +fZa0RiRvt70pypm98eZ1XRzWhC6bvQIDAQABAoICAGfmvKFgTIdCxr3dgrgnO1Ug +f/1m3jQN/4xs/xfhevv5lseZXvmWcl4DSHDHV7l+pg9aVOEjf5YeqDuDwb7ATXAt ++jAQPnpV4JrPb0scoLrD9juOHrihzuGgTyad55UTnKqdBrpHTLJjvbeOxmpPcYeE +zufdLeLnoKMBo8KVAwVVVsyPJJHgIYyvz5Kbo4NRssS07uB/mbYAEiv1qhqBhZyW +39eFfcg5gh9l6M/KK/IwT5nbheZ8xoWW3SWp/KgdepyXAtx+jsp3VKkr+/a5BoVU +1ngjqT/dLE/R1fmM+W2yEhmLvWMIF/k5pBtAo75OSWgkSaj+h96hJOLmxpX3EfoO +UdEYWnToOyovTUqs0mQREolOvPPjQPdgSGJsnuEsNzT3cJGrM9Nq+exQUXXXKCCa +No06TS46ILykvT+GBXxoyIVkWmpqDHHh4NuBUAcrB5yTYn3MoMeo4y7bvE8pl3C9 +wC/5un+lzNixHNmHRNDzre8uLjhmR0PnP5y7EThOaBS9/DTjzoJqfaw1K2WC9lbe +vdpWSf/Kwjk3SGCXaneXfaWvLaB+mSHW1JJjtdOuxOdGGGXiJN/qYz8C+pTHzVxj +uJGNkcz2nlGLG9RdaVBenItO3lUx5Zk7uHJdIZuQf31fmEXTFms4YGTdK9+GQIQv +N3ivhfvtuBwWoBCHK49hAoIBAQDMOhPQJlQnlPnosdOAFDNOh+2fEPEpeY9SKvGA +zn3jsO/UphtagulkPWCE7ld4D7b1IBDFSh9CnDGPljzz6uQCGi7FHAlOauTel6eh +lJp8sp8STc/H2QrLE00BzhSlLPxGIAS+tBBwLG2jXBmi2l/K2aFbheUak7mev7nF +b4oWTKC9fweygfP87NX0Tsu2Wzfd2TR7gYz3r+/+wkd15pTBtuBUp0YUkCNKfhk/ +qqHOgO3neokb5YZrhq1dM+qhT9/2rM1zon0b9kt3r6+7mbdC4iAy9Ek6LOEGDu4N +jGNhQSEj+usKJhW7X2m0dcG46JytCMOFLPVmdwTIHm6/O2PZAoIBAQDKOPqv2luX +49Dat3A+zqQfecVmffdHbRF5EgIRfHYYHXvccJtD8MnkXBrJAwe4Y0UI00SECGzZ +jK2ReyRWbq+qHQGLk3Zu3ojbXw0wXRR5iivGckSd1IevS5pbmVnc7FzZjxWaoqbT +Uo7Y1LtUqulfqCJHbDB+l+kIv/kwTQG2rb1WnTY8Y4YEHuy54zh0Ke6t8XFqGME5 +/ASgTWnEIyFSuiptA+CeBm0NVMUH0MDd4j0OkYMNkIQODC72o7Qw9mwvij0xrOWq +fXaxYocB8Z/hRSTv0r/qnPP8wjNCLtZt0iHcq+y63nANTQYk8v6PS6nl6Ppiz+hu +M5W7ajwtqByFAoIBAQCnXYEXOBIHTiNv+ytk7ykM1oB5txyr7J7zq5W3BYJNspcZ +IfeQuXAjYdlTly+/iMFbKSgVRqVPpUlIbssM6hZpUqO5jTxjM17UvFv4IxxnzMpn +6bS6Bri9q9eT/xsUMkWcAmlhD5fZFc/T7Ipl16hhSPDfXF9g5GdeHalUkBAOLkYc +hZn9RFp7kGvWhyyTCTZDbNmBza2E3n5DvVtq18hY6FH3jg30lBsX1TdD4cYwwaA1 +70mlvvfl7rzsgLtr71WPhhXpCeSVocY/E49koph5C29v0pqgPl8648la+Q4IiaNr +JRqxenyczZiG92oG6zpa46+32BxUGH2msqn3teghAoIBAFKQrRn7p4X+iBmk5/lc +2XnYeBZ+u+W3zHiIN7v3+yehch7xAxPcTjIkwPLtf8tzDI6r47+cyQSSAZPymUWI +78QfD7BzRtnBllMrHfFvL5roJTNjGEzwp22VCrL3i8892jMhzopSepaxkI1LXikV +ly9tMIHE1I/7ajQeXZmw91Ak47dnfOtvHxqznafP9A7JyB/RAqN08/++vAzPTq28 +QjDKvePAv4cFzKSyxbeJLhXp90/pbX6uUJyDsPEWqc2L72QBpzaPBz5y93E5bzIF ++2c4mfopLB6Ycq3yhIczJG22bAjzUTaC93EWz7lqVTEgjX/HfeO2S4ojGbFpkKR7 +jRkCggEAE9shCbl5bHJR2l5FgNOr99rkpNs33WJa9ZQpsQ2oXq5yLL2plhIJO2tg +kKM/ld6PwFinxBoLhd4Knb3X8Kf4mWCALO0lJRzB3qiEu4SP15UYchayDpjGFzNQ +EejcYcJ59XT6PC0nlckmsBeTSXWTEsjk4vaca01kp0tM1DNuJ4V6iXXJhj70xkqr +NRlFuTLBxE/PIs8eg6Da/4sQZ5MnZq1WRylbda42xCMebGV6zxuc9HiI348LlAhn +Kw/dTg2m5gwYznLHSpEH1n0ILrDtMyb5tZ9KfJzVuyz1Glo7UKf5hYoqZY/n/bCN +gvWFSlv63UgRaUrIlQWr2X01y9IGjw== -----END PRIVATE KEY----- diff --git a/lib/hx509/data/pkinit-pw.key b/lib/hx509/data/pkinit-pw.key index a0c4adaa04ea..ac89d6af05fa 100644 --- a/lib/hx509/data/pkinit-pw.key +++ b/lib/hx509/data/pkinit-pw.key @@ -1,18 +1,54 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,28C20887B231CD5238D14EE2237F6440 +DEK-Info: AES-256-CBC,EF2C2237F4387D5197FBFEC26EFA3487 -CSjnAI3/grUaoUWonmFVrAJpJr8MAUsJ5i5X/56t/SJNnt64GdRR809rsidRUen1 -Poaru3wgOdMO39Xdx1tj95TL3iXMVOckMK/0CDc6I8e4e65ic5ySvLIP7yj06aq2 -iABYy2VnD8yh8neXCl18/tMmIk/mIHkOeey4rrglk5Qs/vohS8KmknuLfOFUdWz3 -2F/Coax+/Itmco4lPNK7FUvVgzyp1fVnZ1upWOnx/HEcXY0t3yE9Y6fWgu6LtqNr -LWvLogalpFVy7l9yb/EStZJnUoc4R90cdX3hsEkYDqxFM5INAZNgBKNa/qfDKifX -b2+uOg2LZ+yYHdyFCezNL6fr38TSNleTU6kq2xrhRbjVzArnEKo2f+XNsQXfy3ix -s1ibkqJXeWA4gPTFVqxKzeO+Pe05hWjUJmPcqwGQe4hGP5SNdiqWuxtL2Z/natva -u9AyUqap9A963qrp1xZMDqZC7asZEUXAWJSkqkU9iS7a6Vn7G82236/T2OoumNWi -XVsm2iOpdIqcTCMoBtB6TkTFPPKZ6f0APD3nAia6Uy5RrorvyadbqTG3AVlQicD5 -6myM7zEta7qWL5kPVk1JIbcNHN929kEgAKKKx9c1H+DgHDQrPM5bsHS9vAVYq0S4 -gUhA44LuizSKEXw+hHJJueU5IK/rv3auNo9Dtt487syz5PnEzeTsiyBqTx6pu2hF -fZ/HkxqQsY34/4pJBdFdnxHfnDMmEuKHY4vt20d1NVU+EP8+R0F4aCTGUWDfUyM9 -oTXJekFmOBfZn3WUkLXXgz+i7a49g9pzl8gFekQ8Cx9s1rkvToklQS8lzspBZwsU +m1mmDR2qaA0u6ZSC1Xvw6o9Uyt0NvNgKM2Lln0BOvE3UvsbUxE5NEGynlthge4zX +HfLX6PNZ4vkQASzm+e0M/cwUijDADmuHhsaZP30BriJ8SzZoeYq7WUVkv1EbCZFZ +o/lsVFBPzW6K2Vfjphj1WRwZZEsgef+kFtwNSQxcHXRmK3njcKaP67fKzsH2rjPE +HMEo/9vAShCmFH4Tnzxy91SF4Gftdov0xqRQZpG/1maCx0/76RJL7lxpYUYmIOPa +j2l6SUFSOP742bLWuHQXT36/SyocF2pk9kFzTfNb0lP7lriYrWhSDqqRWtoU0m3M +Ulku3bcDd/HH0Br70qfDDOvWuGb2ayHRKoDDVlRnwXZ9tzl9BHqzvLIORKEt2vns +6pHNU+8GwvYgtAlLMaN7KAH6hFUkVRi49lvTJbtrVJjMcGU7Vl5zurcyrfL2eLEZ +tdyR1lL01JWZW1gz177dn9drcB//r2ZIq6g9Ah0e1ZBj7aEFfSabfRuLgUaF859q +lWKt8112uuVn9vqOkiOlZVsNMRzP+NUEggVQ7Jn3H8CEqHgC1a0JElaQh/kd6BkP +RthT1Qz0WyPMz1LE2aInFavnrFXqNyuLkkd8WSb+wo8V+jZL/a2jl8d7thQsxOHt +OjfRyioX1YmeGBWz7I1ZObk1O0xi7vj7f4LoqabUqnU2Z6FQLCNRBlnO+SJq0DJj +Ca6r1bN3NPGH9vhL8sd6Ce+C/fMXyDLX3qp9qS6ZmiSDOTIC5si8JmWMeCC8yrim +RjBWEtTC4ve41ObrPHeDqDQOGdPpnPH5unQZA2jul3xizbr1ToYD4Uk3FuUYd2dH +Fp/OutvsPUz6Eu6gllOJ/KYwSakncWZknJt7spwHjoyKoqRVbqyIrMWrQDCd491M +ezZPeFursXyMeTezWcgUvh/NWA7+neQg99CP7hBs4v7LV9GYXJOxcJ97Hwl4m7mF +u3QZb8Izgu7IVRFju3u5kU13hi/yO+q9Yg2wvZAg5C7znpm2d/QDJCEdjqqUIjE+ +/r+a4QxSCbl7y4fiuHZqY+qTgFK4kQBCDGIixc+tDcZru4wiGKDYoMhcERDvxKLT +Upwbx3CqA28L42A+6IwapWO+jSBmCdfD6B+GEEWPaf5YzNZmM7td+DLeyOKAEK8w +GCZkd58hn9x0BZxEvxTcLqWFO0BMC8FSHyjPRnW9Ik5H2a8vllb3Wiq7LFZum1of +w2s9eb3vY2Lv6WNU2Mug+QwwbCwwmQmEJfROp/CWuHMmDlBudtDvVi2zUhNrqLoI +LSNBlyxCIHO21R2IWOpZ+xglOh7+Qc4oXZHnhttREsOL7FnE6IYdcP1hfF0uWAtc +kArTtgvFJurlZO+k840KPS1cfYLBNTgPK+6xssC2qZr3u6zP5Oh30gGgBQeETUxW +JrMW3LzoMH0I/RcYK3FkEb38KAQpYLvJPKzNRD3/ZU2judjlslobHhvJaXTeOxiK +B3NoFGi9+BXFBDyuKcHwUuFA7XCM9iIUbGoMzrSKFkc0CsCrJCWVvF/1cRNpJUQz +SOxKM/HvWD9VdpTyJ8qDoI0lKS0jn+rCcF9lMwvORVPebkypGkXC0RSwvx4+cFnT +oRjqpfLKzJlcEk+U7hPH5ZjsDUYq+FargGDmNvGZohpGNxsdYV1v6B6l3c7sLcWf +lShZVLMTYzAlgBpywzsoyPQxm32hVMcpme+nzMq74QB3ZHv/uy/xgTbOCnTTQQZv +hPvnEYcsNW9IBhGLr4kIsex5O5sLuatgDLh9xWgPObriu5BBVDNNqApze6AcqnIN +3TW/qzmyc3R95nxHCxVocwU1Pl9ZPGP+Mc+osUQD3seHAKmNQKWPiVzven8NdiBC +nSIjmBxVRtHdoiVLXk9LkTBoS+w1iPG1ztVsf+Vjg3PUoROD0XuzqwZ4XlkT64IT +6zcjD0IrSYgbO56Oqga8quibZl3+BVLexj/veFv2SKw31dMZ95ntnwuKpwCv3jHf +lrxrkPzj9Fsqup+HR3yh36FKyZkgPEU4KUrraXbsQMDdJdcec944QBIftj0p44W0 +T2SeGk0rkHSFZiZqoeyJ6ubKxalnre6PwJwtvVrx0QzREIGdCG5+SyphYEtd+mBr +ATh0LbMqD6vyJ66t4SuOdiCSfVbEomKaftS3C752Gk2QxFT+XEgNPuSDp5V8DqBR +W3W8DB03d3DolznjjcHTUJH65A1ADepUFpIteIkhHUrQP6IqQUNaaCIFd462IDCL +lL/4V7b1kq1pZJcF/yyDvdDAZM/6aTorKXy9l/v3SUN4z6smraISVTwShyof7Olf +2dQx1Eh/OjYNEATG86eoW15p6EWclO0osvIxR21xeOTFQUuiR9SijtLOOTiNKrTu +ug4/57HvGI3rI6Lujcx+js2B2aBdk+O8AkpCAcFTM7FkFRQCngP7ayyVt3I6x+M/ +8vxz6L7fdXYX/RYSIVLKlbSKo15f9NyDJiaHpACIpRzYUQLjrXcKsTiAcDoFaFGz +TLsTLnA3QDbTRptaDSvQfPhrOM5QezKVmhT6MSzCeJFAskpIgRm4XwaOQjZ/XP0J +ua7IG2WD6k8f62cszlbCEvMZWMBvb8JYVB/UGcBLtolFG8EGvvUrWAHWLWVvngNb +HCI7t/Z4SqIexcBTAOal1bAT/gcvNrAmSBXkcNg3hMqMXOXuC7W5Qbqtk6Bd1uiN +5BWMJOnGXrALbpHxNtC4QBjCAC6MshkMOJvIpNn4f30Qq4Of+NyJrIJl1jo/WLqG +hsHXYzZYI2LcfOi7a+4oSHQ2OfsGvdKWwmJha6Koo1VlF8gnHSJaGAH/soilan0w +KSOqSW4DJnAc3zry0jfDeLJLktrEn86xen1v2HjnS1WohfkFL5sSk3z5bVqQ6NrK +9OOeeXIzWC7AETBc6N3TY7rKljH0ZdtiB7axVI/0Vfmiqw9vOzJ3fij9BcLvXBQs +JKy80AdUvT4o3PGW9DJX/Ki04NBB9Y/Jlmtu2j1Iq2NVERqma/HzUliGosffdwYw +EswIfbMjKhghu6mbHguE2DdW2vXkKgmbUJcBFb2tnc97ESslJoxssWB3uZJNQqRW +FLl+I56S4CVUDLg6WmB7ZMyhCWJ0u2d/zvombQBnPN6GEc+VkZUzVE7NFYmK8j2Y -----END RSA PRIVATE KEY----- diff --git a/lib/hx509/data/pkinit.crt b/lib/hx509/data/pkinit.crt index 4dae0868e9cd..86642369ce41 100644 --- a/lib/hx509/data/pkinit.crt +++ b/lib/hx509/data/pkinit.crt @@ -2,25 +2,51 @@ Certificate: Data: Version: 3 (0x2) Serial Number: 6 (0x6) - Signature Algorithm: sha1WithRSAEncryption + Signature Algorithm: sha1WithRSAEncryption Issuer: CN=hx509 Test Root CA, C=SE Validity - Not Before: Apr 26 20:29:40 2009 GMT - Not After : Apr 24 20:29:40 2019 GMT + Not Before: May 23 15:05:15 2019 GMT + Not After : Jan 16 15:05:15 2038 GMT Subject: C=SE, CN=pkinit Subject Public Key Info: Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) + Public-Key: (4096 bit) Modulus: - 00:b2:47:42:dc:46:f8:94:e3:66:2b:f9:26:14:56: - 41:68:e1:7a:04:cd:55:45:ae:e0:a8:48:80:33:58: - fc:86:4f:e8:67:62:89:f7:d4:ba:d1:bb:9a:6a:83: - 1b:4e:01:b5:7c:9e:b2:d2:bf:84:21:98:58:1d:b6: - 4d:fa:af:f2:e5:e8:d4:d6:78:a3:06:da:69:15:09: - d8:fa:07:09:97:cf:1a:3b:2c:69:b2:58:a2:0b:48: - 4e:37:11:2c:f5:7a:8f:50:e4:40:14:29:28:30:ac: - 0b:b5:0a:1e:60:b4:9a:d4:8d:bc:38:c9:2f:a9:d1: - 35:e7:c9:d4:18:66:1c:15:2d + 00:bf:4b:44:8f:d1:dd:56:18:41:5c:c2:c4:2b:ff: + 28:e6:7f:68:26:d4:0f:08:e6:af:dd:72:28:9b:ec: + 5f:5a:2f:f1:9a:7b:21:0f:c2:01:96:d8:85:32:20: + 5c:c7:91:fb:2d:71:33:d7:dc:81:06:32:2e:e5:ec: + 61:37:8a:0b:0c:23:57:cd:9c:ae:93:79:58:26:1e: + de:26:18:12:52:c3:76:7a:d1:6a:dc:98:67:13:4d: + 73:dc:8f:7f:7b:dc:97:15:dd:eb:6e:0b:54:cc:f7: + ef:db:14:8f:d2:89:47:3e:8c:e7:de:ef:61:34:67: + 10:60:8a:87:13:6d:86:91:9d:8a:92:64:72:5c:ef: + 64:57:b9:0e:91:ea:41:2c:03:e0:67:c7:51:cf:ea: + 09:5a:e9:0e:ba:eb:be:53:10:90:e5:0f:87:33:3b: + e6:53:11:1c:6d:75:34:ea:4a:7c:59:f4:6b:da:82: + 30:4d:f5:72:ad:ae:41:f7:c1:ca:b2:7e:74:a4:45: + bd:2d:80:c5:47:d3:ed:c2:02:fb:d9:85:76:00:3d: + a6:ab:da:2a:ef:a4:c7:d6:74:c4:88:02:63:d5:a0: + 5f:6b:88:ee:bc:df:0f:43:78:8f:62:1a:c6:c8:e5: + 3a:43:aa:75:94:d0:71:15:a4:8a:f9:67:5d:93:93: + bd:78:04:46:39:90:48:22:05:78:17:ec:b9:26:3f: + 4f:7b:a9:e2:79:b3:cf:13:ce:34:9f:3c:7a:8f:a8: + b7:b4:12:39:01:4f:26:44:33:b9:7d:eb:c7:0d:c7: + 1c:d3:c5:52:2b:cb:65:a2:48:b8:c6:b2:e5:17:d3: + df:ed:ef:e9:ea:21:5f:2e:42:23:40:35:7e:97:23: + 28:42:0e:22:25:79:f6:ea:ae:a3:cf:c6:c4:ef:ed: + c3:1f:14:05:5f:66:ab:20:a0:5e:80:11:32:1f:ff: + 69:10:e2:8e:d6:70:e4:97:ab:82:89:37:57:74:43: + 81:e6:85:ca:6e:3b:1d:ae:3f:ca:7f:da:2b:7b:db: + ee:ab:ad:a1:a1:16:38:9c:b6:f2:af:be:b0:19:e1: + 63:14:6f:26:24:f4:a8:3a:04:0e:9a:9c:5a:0a:bd: + 22:91:c4:c3:ab:2f:ea:54:d7:ca:ad:ed:b7:a0:98: + 8a:c8:94:15:ea:13:22:97:29:df:3a:85:4c:80:0d: + ee:3f:d0:66:3d:9c:0f:41:2b:fd:1e:90:f5:8a:fb: + 4c:10:20:3b:91:cc:fc:ab:d8:89:ac:7a:9f:bc:c9: + e4:09:fe:81:ba:53:cf:f5:13:1b:4b:b0:f3:bf:34: + 3d:3d:2c:8c:90:89:d6:37:78:cc:7c:f0:a8:97:08: + ac:ea:f5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: @@ -28,29 +54,66 @@ Certificate: X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Subject Key Identifier: - E8:3F:1A:8B:C2:8A:9C:F9:B4:4F:95:D9:55:29:0C:A5:0B:0E:13:C6 + 76:9F:AA:4D:D1:1E:92:61:23:CE:AE:DC:C3:CD:07:EB:A7:13:43:2F X509v3 Subject Alternative Name: othername:<unsupported> Signature Algorithm: sha1WithRSAEncryption - b5:ab:c2:d5:f8:30:fc:bb:b3:53:c2:42:a0:f1:4d:a0:5c:92: - 1a:c7:dc:01:df:42:6a:d2:c8:79:18:ae:a7:09:8e:ea:1c:97: - 80:93:b1:e3:23:4d:ca:15:f5:f8:c2:d0:38:5d:0d:76:7b:41: - 47:f1:a4:77:26:86:2c:69:2a:5c:86:32:00:09:da:04:3c:d6: - 30:9d:a3:0a:e2:b1:a6:36:2f:ff:3c:80:d6:e7:2a:8b:49:dd: - d8:24:98:7a:15:0a:29:f0:4b:30:ae:73:b5:af:70:7a:3a:b0: - 40:27:a7:4e:74:8c:46:1e:2f:bb:cc:57:63:30:bf:b1:38:81: - 10:bd + 3d:2f:62:54:90:6a:d1:f1:93:cc:21:b6:45:d2:d8:d3:ae:c8: + c4:63:6d:9a:25:a1:c3:33:3a:c0:90:ea:ac:4b:67:a4:af:dd: + 75:3f:03:13:44:a9:7e:5a:9e:3b:6f:df:06:d0:6d:ae:bf:fc: + bf:23:b0:5e:c9:1b:98:d1:e6:6c:20:83:48:2f:b1:8d:ef:c1: + 33:fd:d1:7f:d0:ca:03:9a:e4:3a:42:17:0d:e6:40:25:2f:f3: + 80:83:36:c4:cc:8e:4b:7b:90:9d:22:ca:83:c1:a3:d0:c9:13: + af:b4:a6:d7:d9:3b:be:fd:d1:5a:da:71:f8:6e:18:c8:8e:82: + d0:b8:a6:de:58:c8:9b:8f:c1:20:ab:81:a8:3b:29:81:2d:cb: + a2:f3:b2:9b:81:7d:78:c6:55:ed:05:75:7f:4c:64:6b:fe:00: + e7:2b:6e:17:d5:32:de:e1:1d:33:f6:ce:89:4b:c6:be:92:54: + f7:16:ea:91:b7:af:46:80:41:8f:6c:47:d6:07:d7:62:34:1b: + 7c:69:e8:6c:ac:6f:39:b2:3c:60:cd:b3:89:95:3a:9e:ef:75: + fa:b1:ad:b4:bc:89:69:1c:69:53:dd:94:25:93:7c:64:56:75: + 0a:a9:8d:2b:6d:ed:9c:e7:cf:9a:ad:02:ca:79:f4:fa:59:4e: + 51:33:c3:f9:4d:a6:35:62:50:e7:f3:2d:aa:32:b3:60:2f:1e: + e3:71:6b:78:98:f7:9f:fe:0f:0f:f1:a5:6a:4f:f7:01:22:52: + 60:6b:62:b5:5b:15:6d:4f:41:e0:23:a0:43:45:39:70:f3:a0: + bd:30:14:63:01:01:f4:1f:fb:65:43:c8:99:57:aa:47:2d:53: + 0c:f6:c2:65:f3:1a:64:69:67:f3:7b:b1:2f:0f:c1:e8:a2:5e: + 78:bd:df:a6:d8:3e:ce:6a:fc:bb:c6:14:a1:6b:de:fa:47:5d: + ce:6a:24:60:da:1b:5d:fd:c1:5f:27:34:a2:b6:dc:bb:e5:f4: + cb:14:88:e6:66:e7:49:e8:a0:22:49:da:af:1a:30:f6:ac:a7: + 99:56:5e:b4:b0:19:71:67:59:cd:0d:67:4b:82:54:0d:c9:88: + cb:ea:36:7f:60:d5:df:8a:74:78:25:2a:b5:ca:89:ac:9a:0b: + bc:a4:25:f9:38:c0:13:58:1b:5c:60:0a:b7:9c:74:de:b1:7b: + e2:5e:1d:85:50:e0:69:22:c5:2f:e1:1a:1c:ca:cd:a7:ab:0d: + a2:ce:f1:88:92:68:10:fa:1d:ca:f4:62:6d:cd:8b:1b:72:2f: + 67:a1:b6:f6:ef:b9:f1:e8:bd:42:54:d8:4b:e0:8b:9b:6d:2d: + 1c:ca:c3:eb:79:5c:d7:00 -----BEGIN CERTIFICATE----- -MIICMTCCAZqgAwIBAgIBBjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw -OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA5MDQyNjIwMjk0MFoXDTE5 -MDQyNDIwMjk0MFowHjELMAkGA1UEBhMCU0UxDzANBgNVBAMMBnBraW5pdDCBnzAN -BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAskdC3Eb4lONmK/kmFFZBaOF6BM1VRa7g -qEiAM1j8hk/oZ2KJ99S60buaaoMbTgG1fJ6y0r+EIZhYHbZN+q/y5ejU1nijBtpp -FQnY+gcJl88aOyxpsliiC0hONxEs9XqPUORAFCkoMKwLtQoeYLSa1I28OMkvqdE1 -58nUGGYcFS0CAwEAAaNzMHEwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0O -BBYEFOg/GovCipz5tE+V2VUpDKULDhPGMDgGA1UdEQQxMC+gLQYGKwYBBQICoCMw -IaANGwtURVNULkg1TC5TRaEQMA6gAwIBAaEHMAUbA2JhcjANBgkqhkiG9w0BAQUF -AAOBgQC1q8LV+DD8u7NTwkKg8U2gXJIax9wB30Jq0sh5GK6nCY7qHJeAk7HjI03K -FfX4wtA4XQ12e0FH8aR3JoYsaSpchjIACdoEPNYwnaMK4rGmNi//PIDW5yqLSd3Y -JJh6FQop8EswrnO1r3B6OrBAJ6dOdIxGHi+7zFdjML+xOIEQvQ== +MIIFNjCCAx6gAwIBAgIBBjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw +OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTE5MDUyMzE1MDUxNVoXDTM4 +MDExNjE1MDUxNVowHjELMAkGA1UEBhMCU0UxDzANBgNVBAMMBnBraW5pdDCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL9LRI/R3VYYQVzCxCv/KOZ/aCbU +Dwjmr91yKJvsX1ov8Zp7IQ/CAZbYhTIgXMeR+y1xM9fcgQYyLuXsYTeKCwwjV82c +rpN5WCYe3iYYElLDdnrRatyYZxNNc9yPf3vclxXd624LVMz379sUj9KJRz6M597v +YTRnEGCKhxNthpGdipJkclzvZFe5DpHqQSwD4GfHUc/qCVrpDrrrvlMQkOUPhzM7 +5lMRHG11NOpKfFn0a9qCME31cq2uQffByrJ+dKRFvS2AxUfT7cIC+9mFdgA9pqva +Ku+kx9Z0xIgCY9WgX2uI7rzfD0N4j2IaxsjlOkOqdZTQcRWkivlnXZOTvXgERjmQ +SCIFeBfsuSY/T3up4nmzzxPONJ88eo+ot7QSOQFPJkQzuX3rxw3HHNPFUivLZaJI +uMay5RfT3+3v6eohXy5CI0A1fpcjKEIOIiV59uquo8/GxO/twx8UBV9mqyCgXoAR +Mh//aRDijtZw5Jergok3V3RDgeaFym47Ha4/yn/aK3vb7qutoaEWOJy28q++sBnh +YxRvJiT0qDoEDpqcWgq9IpHEw6sv6lTXyq3tt6CYisiUFeoTIpcp3zqFTIAN7j/Q +Zj2cD0Er/R6Q9Yr7TBAgO5HM/KvYiax6n7zJ5An+gbpTz/UTG0uw8780PT0sjJCJ +1jd4zHzwqJcIrOr1AgMBAAGjczBxMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMB0G +A1UdDgQWBBR2n6pN0R6SYSPOrtzDzQfrpxNDLzA4BgNVHREEMTAvoC0GBisGAQUC +AqAjMCGgDRsLVEVTVC5INUwuU0WhEDAOoAMCAQGhBzAFGwNiYXIwDQYJKoZIhvcN +AQEFBQADggIBAD0vYlSQatHxk8whtkXS2NOuyMRjbZolocMzOsCQ6qxLZ6Sv3XU/ +AxNEqX5anjtv3wbQba6//L8jsF7JG5jR5mwgg0gvsY3vwTP90X/QygOa5DpCFw3m +QCUv84CDNsTMjkt7kJ0iyoPBo9DJE6+0ptfZO7790VracfhuGMiOgtC4pt5YyJuP +wSCrgag7KYEty6LzspuBfXjGVe0FdX9MZGv+AOcrbhfVMt7hHTP2zolLxr6SVPcW +6pG3r0aAQY9sR9YH12I0G3xp6GysbzmyPGDNs4mVOp7vdfqxrbS8iWkcaVPdlCWT +fGRWdQqpjStt7Zznz5qtAsp59PpZTlEzw/lNpjViUOfzLaoys2AvHuNxa3iY95/+ +Dw/xpWpP9wEiUmBrYrVbFW1PQeAjoENFOXDzoL0wFGMBAfQf+2VDyJlXqkctUwz2 +wmXzGmRpZ/N7sS8PweiiXni936bYPs5q/LvGFKFr3vpHXc5qJGDaG139wV8nNKK2 +3Lvl9MsUiOZm50nooCJJ2q8aMPasp5lWXrSwGXFnWc0NZ0uCVA3JiMvqNn9g1d+K +dHglKrXKiayaC7ykJfk4wBNYG1xgCrecdN6xe+JeHYVQ4GkixS/hGhzKzaerDaLO +8YiSaBD6Hcr0Ym3NixtyL2ehtvbvufHovUJU2Evgi5ttLRzKw+t5XNcA -----END CERTIFICATE----- diff --git a/lib/hx509/data/pkinit.key b/lib/hx509/data/pkinit.key index 63b4476ca396..804b7dc77d64 100644 --- a/lib/hx509/data/pkinit.key +++ b/lib/hx509/data/pkinit.key @@ -1,16 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALJHQtxG+JTjZiv5 -JhRWQWjhegTNVUWu4KhIgDNY/IZP6GdiiffUutG7mmqDG04BtXyestK/hCGYWB22 -Tfqv8uXo1NZ4owbaaRUJ2PoHCZfPGjssabJYogtITjcRLPV6j1DkQBQpKDCsC7UK -HmC0mtSNvDjJL6nRNefJ1BhmHBUtAgMBAAECgYBKqzAkxJDvA0NS3ZqGYA4rWGzb -wAicE//CXANd/kJeGu/TBWGV7IKGv5WQUPNJu8uAs5NgU5iK3ZzibO3CNpl74KZq -JALQXVbLmOVNpiL8V4dfWxwPBFFzjcrUi0OEVrM0srXghDBRfuNtaf93IXoW32W3 -4S8KgFfV/bDAWv5VfQJBAOS6bQBtcEGSUPILJzwPvvFNF5OvX/R98PrHjX01aSPW -j0B1WMi7sceRDdyE/dV4gGwW7mEftLAogg8HSftaa5MCQQDHiO5/R3aktb3pl7ms -PVZ1xwgF9sPVdiq0p1RhbT3YijktSRVuf7YCb6nqhmC6Il88D9LJg7XTzHkpNUx5 -j3Q/AkEA4cTGbQKZKJA1SAUMUDO2pNYUrJkSHPHnWJJ6rZl304Eo21Y5McJbBALA -7Od06i5MjOTBnaq/HpaNcioes3UX8wJADQpC4+iMtWj3N1vmE36StvHB8XnWBI5L -bjD9T7yu7Qbjg7UiBG2uPGyFw0Dy81cpuCgkk2zbJjNXu7yy+cLJSwJAQ6ZxX3ri -E8Kvc07rFKfrLw1/37MqIbMhEvuneSrsS7GdTcaTGP4vqM9a6GQmVrg/gzGo8Wpe -geynyqwNsSPReQ== +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC/S0SP0d1WGEFc +wsQr/yjmf2gm1A8I5q/dciib7F9aL/GaeyEPwgGW2IUyIFzHkfstcTPX3IEGMi7l +7GE3igsMI1fNnK6TeVgmHt4mGBJSw3Z60WrcmGcTTXPcj3973JcV3etuC1TM9+/b +FI/SiUc+jOfe72E0ZxBgiocTbYaRnYqSZHJc72RXuQ6R6kEsA+Bnx1HP6gla6Q66 +675TEJDlD4czO+ZTERxtdTTqSnxZ9GvagjBN9XKtrkH3wcqyfnSkRb0tgMVH0+3C +AvvZhXYAPaar2irvpMfWdMSIAmPVoF9riO683w9DeI9iGsbI5TpDqnWU0HEVpIr5 +Z12Tk714BEY5kEgiBXgX7LkmP097qeJ5s88TzjSfPHqPqLe0EjkBTyZEM7l968cN +xxzTxVIry2WiSLjGsuUX09/t7+nqIV8uQiNANX6XIyhCDiIlefbqrqPPxsTv7cMf +FAVfZqsgoF6AETIf/2kQ4o7WcOSXq4KJN1d0Q4HmhcpuOx2uP8p/2it72+6rraGh +FjictvKvvrAZ4WMUbyYk9Kg6BA6anFoKvSKRxMOrL+pU18qt7begmIrIlBXqEyKX +Kd86hUyADe4/0GY9nA9BK/0ekPWK+0wQIDuRzPyr2Imsep+8yeQJ/oG6U8/1ExtL +sPO/ND09LIyQidY3eMx88KiXCKzq9QIDAQABAoICAQC0fcQ3HwEEFua1K2AFUz+4 +HEadPEDjWSZefzQpyqE9azc/VyYexCLTvYAPh9GCzA5/FeygpAFpYzg04Q/pY2qB +DWfvLQLbSwcNENryfovrY1oLEEUP1wyKfe3wEcVrjPtROo7EyhQ9QUMjJwd80uJR +9olhI+RHmWcucAZ7IkBybH8vGW9+mLHIw2cn7iuH6DB4OuzKjDw/dt7bJ0vw/BR6 +zGf4w2/SuLZl4M0IszcZeTG6flQteoW1slGz/znNqNtNlC+nG3UJDMGs6TvQRcjM ++V6lj7grXQLhKlO1MOwZyLO/tvfrZVv1gW9oVXNyYjbTWaaPvwy0Kwilwg3dDO0b +CvBGS8c9PtxkUnU9ZCjkA7rmE/Nr2r78bhhMkBZs38w/MTYDUadmjhIxjnjaNu+3 +pV/kOLn8h0ZDCsLCJXUNAbcqwlz2IEDPFIYzW47+agMM21Y41um1lfLXOFcZ/61I +vStquOwqyhciydomWyyaT0oyu1QPSaKwuVFYTBMn5fUfP3oYEehaN2VEcQaMCHt9 +OxiiXapiNEF1p4Rf+mt80yFxDhWrM7/VxDxHkS64HpULweW+/zx1J7l+Leqn8rGC +k2puihHSAGnZ+thSnIkiimIfnijdUGRb09y5mQJoIm/pGopPTz8e6jag84a3tm7J +08NBhWDMVMk25a6TOsl3AQKCAQEA3v5gi9C8bMcjEipI3fbgQ2mz18CzFFsIdSaE +qvPyEZ07G6vRZg+i3Z0vOMaSiIr9nKmXIAPInpeCn4n55aJRktO5OxmF2F7qjVt+ +uEm2TPDrrkIILqT8/pINN6R7onwOcKlIb0gfyK7FyCYgjbtQlNjou0b/5CGq8qw0 +Y2E6htBPAtyXEIU8ozW/vnsMSqHsxHZKyzzHZRL8Ii1jjdXCJioKnWn36cLZrZml +jxlgoh/4p+Jr0+otpQCJCzYjTuKmmOBlkEjoVe5yunD68O7VZWA5N8lb8t/2g6hq +TS1kYZRlPnmtBi+iQUVbtx1eOpRXQA6YcZnyS4thY5VWj0MBZQKCAQEA25u8ODF6 +AZM33Chs9zQ9nmpsrCzZUq+2Wpv8HmzQbvWQ/OzGqgxi7GlLoi6sevxX+a2t9Qfn +I3oaV5Fd1zZQT5mH9zlzoZp8QfwXgI9yTTF8tvFFUAMmMFHz9P5U9WLrILyvsMob +i31y04uRe666YRSx7ra0mf1o6m4WezwQIGPOF3jsug4npuG86v7fRNrp/53bpV+V +EGsvJN+oHZQ1t2QhYNLPXw5br1EMwjunn9P1JZfynS6VLrKQ2KiA2/1+F55ppA1i +thtl4ZlU1nF1XkK0YR3KPYfzFSeujhtiZ/rPFW7226rUgvRP0N6YfvT08xyO639Y +8VnERKtI6gjyUQKCAQAFnT3tBzpXOsRFRs9C115aFCU0/2MC1i/mUyvv6ehkTSMZ +1T+WZDpjffucYFN8IJO2CAcIBVBdvc7KGX0zLN0E51O4izH1ep5JJM6R8TknwsEM +SBlQo1LDTgYLKpb6RklOyNRMCPLT6KKOIXecWeTzemqRnH4AzmAxb+h5wA7rKf9z +QP6EqfYW3dmQACUVE/KUF65WY5dZkhrK+X2SKpmSwGg4Alz9g6xbVIz4h1kJe+iU +wXyZf0Ha76KDp79H0ykCnFOySEOhNjmpPAL1Ye35eWy3XNh1yvG36tuSSdxHIKdT +5VhX2YcqQYbHm3Ot4eI4eKWZ5phVEpNHIJFnVfaJAoIBAQCWAbT5tWIffU4kxkBY +Q4jrksqUeTYhcwDet7nplm5xvK/C9IFnWnqf/fS53aPXhlMZq3ct7q4F37vqoNM2 +1FTbaoYja0z+0CWcdPQgzttGu0zzMa8kzmHhk7lOWgPychUmEXz5B7T0/UXYFnfT +wjBxa892vbpzjVOC/pvApfBmD4aRJfqdxFl1drCy3FHqGJbKEiwctEOAKZbUWync +uoZOtMjP+G/KAGbERFqwukrvs7q6aSZCE7W3ZiXmuIL8whTFUWHbu4D335MiHLiE +mo+PSYUo6U5h5WE3zBlB3JbFa97URy28Mt5ibTuv8ry7y9sdzR4a4qwAgE6+kTmH +E4FhAoIBAQCqpFY8FPwJkDDe194tARJYXVdgvZhIcL0IP+lbNxAid+vmd1405fpx +W4qoSHTn5aL1Vuo0qMudoUdzvHyB0fWHlVnWHhWlstkSMTMnl5DU7xhp5MP2ALXL +LO73drcWe3r2NPYxOPWMzVvFd8o9WlnEtZ03C7s/DYUD1bWd2Z974b0tpiXNlZu0 +hn0+GgeZzmy8pyHbuyOj6+AW3zCIoIy39V68i13PjVzZKLR5vVLBaba1fZdqhYjk +qHp+tpVdjmF+WgA0ia+hWRKkRGwX+mgi36aRzdjXPDrSxQsnEbp1LvZ80IsXM7jj +60UoyAUhtvNbBCWkTske6/ey/kjJTUD4 -----END PRIVATE KEY----- diff --git a/lib/hx509/data/proxy-level-test.crt b/lib/hx509/data/proxy-level-test.crt index f39e59dc26a8..24e8a8f6742c 100644 --- a/lib/hx509/data/proxy-level-test.crt +++ b/lib/hx509/data/proxy-level-test.crt @@ -1,15 +1,31 @@ -----BEGIN CERTIFICATE----- -MIICUDCCAbmgAwIBAgIJAP6hx2RbgHvrMA0GCSqGSIb3DQEBBQUAMDExCzAJBgNV -BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQxDjAMBgNVBAMMBXByb3h5MB4XDTA5 -MDQyNjIwMjk0MVoXDTE5MDQyNDIwMjk0MVowQTELMAkGA1UEBhMCU0UxEjAQBgNV -BAMMCVRlc3QgY2VydDEOMAwGA1UEAwwFcHJveHkxDjAMBgNVBAMMBWNoaWxkMIGf -MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDtyAgFmdic7J7lrcvnVmANvaRVt7Fo -qYXKocxQjhb/bgzBjrFVqiUxnfsetHCMZlPZaklvicSAKZQvu30LBn9IOdNb+jPt -IFmG5V/AZUW/OAxKQxHtbtJgktgqoGbHGrb0ajPDfM44KaJv1KU0GJJ5+bqY4XOE -WOypDs+Z1iedbwIDAQABo2AwXjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNV -HQ4EFgQUMKTcmVatO/m0g9A9Gbsm3aC33a0wJQYIKwYBBQUHAQ4BAf8EFjAUAgEA -MA8GCCsGAQUFBxUABANmb28wDQYJKoZIhvcNAQEFBQADgYEAhN0C8YaE+sdFfTT4 -3UM8iU6Jx9B/2hi6fXAddf2jaXdW4RpatyMYFryX1098s9dLaFbRpy9GcF8MnsxT -XnhQELdmXmJr8wIbxXukM6dzVi5JwY3RY83TR2ZJcRk7Mblb81rHePhstfsd2vcr -AX37v1VJq9L6fJE4K6zayMjbrLM= +MIIFVTCCAz2gAwIBAgIJAOXO+qv/iXxEMA0GCSqGSIb3DQEBCwUAMDExCzAJBgNV +BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQxDjAMBgNVBAMMBXByb3h5MB4XDTE5 +MDUyMzE1MDUyNFoXDTM4MDExNjE1MDUyNFowQTELMAkGA1UEBhMCU0UxEjAQBgNV +BAMMCVRlc3QgY2VydDEOMAwGA1UEAwwFcHJveHkxDjAMBgNVBAMMBWNoaWxkMIIC +IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArcTnrpY2+DYyaO9DDllOz237 +auNMA2z86fS3monYx0feQ06cCdwA1xLNk/3BlkAsTH+7Q/Z8SGRFyzMKgbt8i97j +lyuLuXxwWK87Tz14S94BK6HIGN9yc4wNtZ8p6l3uaIeTlcEZJpltViEc+I/9kjNg +LK/0+s6OBuSEa6bEXJ5ecPFe7OeaSctN+7CMOS8FQJHFhH6zpq5uCcSnFS7ZxOGK +wdjziJWn7zd3qEc01cWsR7HZrRII31ctbmDxt0suAGfIZaMm8fkCQkH24w/xuNQH +ldH3q2/H7AdWvh6copqY5sxTAfaT9TSzOu9MaH129cz7x31+xMo64YxsUDP0yC9s +fmV3APEGX8Q8PIgs1FJjsknV9F1F78aBFAYTKlBhgMki3Fi+iC64QPfu12sGuzK7 +eoDbtD3Q3p4NpwVeQYZ8972zwhnPTT6tgoh50MaRb6c+5PmSRhKt3QL0aUp+URmY +SAdO8V0BI+exK5/T89Yd9c0uMn+TOUMHc5OEckBi9Fi/oOsYPBahyKAZxcERHdXo ++mZht5kl8mBVbk2hfQl75eUQ9sWvVQxn1uS4x/j4k8mMqLdbXL5keIXGOyA9S28n +IodERwwJdxgJ9JKw5WR4wdqeZJjIUw8qe7Du2FSH6L4eHMYOcS6nXlVM6Vl65nJh +vnqqmW6DQ+L22uBst7sCAwEAAaNgMF4wCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAw +HQYDVR0OBBYEFFjF34ZepMQe/Lgd/kmm+fXkMFhtMCUGCCsGAQUFBwEOAQH/BBYw +FAIBADAPBggrBgEFBQcVAAQDZm9vMA0GCSqGSIb3DQEBCwUAA4ICAQBza0sK8s5r +9PBUTZGQTylDsJgj6+siu6fwEOeUwJpag+9kDbyMHUTnueO4kPbahWdVtx5rwCxg +NqHtHl0g8GwwLJ1wX0e8bi4fNimx08W9b5PnhOzUzbZnUIuwc2q0YL3yp0yfDo5h +2R6BlCz/2AKM7i2PqoOsoctwJs5mE3I5E0AQto0tPaKqB2Z1FyU8ArY+2jrsgQq2 +EGbEeKSavjaIiuq3YQ9zyrZH17Npryw0brDkGBOvi2jANfQbvQJWlL7tklh8j/Xa +61/VAm4wU82P8NGM1LYjxH0Ad46Ca8cUq63Qxa2hb7igdOoUbvlSGNctgtENJPAd +XeUt1/bxjsBTgPo89tg0Hc1UBb/msd6q8/8a7mA69GrHG6yEEVHOQDal92PbP8WU +ajv4vAM0OxOHO3eyWqh1nGlYRmwE6iGtbVZypWgh30mKELjxn1q82+HvrKMAeS+S +4j34v4877EC+EXRPsHw5sGpmTp4eVtuFM87gGtrFLOheGi/2JHBYdgjJkuqPDYoE +0J4U30+xaz0mtY5hSTt6LknMQEOM1REcQ/NBovq/CsMs7vbaoNtfavu+ZSX9AgvU +5SKJ38KFndrV4VZq+hzTOXj3IhfLqSBm1EtbTQO1W8vLIR+SK6Ct0D76P+Ht5Ddg +Z/fMiB95hkiTG72ZnjMTvLn4U9mNFWanTg== -----END CERTIFICATE----- diff --git a/lib/hx509/data/proxy-level-test.key b/lib/hx509/data/proxy-level-test.key index 52ca3805e5c7..e1c99879af1b 100644 --- a/lib/hx509/data/proxy-level-test.key +++ b/lib/hx509/data/proxy-level-test.key @@ -1,16 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAO3ICAWZ2JzsnuWt -y+dWYA29pFW3sWiphcqhzFCOFv9uDMGOsVWqJTGd+x60cIxmU9lqSW+JxIAplC+7 -fQsGf0g501v6M+0gWYblX8BlRb84DEpDEe1u0mCS2CqgZscatvRqM8N8zjgpom/U -pTQYknn5upjhc4RY7KkOz5nWJ51vAgMBAAECgYBRzwSTiL7yHqb8trL0wM8Daz/j -DfRH4itZ8BjvjjNzZlWVMpbotkVdsND5W3Ntmrc2kk75xRiKT8PgOE1pQa8AbL7F -uR1U5itWKbyKCOPA/mzYoh9Pw9IouB4noNFzwDWnilsviV4yshKzKQtjryHPe1ft -RuF7YdGjsweUJriNoQJBAPeP6+fiT2WO/pXiextMhACU2fkgskgi+CFD+z6r8JtP -Kysk5+2PM6iSMm1XkBYxmPbCYMJtzShXnm3X41LgUgMCQQD14sSt9s9rIcT4w01P -oUm5d3MGgLf1khBzUT9VdKqb0ZqmtTBANKmU8GP2jmSguItNRiSbSiyvL3pitoHl -o0ElAkA5XEaLzvsYi/5fGj/t/lejjtnGiJXmcvvNMWQ4jDxOsBRPhdibSY/toho/ -DYfcLJfFrRogUrKzg0G5L8mDPWijAkA1vOjFKGKuhEPbJjvYQmStbwipjCooNlL4 -EPKph4Td5xJIiuLPtXK2hU8jjH07jvmK2uCXO7/GTbcOqdp7yJEtAkEAhFuJnqk8 -7N+TMUouU6DRCioGI6kg3kGPXD2p0dZn2XoTVvluklv9s4cpH5ht7BxKw6flDPqC -ity2FjTxEJ88BQ== +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCtxOeuljb4NjJo +70MOWU7Pbftq40wDbPzp9LeaidjHR95DTpwJ3ADXEs2T/cGWQCxMf7tD9nxIZEXL +MwqBu3yL3uOXK4u5fHBYrztPPXhL3gErocgY33JzjA21nynqXe5oh5OVwRkmmW1W +IRz4j/2SM2Asr/T6zo4G5IRrpsRcnl5w8V7s55pJy037sIw5LwVAkcWEfrOmrm4J +xKcVLtnE4YrB2POIlafvN3eoRzTVxaxHsdmtEgjfVy1uYPG3Sy4AZ8hloybx+QJC +QfbjD/G41AeV0ferb8fsB1a+HpyimpjmzFMB9pP1NLM670xofXb1zPvHfX7Eyjrh +jGxQM/TIL2x+ZXcA8QZfxDw8iCzUUmOySdX0XUXvxoEUBhMqUGGAySLcWL6ILrhA +9+7Xawa7Mrt6gNu0PdDeng2nBV5Bhnz3vbPCGc9NPq2CiHnQxpFvpz7k+ZJGEq3d +AvRpSn5RGZhIB07xXQEj57Ern9Pz1h31zS4yf5M5Qwdzk4RyQGL0WL+g6xg8FqHI +oBnFwREd1ej6ZmG3mSXyYFVuTaF9CXvl5RD2xa9VDGfW5LjH+PiTyYyot1tcvmR4 +hcY7ID1Lbycih0RHDAl3GAn0krDlZHjB2p5kmMhTDyp7sO7YVIfovh4cxg5xLqde +VUzpWXrmcmG+eqqZboND4vba4Gy3uwIDAQABAoICAGTtlieIZhsa14KtXYRLCQRf +/ASkSnU+61Mz6SRgZkGxE36CfQ0Y9H/3EuKfI76SPWidU/ZwhtVBMGyKk9KwQ/G1 +nvkhuMEebt6DwO4QZPuj0Yg3KlKQDhjgwuG3tY/DyQJ7pJP5mRMbUC8TgpE4iO5O +2tB5zs+SA1orhmJEdY7aCT6OYzU0fB/absv+SiO4lNNhF5kSQmRQsecIioc6NBAv +c/mNej3dtrGxxNU/rodvjdYCjc0BSZf3OZL/ycVNbEWeAf5OmgM3P0GesLhHfX19 +4X36e2Dexv7ncFFy1EV5h8+d46SjRGLKnkNf1EBohxzTV3YSBPxl/XcdqZeX5dce +Q6CYwtjv8tHFqx5vuo5hgwkssbDMqgdPaNFANCJHEVAFj/xPIa7wi4hnSeJCuGXs +ts7prLqW4thnqd37kT0L1KToKiUVjxf8e1Yn4WiApfjqk77GkmTr7hZ5JWTuRu4e +dMIdjWtF95NIEz3/wJVRlPOofpNTmIA//8btzNMOTSiC4P3DuwmGdGwwMwNEQFYZ +n5YeS3+9AN/NeZ9m06eSQ1TRRogA5Unz9o7X2wzOdcB5luNsEIq97IlvTKFK6a+M +ddt99ExDf8RzWnDQxad/FgcdoBn8u2xfe3eFjGMs++E6BBHy0T2TMcMEfr/S4qhj +g83I2xhAxa3TvJCcrZuZAoIBAQDjoE1eCqsSPOzsBYVDFzgjMAvPLuOWXGjCmjmd +2bvUTEKxvucMFKYssNp/GvPH/fwPrNhTewnC7RANZmJ82rsKKk8cYIvb/TTS4LvD +ILsfaFpakjJ/+vuDqNSwzZLHkwlggDxbs44dydET+jGd4yoQkDI3ZrKI5isy80E7 +EvlgZjX8p6wFPi47YtTFUfiI8oNi3e7RSmT9AZe8o9blaE+0SBQTETu+rWGhNDSQ +JWEid3yZZ85KQd/EO8AS9OUub1tF8dk+J75wXueTwqffEzFOvCgNlEiECQvqRx/v +Bk85hFI3JIL71nsC/gaCRBMHjBtFwnqF3GjVm7FCBYaQxbAVAoIBAQDDbf2avR2R +LZqupSigX8vrnbRLdjkKCfoyeVApMtgf/SwFbwrcMGjIPCJOHq9KG3jsdLhM5Rsz +BR2T33y4dQxcGN6hE2udoqhtSLaipe60xq5UtPlDhKN44TleAmZH+qiJ1D5dJUWQ +v5c2bP2bDWyXTUJ5yyjeijf97wompoeCKSAXlEUqqPiMGINPAaSkus28scZb+bKF ++J7YcAwP0ztSc9FAVR7NNv6fGQKBtBpCgLG4eIlaP6maeBV0TbeE0gtRIITMo+uB +asOvMZGkQki8n1nWrOmdf1icRUrzYyPtUlqO4BJUM3raEUL166B8dekbjUsYGc8N +yppK8ytz/OyPAoIBAQCZodM2Gss1xws9jchQ7PYFweLmlkYjcQF//unOYWvFsSb+ +otN8st8poMAIM9+/5uvehJGJXqzK9If2E1l73YGKLd4xT/R1qWOixO3VmFzTqPH6 +2VveRz7EsQnEvytHKjWU/Vg/qGPONS25Zw9f+jek8D4EaHstrPQRMl+fiIHqD3J2 +sZCIBVzc1iq3d0jg3ZXR/+q1NZoNraqFNqvPMGVDT7bE28fQPWN8kyi69Y+m3LCr +NYXlVqq53n4YDVQ10BDxl3dB3T9KxrNUZng5NtH7y0DZUXDUNOrm19R01nRYZLe8 +4hbJ9QwXi+5Gs72IRYcOwWFCwe275pZv8hzNz6+1AoIBADoeYcc86qgcKd46W8Sl ++J0Pf2jZtcjYgsGz9jTqW//XaNoM1ev5sY+q4oDc+0BMvz+CzrR/hgE8SjmJwyuQ +E6bn9n1sqxpsHy6w6y+frUextnKWh3Ke5YazZD4i9Iv/bVPf/NPym6eacrvK2fjc +myi730MdOgBElrY7+obYC4CX/mVEwPUY3yG6wIIkePRMYZb2P4lmzsKs14CCgfPK +299/dgFtzwU0j7B83ZP5Hb4dS70Si7Z9LFE12RuHaUZkuNzdkODS9ty8BYn6cdep +prwBn9QKBEfEcXO337xWBX80eJ344TqNPMHRVFqSQl4BKtv4vxZhxoPRduVHP+r0 +kt0CggEBAJ+hD8bH6oxb4eCueAA708S88b/6xrULe7Dmt2wcADJMZS4z9bnkc6TD +INu8RpeLUivji2qRuURrFVBRm4wL1aX1T/MxFoKkWPvp3dR0oA6qfw6KGeEpOtzw +umneJvAumlfD4Nr6HMYGRpi12FxfhHCYfTmo1l6VSR9Wa4vtDkecqp7hddPYsL/+ +AMyTPnvimlXJEwU1O760wU1zXFKqhP85zY4GOxPS3QG6pyTSC1zpAk49IRo2CXzH +eOHc7c/DLtJRfKCCWMm8zedEgTC37OZgcbHw3OwYUr+N58xihN9DhvZVBxmxm0eI +FcKB1ity0sQYMAUGvDAqSodhrsSjn6o= -----END PRIVATE KEY----- diff --git a/lib/hx509/data/proxy-test.crt b/lib/hx509/data/proxy-test.crt index 9774ed2ad52b..a0d7f9862d73 100644 --- a/lib/hx509/data/proxy-test.crt +++ b/lib/hx509/data/proxy-test.crt @@ -1,14 +1,30 @@ -----BEGIN CERTIFICATE----- -MIICMDCCAZmgAwIBAgIJAMJEvwnR1+3UMA0GCSqGSIb3DQEBBQUAMCExCzAJBgNV -BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQwHhcNMDkwNDI2MjAyOTQxWhcNMTkw -NDI0MjAyOTQxWjAxMQswCQYDVQQGEwJTRTESMBAGA1UEAwwJVGVzdCBjZXJ0MQ4w -DAYDVQQDDAVwcm94eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxxP4tpnb -qS5NjzDgrujdZovK/FHnlgO2Kjha1LQpTLDPwQh4zoymu9Hi/HzYTzdBCwA+auMY -vog4EE5hIgpbXFlnSP8gFmQvE2evPBf7Y1O2oK0xEih4/7D2oFikQ+QWHfy92EUm -mDe7fjkx5ipF+qwOSLU+YuG07+ltXW7XH8UCAwEAAaNgMF4wCQYDVR0TBAIwADAL -BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFM1/xN3+Jz4m3NYEctNo8Y9CnopqMCUGCCsG -AQUFBwEOAQH/BBYwFAIBADAPBggrBgEFBQcVAAQDZm9vMA0GCSqGSIb3DQEBBQUA -A4GBAB06t/tkcci9IFnSnmogi3LEare/aVkAxbfWHoFBRCZOyat/K7moDsPng6a1 -v1DZY0LqgVDL4DCyTKXxAbN9352cca5spmnNKWegCSA9UJXGCTNtIJCPA/x4PO8C -nhAAaxERYu123XhRZ8HhRM6t7uGiyLkAX3JFcWvPhAbWjNbo +MIIFNTCCAx2gAwIBAgIJAKQmPUkmhyKnMA0GCSqGSIb3DQEBCwUAMCExCzAJBgNV +BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQwHhcNMTkwNTIzMTUwNTIxWhcNMzgw +MTE2MTUwNTIxWjAxMQswCQYDVQQGEwJTRTESMBAGA1UEAwwJVGVzdCBjZXJ0MQ4w +DAYDVQQDDAVwcm94eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMIM +AgaAGNSDMgLYghbdvgtiyY4FoxSi2aJ02jC4Ji+QLWW0V9iWOW1IRNyEYRHX3AhE +1lX+zousMm9Yni6NEtNUERvaN/9hLGJzBQMIH5grWKU4AsUZKFLAa1P/DiLh+U7I +Blj2YESWh8BFnnfrMA2r94CYQmDCZyXL5xX5d75U5Y14isAUvthC9mbhhROu75C7 +OO2YFgMwDp0mlL02vp7z3NhbWqDxak+09LLuNwqy2H+E+qFou7mUNm1NP9dlUaYS +tKkk6QaRe6X7tO09mYHMx5AnhsH3NU7hc8nBPIDbToRHaEXzW8gtXukXUa3KwvSq +blqk0pWU3v/VV2Huwu4yfrzkL/Eb9Fyw6mlAP6Tui2lnqveb6xBPmyGr2UJ/pDfo +Nd1SNKE8kfwD2MK57xwSa8unVDUQYguCs9LhdJFZ52Cb6UtfffR8OlFuzA8I7BWt +0/Hh1lUIhTcvS6UaO3jP/7RmqmCwA6/9I5zAIh1bjSzpkJQLpEyPou9Ro+MarUOt +YSDK1Xq5LTYiP1hZqhOkhtU9XLCCsRd5sDYHo1IsTPLLBRdU+NYjlP4qrCuZHKEM +fLVSsMk/S8+W4nA/WrqZe+KIbgoxrQ2Zm4wTzdZWZC3ZEvF+IUjrm+nuXWTa/NBu +fFo8OB5waYS0jrWm27FkPfZwtcWQHpjxdf9YlsifAgMBAAGjYDBeMAkGA1UdEwQC +MAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTZHxVeBpBui9FNbSHOWqtVj8r98TAl +BggrBgEFBQcBDgEB/wQWMBQCAQAwDwYIKwYBBQUHFQAEA2ZvbzANBgkqhkiG9w0B +AQsFAAOCAgEAXHVRH3wJdrTjJV0ywc1rrI1cH1itMOqzvZtbLUgMEJQuRRnRVHys +ZG8HxNeesfTiHAH635GeJh66rCbxmJWqczLUoTib/GRO3o+NbtcvAyEpT9SXD201 +x9tVUhEb0lBmZDpnvpfaC7MF3tS/PXMurlFV5xxFRG+xRbUo7+EAQfCEuADgdlRv +v75YrH5ShohTk5nP2SxYu6NLNqvawIb7a/GRCwD585FklQydJjPlYgPcbFW7FXBz +nopYKJriBJdttirZ2DW0HrZyjF5FNpGIEUOxkvYoiqTOTqOhTOrm1sziS3S0DbfT +eoMXIIV8vcFykmSh9ri/k+RKnznje6he7bt0yV3Fb+e/YnAdlxLVPCULWHS6IZtA +g8SZ6m0pKQByH/yF3dSEzLCP9XyNUybwPIbLXq0LVII46CtjNiAIgFSDDtQ11tS2 +Ja/rhsUsSE1eRggTXSPrYSB2D5J+j5zcT35nqmlTm4ZGuG05T/yh6c6UCwA7hXmj +YJxo+1BR+pNl6Q83mvPDKnZ7qkZdxCnuxkPEShatf5ntAxVVZPsfTbDwwkcMSCJA +Wvp2/2Ss6rv2o7+vs2AbygXdF9H7QmOkJj1TgDKwDTkFOLvgggMHZOSZBef8Tluh +gaX5p1Zxb9fvAhkTiSdTuos1YMPuu2zeQTmWXJqtjpGBJQBnDTA3b9k= -----END CERTIFICATE----- diff --git a/lib/hx509/data/proxy-test.key b/lib/hx509/data/proxy-test.key index e03895d43eee..a94127e88f68 100644 --- a/lib/hx509/data/proxy-test.key +++ b/lib/hx509/data/proxy-test.key @@ -1,16 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMcT+LaZ26kuTY8w -4K7o3WaLyvxR55YDtio4WtS0KUywz8EIeM6MprvR4vx82E83QQsAPmrjGL6IOBBO -YSIKW1xZZ0j/IBZkLxNnrzwX+2NTtqCtMRIoeP+w9qBYpEPkFh38vdhFJpg3u345 -MeYqRfqsDki1PmLhtO/pbV1u1x/FAgMBAAECgYBQoyRRQo0ZQComYBQChUx45xL3 -lW2K9EHrZBxWoAtChzP/6qCUeaBn36Jjx2YO4EC2ZgjiXs59Dsw2vqjVkwBh9ujA -F14krPR0OpCnj3mFyz0CqbZUjB8tvKtGe5Bm5JkwITDIXO+mXacdQ/Mpa2cVDqk6 -D4XxuCU7V8Ft14stQQJBAONXnrKlLa3UmdOdDArj0ZQLQdzWKN5bW+tzRcV3kVyh -xc7yPHlcPtp+lK9CX+nZkjCj/5e2C6fs+dKfEZPOiO0CQQDgLEI0RbbdCGVp0soK -HIOQsngSwGrvKN3FFDqMyC/eEqW6t/p64VOzUnKBvAOh/jI6vgE0heEXHNl5/ivU -T885AkBhATYaDBkdnyW0AcLtsp/uh48m58qwdlMWeC1BQO+pku2QjBP5xL6dBH30 -+mFqqweR8ahR17/Je3htwqoBY5NRAkEAimjJN50TmsVkWEJdnICeeui2Wl2TqLaC -tvwWanXvmB3LVc3iSZx2IXH2YUPEunBIcxx9ggBnSe32GOxmA2CDgQJBAJqJ+Ucx -Oc6FYER8gb+yg8eV0IsSrshS2Zq1+vJV6Xnbm6mmkANYIydknqm52hef4hW0al8A -46U7qh5s6EESzkc= +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDCDAIGgBjUgzIC +2IIW3b4LYsmOBaMUotmidNowuCYvkC1ltFfYljltSETchGER19wIRNZV/s6LrDJv +WJ4ujRLTVBEb2jf/YSxicwUDCB+YK1ilOALFGShSwGtT/w4i4flOyAZY9mBElofA +RZ536zANq/eAmEJgwmcly+cV+Xe+VOWNeIrAFL7YQvZm4YUTru+QuzjtmBYDMA6d +JpS9Nr6e89zYW1qg8WpPtPSy7jcKsth/hPqhaLu5lDZtTT/XZVGmErSpJOkGkXul ++7TtPZmBzMeQJ4bB9zVO4XPJwTyA206ER2hF81vILV7pF1GtysL0qm5apNKVlN7/ +1Vdh7sLuMn685C/xG/RcsOppQD+k7otpZ6r3m+sQT5shq9lCf6Q36DXdUjShPJH8 +A9jCue8cEmvLp1Q1EGILgrPS4XSRWedgm+lLX330fDpRbswPCOwVrdPx4dZVCIU3 +L0ulGjt4z/+0ZqpgsAOv/SOcwCIdW40s6ZCUC6RMj6LvUaPjGq1DrWEgytV6uS02 +Ij9YWaoTpIbVPVywgrEXebA2B6NSLEzyywUXVPjWI5T+KqwrmRyhDHy1UrDJP0vP +luJwP1q6mXviiG4KMa0NmZuME83WVmQt2RLxfiFI65vp7l1k2vzQbnxaPDgecGmE +tI61ptuxZD32cLXFkB6Y8XX/WJbInwIDAQABAoICADcofKbmYKh/xoaCjq/7Rhss +cIibV5j1FZIVTzRMFCavAAiJ8/KP+TD0OwbH5mPRDS2Yi6iULpgLUabO9N/cn/5M +RjS5mfNQ5vHxKfqLo5d4stD8E+V82jZzlc6hkJ4fx+M5/nvpRMIaW+oun/YMd3Nb +b5YxMaUZfYKD7GMVr5D9xuao3h/thbYpiqsB7fcDYfutDGiVM6SiU3UeU2dZmWPL +g/pINYHMPeD8WhZGmoTDA8Fzxl59S+dblwEI1V3f4g6oAIyX/lksn4419178hJcd +45g5dBfMsm2CrowqDo2+SRpWxfAkVfGX3AO76i7RlQtBKu8/LNDyKVVlilo/KU9X +eFstgoWDaux1ffezj2pkxa37wEaQIlPTrxTBZDB/ZO0+JMzvbmchLzBn4fY+1sXs +CnPdAA+Ls1UQMCGn4jfdIS1B2oBrA58sQ15YX4o7El1NvAQ5CbAOob6Y7TfpWhgR +2FKOxaRuK5Ep4rFY6bAKrSMigti+PGb1xx4E12hondwuEl15s1rIyB0/qjNQy4/D +VVjujBFBbPkexI9UQOzzh3bXSfYNtYiSAEqpbp9aYiK2fKMIE+pjWivXaJH3Th61 +bxKZwIsMBBcNa/S9VPiAFL5hIab+WVueI51M9o+eWYIADPq8SgyTqCryQpEyKDic +UQgM8EMSYnbttvKPE7x5AoIBAQDh4Gynf/FuZ2fbidv5UrnondQerFNfpCgco3gl +dwKIWfsT/MRrCsv7Q0j0gOZ8C3RjkXzM7+ySTNuGki+XML4B60k7Vj2m/Q1nHffp +nZUzY8PYctt2GsKnf1vi3X8NN8DsIHi/rFZu10ots5WGRnx4aqogZ0e9C0e5QaFL +TwxKAYre/brg4zHorgkRCKQFyJkDJcupgUFbgCZvqF1RdbUzQFsJWHci1X5JFSxM +FDnj7nOm3Eu7cjOMiL60+xHFLoePAISGc4XJvz8sWZdB04yZ+5GeCbOJ2gOiiFiY +/3a7fHKrok8THu1cChwEjRsJwHWNvslMY7IbEEBBMIHxTu7dAoIBAQDb7OUluo1i +7OsnRhF+1xGiuTOyeY8+6r1oA0uwHnnMUBjBV0YOWdqJp52tJsWnEgYbYc48P+oP +h6ljcPH2glPlPQRbnet38Wft3q5P4LqiD3sgfRuu6yw+c2CZwlWeK93ft248QV+G +v9FEQq0nC2x/aBNXxrWY4pPEAYaWYhG6D700X7+7EyKKgpVp1Gv528g7pTi92k9f +8Ut3F3hJVoGwTpcyTnz+S4xozL0N3LZQjfw/OgN6UXk/prMj4yUlswWoPkUN/LR3 +xYcOtmPkmiMwXEN8hDCqaQWAfqq8CRCy/iRha87e4Xg9YeNQvVPODLmxkCuP3H/K +WGlecH+knverAoIBAQCnI/lizLLrfksE0fNbf9KfhcKD3AJpwEAKSRBLsM/H88Vt +2dnCV5/vUq+2dXeYDKXYU7zkrRkCfSroXl4m42OGagOri7pdSd1UE4HydbAE8erm +zL8GmvC1HvHwYvRz5HC2iaSwOKdQp7B1NvELBjdup4cyKRqVkbZGKIFhB6JRVOjc +7yYM6TFyOu3sk9dDjFdlU99rk4C4Y5CNiSlccNxfi1ySAstNlGs5SxiXR1Q7DKS5 +sUO89dmdQUbVBv/0R+T5dWmbT/qM+h6WA8mAZTkibFwpdIZNGG0eJQRiWo8SVxlH +VfhrbrQ3KifnWj7KrYaPF8E+7HrLue/CDVHqLP1lAoIBAAfJCxOa1wZ5fJmXUWc8 +FdO82qemxftkM/BKrZM+gPFKpJWzkTdQ1vuog1xt0vFnIfA2NibL3G1QUB7FEMu5 +MV8cGdtka8GDOjqhd2o8el7iTWmJBEHc8WQEkZbf2kgPJXuV8sEPT2Jlx/KyqY6I +SP75oDWrQyJ2YuS9aRZJwnbjt77y5Maqlr5wgPmOG4Rs01nJL4kJAWZUFGfS3N87 +wLuNDK0rOiGGayIKnWawOYQAgr16QEVEPRaTwCO1FsuO2tRp3+fu2jSjOXS74C1n +h3dezMTLqS1fKmKyGTku2Ph9JqyMNHaPZMJHhNSG30CcErbGc8RT+fIfzxsYwGwD +dKECggEBAIk5NwbiRe8EJmhLlHUuALYrzBJDgTSSNwrqUBt3lyP46XC3dAyQavzy +OX1Bznr1AauC1w5JEfr5DHJ2MeRVR2V+Spb+5e7KQGemoe3jaM3724smxfhThW/W ++nmiJ3Gk20lwBVBDZ9KTBnptg3zr4kORlNP2+EooYj/1dvzkflwDm2dLX8taSn8h +d81XaKBBwrNi6MYBYLDzw/tSbCkMGWK+odUguw+X/IDXiFcKJ1J2lRelJxdv6h7g +NeeTX0a6esQQO1MMTIVZSib5CubwgMhz18XvMA9mkcDjzifFhCrE7P1KlQLUYIGx +lUR8W/if6GM2wU/6ijdEVsMAQJUI5cY= -----END PRIVATE KEY----- diff --git a/lib/hx509/data/proxy10-child-child-test.crt b/lib/hx509/data/proxy10-child-child-test.crt index 18e37d788d73..9ec7112aa3ee 100644 --- a/lib/hx509/data/proxy10-child-child-test.crt +++ b/lib/hx509/data/proxy10-child-child-test.crt @@ -1,16 +1,32 @@ -----BEGIN CERTIFICATE----- -MIICdDCCAd2gAwIBAgIJANtSso4F/YPoMA0GCSqGSIb3DQEBBQUAMEMxCzAJBgNV +MIIFeTCCA2GgAwIBAgIJAIZ6hp81I2P7MA0GCSqGSIb3DQEBCwUAMEMxCzAJBgNV BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQxEDAOBgNVBAMMB3Byb3h5MTAxDjAM -BgNVBAMMBWNoaWxkMB4XDTA5MDQyNjIwMjk0MVoXDTE5MDQyNDIwMjk0MVowUzEL +BgNVBAMMBWNoaWxkMB4XDTE5MDUyMzE1MDUzMFoXDTM4MDExNjE1MDUzMFowUzEL MAkGA1UEBhMCU0UxEjAQBgNVBAMMCVRlc3QgY2VydDEQMA4GA1UEAwwHcHJveHkx -MDEOMAwGA1UEAwwFY2hpbGQxDjAMBgNVBAMMBWNoaWxkMIGfMA0GCSqGSIb3DQEB -AQUAA4GNADCBiQKBgQDcgI+5RZZeSRqK8ydQYyVqk2DGI8dLUkWE68TthxWg5Xjp -jD9tVt8y3kcQWXIWqeNjmKS6zQHDro/d8oS6oHVMyFakxq4uQD5DvaTeLFjmK/4i -IrVlJS+T8kUMNoqGgNYY7BppcUU0Nav/whldGlhtEEWEEu4EZ+4UbCj5QCHZwwID -AQABo2AwXjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQUrbpGGsqI -EM708LMvCSGULkOS0CowJQYIKwYBBQUHAQ4BAf8EFjAUAgEKMA8GCCsGAQUFBxUA -BANmb28wDQYJKoZIhvcNAQEFBQADgYEAFk/qvmcnH5QqMLxEtUY9O+2A1ag6iJEs -18sIp87PRLP06OmtWPkijS+7c7Dbs5ttwAWW8tZ9+f+yyXE2ctwrc2ap3TicrTB8 -yI2Fgf+ytxgpZharMjeUi9E10K/xKxU3hsrD7ug3iHp15HKyuP8uFmBP6gcsVsgj -tsIaPKR43xU= +MDEOMAwGA1UEAwwFY2hpbGQxDjAMBgNVBAMMBWNoaWxkMIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEA5rd/XFWt7tSsRUHIdPgK+CNxME9zqxPFzb0MpToG +3BJmFnhSA+1qFigBNHEsESN0pCG2nn/j9PXFflYOEvhcMRVd+b/dhTkyrmZScaaG +4/hrQuHNW/k9CXsq/FEQbWqVxiHbs7KNjmHHYHSdmZ9Y19qS5kTFEE7ma2hySyJr +7yQ1Fd9yVJyzUr4dSkxx6kGh+aILgVbNqSrd7ElBIhPMl4Qd4UVLadfFyJYmxiG0 +Gur1wXDUN4ElCh8I70elpjQH0fXmBG/FZl8zdMJVnQMSeFG2Ob42Atu/4Ndz0N3w +9+4hVQW6v8C4TbPRaIYyUB8Lt9jxZWmOfXKAfEF1uQrZaFttQbIBNBxUmu7tRMAQ +4OEUbNTFJ/+ErhPHHStIx1emP22WaTmQ4v3qVPr7REYuNKBLsLUZJd6qTftlUd79 +x8E81aJaAk23QW+0xldVlt7bAXF02iy2oZnJcj9Uwe/l6XQgHoPuG4Lz6q4OA5WM +ROG2vgOtu6phY5jY16YiVvMPocW9mdJQCjRAbIGFpmUeYiB6wWr9EGZpp+RVOchG +zS6GJCGLgyxcxHWmGYSNvdMnEacyXiCnC8DQZMcgVnqsDFBsM6QyICwXZr72qkU1 +QiWswudnspE+hw9xgceZqzNpAKhUw2skiLZOO0rnpLc/Rtd9FR65Hnvscz9Xu+p9 +pCMCAwEAAaNgMF4wCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFLD1 +SUEhi6VToeKjUn/AKcXzGbOFMCUGCCsGAQUFBwEOAQH/BBYwFAIBCjAPBggrBgEF +BQcVAAQDZm9vMA0GCSqGSIb3DQEBCwUAA4ICAQBy1ZfOf9nkMOa4p7Rm2uzJ8hn/ +7htPNcawOUlSiq0JjctHoYBthHAHvUrrkjjR303c21adSdjs1KusOn0sbynaEMgP +dU2tiLn7/Tb6bAAC61vvBErsqzPwPQJX0/M+qdoqop43DG1Pv53VR5LSISjXB7Sl +oXbJs4cV7oksxWy0eeSa3IXFEnH+NhmHIC6MtpHqRAY0dXS5IWWo1q2Hiutcdd2l +Nc2IBgIY38oM8vpFoQp0Z9S23WIBZzKJ/eqyYZewmSKLnJ1zPvlDJX7g9sIDuO6T +SIod413DgFYSqKAv1u8brT1KnTytyxRQOeXqLTMaJEGB/u4z+CH5Z8U5WlA3X8IO +dHKAZM4LhGWLloyIGjSJ628Ow8VVdP3ptkKXJ4cVka92SDocCtsEdXFYoU1NA6U1 +D4VkExZTVN1sLmIsBiG8i9O8VltjMpPYvKjlUaoezCczIuEFVefuNpYLx7quoIry +8FFW6Ccw/kMSgAhaO1l0OlMVcuZTVns1/fmAF1eOscb5ud7u6YvqQeAbouPt3I2d +eTFG1EJgmfG4JjqTWMXIJdt2VuLutMPUSPAZ0pM0pGsrHW6FVzgHNFlgrO6gOeUq +ytDsdPEy5H1Dk6dzoPzbfSkMQ7a6HGf1ANeNLsTXV/0+kn/T/RhZAjjRQLWeRzDv +N0angzihXX4AspaYJg== -----END CERTIFICATE----- diff --git a/lib/hx509/data/proxy10-child-child-test.key b/lib/hx509/data/proxy10-child-child-test.key index 18e54b0395ba..cd3e0ad4797c 100644 --- a/lib/hx509/data/proxy10-child-child-test.key +++ b/lib/hx509/data/proxy10-child-child-test.key @@ -1,16 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANyAj7lFll5JGorz -J1BjJWqTYMYjx0tSRYTrxO2HFaDleOmMP21W3zLeRxBZchap42OYpLrNAcOuj93y -hLqgdUzIVqTGri5APkO9pN4sWOYr/iIitWUlL5PyRQw2ioaA1hjsGmlxRTQ1q//C -GV0aWG0QRYQS7gRn7hRsKPlAIdnDAgMBAAECgYAgEiLVU6W3OPK/WvZQ3trGUYE1 -0GZgMisiVhhiY89lg3q+nUNsZ8I259V2L0xEt5j3F3B+KusixvTt1yQu8L+eki1i -moA5YLtiqcDVHkSX44/f8+yN0QBqmtJDg3WU8mki+Nf4fKEAPvdmmgRhnfFE8hqM -x6IRyL7B+7bmeUKeIQJBAPXw5KquGiwLjoZ+tHQhWN/3SZEBfB2uPFDAXsMgWnUS -pShjnECQDaj9ogUYoWeJacFj8/Dyc01P+LyiAtmfLdcCQQDlhVAsQNxMXLpy5HKU -ZcuZz4il/jQUViq/JRyXlqLccHsfs1P+7b3O+TN7LVNS59vKprkBCIcJoSZ4LaGi -v331AkEAh+KrVSqQx1kzTFhhd/Cc3FITUY0SeIu2Q5+mPAV6NUkx+5jd0kZFZeON -S2eKdlxUFEgXlj8/Oa4/7mlNTdRHTQJBANZ41IoFsdXJcJCb2FXDKZX40AAMoi2+ -twMWcrlUEatbkDH3KK43Cf617t1TZWE7N68OTCIjDcx5wbDbMwcZWWECQAQhJrzq -pdWb5EVvYRP88zJ1vJCISIGWjxQRsde9w0VX8Uu3kyT1EHEuW+JScoNI0avaV1DK -yIG37HCRGTBiNqI= +MIIJRQIBADANBgkqhkiG9w0BAQEFAASCCS8wggkrAgEAAoICAQDmt39cVa3u1KxF +Qch0+Ar4I3EwT3OrE8XNvQylOgbcEmYWeFID7WoWKAE0cSwRI3SkIbaef+P09cV+ +Vg4S+FwxFV35v92FOTKuZlJxpobj+GtC4c1b+T0Jeyr8URBtapXGIduzso2OYcdg +dJ2Zn1jX2pLmRMUQTuZraHJLImvvJDUV33JUnLNSvh1KTHHqQaH5oguBVs2pKt3s +SUEiE8yXhB3hRUtp18XIlibGIbQa6vXBcNQ3gSUKHwjvR6WmNAfR9eYEb8VmXzN0 +wlWdAxJ4UbY5vjYC27/g13PQ3fD37iFVBbq/wLhNs9FohjJQHwu32PFlaY59coB8 +QXW5CtloW21BsgE0HFSa7u1EwBDg4RRs1MUn/4SuE8cdK0jHV6Y/bZZpOZDi/epU ++vtERi40oEuwtRkl3qpN+2VR3v3HwTzVoloCTbdBb7TGV1WW3tsBcXTaLLahmcly +P1TB7+XpdCAeg+4bgvPqrg4DlYxE4ba+A627qmFjmNjXpiJW8w+hxb2Z0lAKNEBs +gYWmZR5iIHrBav0QZmmn5FU5yEbNLoYkIYuDLFzEdaYZhI290ycRpzJeIKcLwNBk +xyBWeqwMUGwzpDIgLBdmvvaqRTVCJazC52eykT6HD3GBx5mrM2kAqFTDaySItk47 +Suektz9G130VHrkee+xzP1e76n2kIwIDAQABAoICAQCeoD0Vu+bZVSmYeHEdUskf +8CZLY+UQE4klOjyugSXkO1YrTtB82MfeseSaLNFyeyEgE/neIeoWKsB9aydEDbQ9 +Hwa8xxjEFx5sX/eBIlCN/ueoVV1/Re6cTS2xyv5zbBvL3M2UUEgZQ8rz21ncHH3V +8vabEV84JjcwU+B5HhJ9mjRRdI7D8/UrB4FV6xdLS5LU8n/cjlTaYZmxcnAwwNIi +vnhYwO7nt63Jisrf4J5W/4K2XB/chZN00P+wnF8c1Zsm1V0vYbWj/AKB3XdFe65A +QVX7f3bdIj9blGaRjXa2z+fk8AqE+jj9W4u3xMRk5+ODpMnbwuZwA8CpLcyFzBrK +4gWQlZztfvvV8+nIJRo9BNOCtxitsEflq9S9FsfOE23H78+Tr43iJIikaBy2TwjC +HupNvpuqCSzwBD/Gqkd+zAsZmYJeqAduPyAqUIRDjcnR4srpzU5UGmrSbYCCtRT8 +pnDIUoktcV4GSlpZZRoImpCtX6qkr3JOoDuTaEhqFKAy3vHzzyJYpkBWlPqRatZ0 +elw2zVjmbgaBGkBGNU7HU7pwsiSl38CXVrxv613IlRBTTGyThl4luuZoVxgLEHwN +c3quCQ+O9fNcD9s/8u2Y20KcPb9cr6eGl1Klj11VRkF/DrpQqUx9yBPnmFxZQD2G +Vw0piDNSWEntLu2xvASsSQKCAQEA+Ee3TdWSh/tLTw5DMcoZTrUddtEyiI7Pm8li +LAwxR63M1SebhTD8cQOijGJ70HEftUn0DRlbTYUuJYcH44mHVCmm3crz42aIC0Xq +yiDoQIGsdhsusRsHqIELUiOphMIlt9Yj9H1r1FPfLNioCsmigZs2soSbBshpUr6t +VMr1DcDmJdeIk5eiRtnpeTB53fhObMuYN7QbB+NnQyqldwTVX9LHl/Al8QTnuF5R +m1tSCNV3EeMGp1asFX5C2noDZkXYy3XXp8nmPvOf7PgyexjOD3l6qdlGWKmAsaxT +NgTdMjidobgmNUsXwSJ6PVpJOvokCdfTQRKMW7a2nz4qDW+OBwKCAQEA7eP6oItP +yjxGB6wrEKV0U7KEbxMYJ+IAVOZ1sR4SbYKyncDf8msbKfFshIJrI1WpXVCgK4Wu +nvIEymvga7fsQKKiqPhMYWgFr2oSRAIt7BpfQY6VWjYpnzQXf4drAZjq2wAZQVzt +JA7RYxrCLixRAJ+oEBo2MxlznW4zlzT/C0w5fYtGDyYU6wl6rdULOgkIGfgMFd+2 +CHCK/szMhUV20xIrwlErj/im9P5uBqa2+UJkf1LOwv+YLTKgqE40Wfk1eITtK8Ol +bXnZstAAIyokKq3j93jr9O0kgdchV5vEOq5JJroR9eAguhMJOQbhQGfv6U+xBWkD +1hxsXsULETmyBQKCAQEAqiT7iWuDL40W3uZ3RfepwDZ+Kp7ScqLrw2cO0ADLBMQm +Sy0Jdw1K8mf7TRlwoDfl8ubrSM7HsyhBp5YR4eytwQ+KOxSKbpwlPxR7Amnqv8od +1hJqvRQ4+1Dz4SZvVXt3PbSSj0okSy3vE1ymTD5CD2++3DfjxZIyG3Jwdltf9Dzt +e6FpBzwzCTrstRBzc5pmpEgh2Iqku5MrgOwI2LeHQlPAVG9OkQ07fy2j30OFxGgF +YUyjkqni5BfS2MYk7kGPgF8RmvrRvvJV9p9geNtW22P0m9E6VChU+W2O2MYcj/4c +iGcaSAteDA0EmGb3KGOjrtso+r8rUO612AtR5kM8oQKCAQEApuIS1QNF8zJ7UjCW +eXQIehq2yxETFg92ehi+IYVeGhLg6MgAkphOkwr5PLAdJsmWKY9A/acnS/uuHq60 +3fxFsUYmY/Dj7EVED72SmMEKpCIQBvZWkdWDN1sczOsbxyAWSZH1JaRh+7SlcSe5 +ZxjRrmVSShGJSimlsKA5cu7LqIpNnmPQvxnQ/N1GgaH94TWqyET5fXLVyW/iIkNb +inajmAicSBIXREWEIkRGvUXBAHVx+NwHjkYt5C8rA0bxdNjdiPF/S/9REs6zSLyg +DAspGgOo89eRd93QiYF4s3PjoeLYEGHh7aHQc5idFLNd24fOhtbP8WKtPUvtPkJu +tCPMXQKCAQEAs1/6EmojSIvZB2HjE2AGPGxD3hktqwUcgf3s3xD0MToSbdBVVgc6 +ZeIGQjtfSE5sVhxi3E/lNQFPvwLzIO4HhkOsZ6DRhAO2mixuZwaniSv0v0zAhnxU +jZoY+mAwhUTM47Bs6Q+G/WYhJHocAG/Lk1ChTSA96bwJaB0CzObnn5loM+7FK95y +waGm1RXNgPSQaQMylLlrO/KKj0X868PuDgD4+u795G6E6WBWvRGiHrDH92v1eV5J +u949lT7ltg2iVBUQqENQeHMtomAkeIGGJRtAMjn4QrtbC64UEAPbTd8hYoe3q/XN +eyMm+IBLsR7OBZ2PvfCkhvJ3qDXzx1+BdQ== -----END PRIVATE KEY----- diff --git a/lib/hx509/data/proxy10-child-test.crt b/lib/hx509/data/proxy10-child-test.crt index 600bc357c48c..e759447a3ba7 100644 --- a/lib/hx509/data/proxy10-child-test.crt +++ b/lib/hx509/data/proxy10-child-test.crt @@ -1,15 +1,31 @@ -----BEGIN CERTIFICATE----- -MIICVDCCAb2gAwIBAgIJAONwGxXRj9jiMA0GCSqGSIb3DQEBBQUAMDMxCzAJBgNV +MIIFWTCCA0GgAwIBAgIJAM764JrT/2XzMA0GCSqGSIb3DQEBCwUAMDMxCzAJBgNV BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQxEDAOBgNVBAMMB3Byb3h5MTAwHhcN -MDkwNDI2MjAyOTQxWhcNMTkwNDI0MjAyOTQxWjBDMQswCQYDVQQGEwJTRTESMBAG +MTkwNTIzMTUwNTI5WhcNMzgwMTE2MTUwNTI5WjBDMQswCQYDVQQGEwJTRTESMBAG A1UEAwwJVGVzdCBjZXJ0MRAwDgYDVQQDDAdwcm94eTEwMQ4wDAYDVQQDDAVjaGls -ZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAr982Voxa1DhcIIa22u5oO497 -L2FF0r91yZh2IjY02XSGbLiyFV6OwKULRli587BMryq8G0BBKAmXVvZszOLOe9xV -eipWkyFxiF2s6ERYJ7muHHXxIQyGgRMxhsDuiqiGc51TZ+2H7A2CIHbzUOdom9qf -UwXqyd8iD9N/a/Zy3JcCAwEAAaNgMF4wCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAw -HQYDVR0OBBYEFBBhzv8RTjHAfZxnKZ7bRv1K9MxSMCUGCCsGAQUFBwEOAQH/BBYw -FAIBCjAPBggrBgEFBQcVAAQDZm9vMA0GCSqGSIb3DQEBBQUAA4GBALT+aUqBtZDM -W7/F5I9QgZL9+zebGqzjxSTYpIT6iYRop/oA4ZFc6k0UjR5A8A+/u9mISwB9P6R+ -GtQ8CBgcqLgsLsTEUiz/N2XtC+I++ZSkR33b6ZbNefq9vSib+OzQjdqw9vshK9zX -bajUTjXEGuJrGMeqvv8iwl4SIpCT5f3C +ZDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMyady7cAVLnQae6jZG0 +QWzGcIa+0EJdjG5PyLmw4nJSAWBno68VmIPzqThNPn8aHhJ28aMYdS/oLyi5+Vau +afOvG7gOW2ayxmPelafk4J0Olbg+dHG0XzfA6Y2Y8gBigXtVR176GR418uy31HpO +O3BnlvJFU7QkBr9A9zROTnlfUUw0mN/io9I+LAO2GsbdFl+HTbx+T3LDKORf4jWW +suHBFEdwm0piJbP5nIk72jLp71ulubi4j5E0tVElv0DpF4FaQeCRGMXOfTYwswar +qg2TzXBTyeq+Kmuk1hslrphEVu1IZc0D8+aAr/hvrsI90oyTysASAfoCYKASnZWN +vcYi2Vt8Kkb1f4sxISqtm2PmHllD6grHdK1iKfoa9al7VvAu7sGyu0DF1uwmyehJ +1FNnQl0BIbFlfXiEVv6gRAazOJkxGO3kjneFVWffFwv9F9chdSCcMKO8USOV2qey +ySHaO+YTP+ImXD65dP7Ks9r1dBKxcU5vxJG0orHSiwstY5cRRqDeKatRdJ1kOavc +DWTlz/MJkMS8o5QNjsvWd+a8MkW0rkjYIuPzNHkg5ydFtm4lfRj8tZkJ56M8B5Oz +KFTD8JQ1PgxyPtzC5gnOaDuiTrmZQd+6ob02nvP7S2PgmKLyVbb28987/CG7MczD +g1BjCYRGsQnUcnvNM5EuMNlLAgMBAAGjYDBeMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgXgMB0GA1UdDgQWBBRtG+s2dgue8pi+jKTQONY6Gu0vdjAlBggrBgEFBQcBDgEB +/wQWMBQCAQowDwYIKwYBBQUHFQAEA2ZvbzANBgkqhkiG9w0BAQsFAAOCAgEAcSYX +JZ8+DUUab6RvbRAxyK483Bw7DbJuqFy90zy9RNDHV1Og/YdEey1Qvne85sVhUGhb +PLCRyM6dgT7BRsyBT00CYFp2sjETFm2KCkEevpfUgpbdYmxccV4vlOMguYJ6DWn/ +eV8OBOkdmc4RxZ3ibZ5XvNbs7lR5B01qHviAp8MT7+QFACCnC7gpD2b5lv11ZUac +STkklsuSY4nPBaD1NcgysG5EAUxoP6x1J7nJM4ukb762H0/svmsaYSo9kk6KGNXM +D3VbPCF4huNJcT+GkdtFfUmFHKC7yVekLDhs4Nh2GrOLJii3alcZXEOvq2TKq4No +Tl1nTLFVLZ9pMsWzL4aDySYGPpNDZPvetfqGprw/uLohgd6k3eFdnWWBkOk8jX7y +V/wLTTQlQHxMENFwj/eguEI7Kav8UcoZNaRWIjUXyZ29pzuM+aRJ4SFB21iq/vTR +mqTB7I20eh4dcjVpytU9KeQkWhhvxdiUj7dfgIkSViMG3Cy9hvu19S+nUZyvuBGQ +TwAGQlzfc5hEBbV5qBZhF/iOiDZJfBFcrULke5FfmFE6mW23eSwisqV4l0YfpyBw +nAhC+u25wG1JC2xXitBLqDnZqoFoX7dSzEMG01ia+c1yn9sK9mRr5ahas/QnSSC7 +2C0QAQMNb+C32deKlAfuSbtk6H5Mwf2YmArqQ38= -----END CERTIFICATE----- diff --git a/lib/hx509/data/proxy10-child-test.key b/lib/hx509/data/proxy10-child-test.key index 12f49009eb16..357de74a396d 100644 --- a/lib/hx509/data/proxy10-child-test.key +++ b/lib/hx509/data/proxy10-child-test.key @@ -1,16 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAK/fNlaMWtQ4XCCG -ttruaDuPey9hRdK/dcmYdiI2NNl0hmy4shVejsClC0ZYufOwTK8qvBtAQSgJl1b2 -bMziznvcVXoqVpMhcYhdrOhEWCe5rhx18SEMhoETMYbA7oqohnOdU2fth+wNgiB2 -81DnaJvan1MF6snfIg/Tf2v2ctyXAgMBAAECgYBbnR/2J7js0csT2nkIRKahWBWo -UbiIltmpwTTQj4IqQKwBmJiTzyT3r0HXTELZcV4Q5WcFnwwR6iUe1NFKTV+XgrcK -OMBY43+6InTvsXAKxLH6MZ7tfKWA13forzs90CmvYxTHtEFYS2MnzZ7FFqBk59lA -gMrcDVKYiOLenjKm6QJBANuEuoq/ZiNC9bJ3JjVyH/yHYqAwi6g8B8kQufecAqIu -eQBpx2vsry8V6LpTfIsle8dWFKauiE4s5VyBMn7l2kMCQQDNGZHFI9j8SaGVGmbF -5nDtBnWoyAWCQ3VzTj+uaO/ybkTFFvVkVLU1+3j2cWRVYdnoXK9uL2eH9E35radx -d6EdAkEAyEI2l1ryh5qPYEb4MWuyqIKtw6tlzI0vIQtETBIkCOZSdsEJL3jVfCQF -ku2Uwa/pUrlBz6mLKZ4lg5VNhpyT1wJAEfXaQQQ5nSYpgzATreLXIrp9FTGm4dhc -caN5iiFgWb90QDoZdRbB459I4XPekGeIOIPdTO3TyCEJrwKY9iO+tQJAGdLTwcsz -o1Ic+rVL8IfXPRCwtvi3e/xVgGxDHhV498/ofY3xgVmOkSRdDjAz2FgZeaotnKj6 -d9og/gBzfNdK2g== +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDMmncu3AFS50Gn +uo2RtEFsxnCGvtBCXYxuT8i5sOJyUgFgZ6OvFZiD86k4TT5/Gh4SdvGjGHUv6C8o +uflWrmnzrxu4DltmssZj3pWn5OCdDpW4PnRxtF83wOmNmPIAYoF7VUde+hkeNfLs +t9R6TjtwZ5byRVO0JAa/QPc0Tk55X1FMNJjf4qPSPiwDthrG3RZfh028fk9ywyjk +X+I1lrLhwRRHcJtKYiWz+ZyJO9oy6e9bpbm4uI+RNLVRJb9A6ReBWkHgkRjFzn02 +MLMGq6oNk81wU8nqviprpNYbJa6YRFbtSGXNA/PmgK/4b67CPdKMk8rAEgH6AmCg +Ep2Vjb3GItlbfCpG9X+LMSEqrZtj5h5ZQ+oKx3StYin6GvWpe1bwLu7BsrtAxdbs +JsnoSdRTZ0JdASGxZX14hFb+oEQGsziZMRjt5I53hVVn3xcL/RfXIXUgnDCjvFEj +ldqnsskh2jvmEz/iJlw+uXT+yrPa9XQSsXFOb8SRtKKx0osLLWOXEUag3imrUXSd +ZDmr3A1k5c/zCZDEvKOUDY7L1nfmvDJFtK5I2CLj8zR5IOcnRbZuJX0Y/LWZCeej +PAeTsyhUw/CUNT4Mcj7cwuYJzmg7ok65mUHfuqG9Np7z+0tj4Jii8lW29vPfO/wh +uzHMw4NQYwmERrEJ1HJ7zTORLjDZSwIDAQABAoICAQCG+91nf+QrssBBDTW7C+Yi +AmVYsGircBZm7KIryAQNkgaweI+nwiKl40ogB+4UYsG2Qty2Ujt2CMOcJd3XDyh9 +iWhLLMWmYom6d63aX4jEdUvXivS901cCbHZpYZ8/G737BU8Z3PxXTxZekAVRT22t +gdo3Kf/IGACPiyfMTWE+d+El2omFI3wbB8N4C1ttGY1aJuTlV5vIxfKjgJK38h1A +DWb4ntUE5O2k6Cga7e7NqkKs/xAhSzoEfXal+7ZK97z3LPnLU065qbo31zc1TmnZ +nUprMgxDn4RTEiPjMyAV+vgygZIQCOyPhRUTXXM5WRogfpzDzN2a+JiQ4tcuRJ4O +/AnCmH2MSwrTsnV1W/IgZo2/Va6eyqe3jfoN91e6q4jmoVvEyTA7oaX3PzJRggP9 +yySPLTiWJPZTgp7i8eoePdaDs1xkQyj7cX64+PtSwcf9GDssWsSUpHVtIgtZLYRH +NI4Z+nSSDqDQzC++cQsaODKYarNmvIgIaFxGiFVnjlSk6wXFXpe3IT2I1Q02wvxr +lSVlwwHOpbaTY+oZNE3XTl2YXx2VIVGZpjac3Bz/ML/jty7AlW50NKHgZulG8Dt6 +mV8daKR2YJIoAKMramJ9+h/qXAcpJmQQ4yqnGGRKjweVFOmxCJuCjmkhkkJ9IC9C +6fZxzPMWcNLzcDoHK06RYQKCAQEA+I5U2Cm0XLU+TYOOpXIOjNJjOU+jUM00CD6o +hWN54ArJxdGJjmk6V6y4ZY8mYV+PhDJGcop2kzeuEeJm7wlhSZ1nMWUVZ4bB3E25 +YAboVnAhk8uP0LVT/8O2+ENRX4WFXE4GKjytHPrHZ33rZtLg6AVJscsXg/JfKSMz +NxahI0zYNdNcifXY8ekKvJPC0oCr7TuVp956Cc1OdSEx+j0iDkqcYp8ipDEf5GoA +MR4FTyamaom/A3wC/WihzFmfSpB9HdvUX4uGwgaAtTEGMQBpJRcNCtZdtbrzwJnS +ufPpmdr4xMFD8+BMcPzah8j5rOQBY4NaUAzIkKeoMpcd0OKfsQKCAQEA0rsmvfVa +mY2mDjWZUtsohh9lPo8Upx0Ggxzn+8RMzQFtiUqns+/B/GdoGyVtJiYB0XzXKehz +LD4+rgFK2kWm7ze6SSr+RaOaJi8eH7xLq2AjfZFhoTIAwIlpkEW2A1LuITBkbW9j +1v64ssAJpUuM8/ljg2/OImCQk922uLRCayp+/CoyAHCJLgyBRhDy2NNuk/p59Any +OFzgPsiTAejcigTq/AqQpgv6SDW14zdvt6De9pm2Cq9xYWUPaqkYNwJpsAGPqH+R +Ncwigo3b9CWJPpfeCAT2qybj8ZE7yUzNeWqo3dnalXFUROpUi0rYUYPGqcg0340K ++h3lBaVFNyEjuwKCAQBd3AGWD0mYqKh6RO+c8lEkRF5LyhL19EdtxZuFo2bmf6xq +ExJKwNnTOdn4H/JyWs+rMAECR983AJOvFTuhkH04e0P4lx9aFL0oIAGcjX83BOjp +ErmgKpkpwBJb9a/IznbpwFz7niYRB3I9VoOKNJ/Rfg2yIesjXGcq9avlZZo75kzP +Jp2PS1M9Jq9zPqkXLJe/4fxFg/G5udmiyYJB6MvvcaVUaJuAPTy52H1yDtAab5Hw +MUv8WNwYLWbL8BwC4EUe/WBZJCsjIamAwp5/6pPJ+cZnDUQd2Bcr5+p3ZfAUtWez +hPfQJCc5k4JCPFZsPz13AqccC3fBiE4vrHkJ5EpBAoIBACEcCJ1GBIMlz1ZiM4Hi +Lz7LhgPLRUpwdAp7qzNSh2Kae9RbZ3gNDqSStre1LK4WwKhifgf2nsnvybdbOqCK +2wyw69L9L1BPwTOIqaoA0r7NbyYWholmKtoVfQGPAmcJS6LpUI4lN0Gbafej1qAi ++7WFlI4dLf0WwQCKkF/66oid96+1DYAmLleO3Wzd0togdjpH24ttWKJkbVNP/lEJ +fkUtOqJ5InsEXMGltrtJhYMLgpyqUADjyeOsljyC7uwNs/9Ub3bg/DbAqRdsJIf6 +sdKk19zYssz3Yk8dK5CYQZx3FqssxHxAfyYIz1nHW6+LDda1PyF0rqnXspkte2+L +BGsCggEAPMUwXKXsMjE77m3jhGtxPGFk6mGOXeVdBjdamuRWcdufqDP2Ctlb6+ki +gXsotGl/lV+ZQp88nXkHqmhsCIBHDrNLw8um2M1cLernah2qzfNPMqbj1UAntLud +bYCUoitUFxnkMietqQtEpQlVWDazlgxaWp0AZU4iSfdhxmD+QRSBp14aBwJ+InAg +HRYkelR8EBB5KU376QOXBViknRBgvW9yieD3n+CkFGDNkQII0D7v9gNXYK2NbVYG +IClPaF7y+OVlauhIRaRmRjF4a49sssKd3qLNT34sM/JC2G3XXxyX+zPhDjf6dQLP +wVvqDgPCDWKi204uIah9SC95JGv/BA== -----END PRIVATE KEY----- diff --git a/lib/hx509/data/proxy10-test.crt b/lib/hx509/data/proxy10-test.crt index 0d9fde88c5b6..bf129830ecc9 100644 --- a/lib/hx509/data/proxy10-test.crt +++ b/lib/hx509/data/proxy10-test.crt @@ -1,14 +1,30 @@ -----BEGIN CERTIFICATE----- -MIICMjCCAZugAwIBAgIJAMJEvwnR1+3WMA0GCSqGSIb3DQEBBQUAMCExCzAJBgNV -BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQwHhcNMDkwNDI2MjAyOTQxWhcNMTkw -NDI0MjAyOTQxWjAzMQswCQYDVQQGEwJTRTESMBAGA1UEAwwJVGVzdCBjZXJ0MRAw -DgYDVQQDDAdwcm94eTEwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAwvFE -RvMpm6Oje46mf4ta4or7w/cUcJ5wrn9f1plR6/ETOiCGKf4i9/9Yj8vr0MFLSNcb -LpipSq/JDoiQJQuCvfwGe/g/Im0byhcWmqcvmUQJ+tp/qBsrZQqKMAZxBE1rzvBs -pWqQCFHDOebLzcl1zmTDcrDgwsO0j0EOFRiIkwIDAQABo2AwXjAJBgNVHRMEAjAA -MAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQU5aYR98LOKtpDlBTC9W4axWXpg9EwJQYI -KwYBBQUHAQ4BAf8EFjAUAgEKMA8GCCsGAQUFBxUABANmb28wDQYJKoZIhvcNAQEF -BQADgYEALsp0p4UR2YqO3HYNEkPFluconjaKOcj4X1y1K0dnQneBfrKJJ812h/Dh -bs/Kc/SbKWRD8wkNF13WURZiH3emkYgvdB3QIFaWb52gK4n8T2L5PkcEJIv3hFkl -5TyqSgsy4SlaQ0KnBx+E+l9fDXUBYhpxLEVpaav5u3RLNJhG0jY= +MIIFNzCCAx+gAwIBAgIJAKQmPUkmhyKpMA0GCSqGSIb3DQEBCwUAMCExCzAJBgNV +BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQwHhcNMTkwNTIzMTUwNTI2WhcNMzgw +MTE2MTUwNTI2WjAzMQswCQYDVQQGEwJTRTESMBAGA1UEAwwJVGVzdCBjZXJ0MRAw +DgYDVQQDDAdwcm94eTEwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA +1RLpk560fH8JMomm7OaAxwXICdeuqhJZHlu/RegfDIsqo/qGyrEJczQVFGKnISoZ +rDthg+005e7VtTvVC6caKRhewogFBOiLwk7SmoyzXFHcpAdLGJgUL9UCUnxL42UR +djmY7jEtgAIcCwtvCwJb7TXZSaOaYtov5iUTeKmjP6Ixu37CjEUL0CSh2f4/5auC +cRXDfiHmYoUK/9q0BxUaGgDOyCuyrtI25jaMtZMNtCGTGJCWeZJDk+7+/tyNGuQt +NGNKRmJyENvgx6HXQiytXnxYbDABpLNQ8fw31gQVvSiuSHvE6zZa4VNPPjMFIXXU +jk4LwFsuw47OZYiHrMJpuSXLY/v62uID0+88NM+naD4R+DYtxkL1RATSwbhHg5zL +np9i3D1BL9WrPnzlKHEpW4orjeEUljJqu2IVW1OFojAMHC9cqwU2LGIhRqcf2osr +zltVS0f+ssXPhMu/G0Ib31ow24EYZFR2C3uT5oVgDfZ59mArknUHooWjhb9WqO0q +LoyI+5YxKDroNm8QnEhZAzye85JRuXmGt/G0xg99kq0WAlFjb2Y88oimgdpVFrDd +BTzNEjDcG2z2L3IJyekElWeTF/qlweQfExpg+WnseCNUrTWjCVDv94vGKUXvA+Va +xpnQWNdGnX+741vHbg3CkQhDFiQoAu9pjI3W18YUWKkCAwEAAaNgMF4wCQYDVR0T +BAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFHQh/SEjpZ7xoyS/k1Dzsq4CqoyF +MCUGCCsGAQUFBwEOAQH/BBYwFAIBCjAPBggrBgEFBQcVAAQDZm9vMA0GCSqGSIb3 +DQEBCwUAA4ICAQCTubaEkl971rzVIKGtzpV6Pa2uYTijFOsCUYUPOPjgtPQ+h45A +rfgdVYKd9sbujQf9buZb8Tut7Dt3XJvpig4xopzQezkNdLCwLfYOfDEfWWAY4gJE +ZZ6wrVeB2jgwS+xGGYSjXWWM75wgvpeptQSJ57jvVzX6wCWrPjw9RpemkoGJyqex +4iMILSQRFCjYYulbK2B8kWfUUxqz38l6mwbB9nk4FR8OQ9b6AhwFaVYNqbTMP7kw +SDx4s4h54lkWJ3Z4ktxs3DpOmIyIE9yl7rq+T6RZvkgZX9+9Ftm5XfmEmxyzjSyN +FEjrBAk4v/ryKS3JUDHKjR2MiJmNn171lfxc16MgpRL6assUSJInZ3cEEaUQoK/I +zKFpwa2vepGkQhZ7E1cO/ynotiRsJY7K1i3H3Ai3fQid+2N+KODPV3mpXPOOWYAg +oJXsQMUG0EaBVogtDgTsRpnv08OO/OKeXvrTTi9wDrnaedMhdSA2XpHBditBbADX +31lISHXD/c7Va+ispKnEG1LqR+yo4XhV4qH0v6SX/493/UKZDAUEGQIA2nJ+NvPA +INiEa2aGsdLmbu66R1OVF8cKpn03a4Dul2XbwfL3zjhHICw6hMACvxrArcN/JLku +bZWhpWleT0Im/HqqlwS9Qp2CTneyTsvDfnyDzPA57lmUJtpVy8mFq+MHYQ== -----END CERTIFICATE----- diff --git a/lib/hx509/data/proxy10-test.key b/lib/hx509/data/proxy10-test.key index 47b4ce2309d4..624e90cbaeb1 100644 --- a/lib/hx509/data/proxy10-test.key +++ b/lib/hx509/data/proxy10-test.key @@ -1,16 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAMDC8URG8ymbo6N7 -jqZ/i1riivvD9xRwnnCuf1/WmVHr8RM6IIYp/iL3/1iPy+vQwUtI1xsumKlKr8kO -iJAlC4K9/AZ7+D8ibRvKFxaapy+ZRAn62n+oGytlCoowBnEETWvO8GylapAIUcM5 -5svNyXXOZMNysODCw7SPQQ4VGIiTAgMBAAECgYBTMM7nZKd1AZKx75U1Dj6aTsMk -vQJZc/EtOGIIfplU3bsBTUjUHjNr7BPrqMOdVk7Vqu4K8SU5it4qq3cMnrBETxTA -k3oLwIM5U/MLF8PCxFFfjARA3iqp5ldCBRbFwBi3iBa3+dxRQgx0TYdhg32LPE4a -7sAz+GGSHspa8mPR4QJBAP9qA1LSsSi/hargSNaNnCEy/4YW7MIkbJwX3A0INGT5 -cEUhSG+w0UhnkAf0Hi8/Gh19EsvDEOY/Nu6ucSmmnK8CQQDBNCNO2Qae7GJSOPLQ -T6RpcFThH/7D09gCnF25V5An3jawT2BNue8iHxKztOwneSw16D1xSDm3nIs8m8sJ -gXNdAkBs9pY6ZEZOIv7seki4t6svAqm+U9Nns9Bd+1PWf3SSy1OZOmzDsYRnRj9N -FVk3QM1sXSqCoVJ5V+ighO0kHr9jAkARbnvVDF29jwRb+MlnpBfob3spCLL6xi1S -JvuJ0m2uOy1iAPdma+U4hecxEZzQ/uzPPFH225Zhi51AbaoHBIf9AkBHxYNY9TPW -nWpEcH7Mq+5KdAgXhXb0uWQbWoK7m/wm7OY8KQMc2Uo1chatb0qxlmUxZvQXva+w -QxahbNp1Uyun +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDVEumTnrR8fwky +iabs5oDHBcgJ166qElkeW79F6B8Miyqj+obKsQlzNBUUYqchKhmsO2GD7TTl7tW1 +O9ULpxopGF7CiAUE6IvCTtKajLNcUdykB0sYmBQv1QJSfEvjZRF2OZjuMS2AAhwL +C28LAlvtNdlJo5pi2i/mJRN4qaM/ojG7fsKMRQvQJKHZ/j/lq4JxFcN+IeZihQr/ +2rQHFRoaAM7IK7Ku0jbmNoy1kw20IZMYkJZ5kkOT7v7+3I0a5C00Y0pGYnIQ2+DH +oddCLK1efFhsMAGks1Dx/DfWBBW9KK5Ie8TrNlrhU08+MwUhddSOTgvAWy7Djs5l +iIeswmm5Jctj+/ra4gPT7zw0z6doPhH4Ni3GQvVEBNLBuEeDnMuen2LcPUEv1as+ +fOUocSlbiiuN4RSWMmq7YhVbU4WiMAwcL1yrBTYsYiFGpx/aiyvOW1VLR/6yxc+E +y78bQhvfWjDbgRhkVHYLe5PmhWAN9nn2YCuSdQeihaOFv1ao7SoujIj7ljEoOug2 +bxCcSFkDPJ7zklG5eYa38bTGD32SrRYCUWNvZjzyiKaB2lUWsN0FPM0SMNwbbPYv +cgnJ6QSVZ5MX+qXB5B8TGmD5aex4I1StNaMJUO/3i8YpRe8D5VrGmdBY10adf7vj +W8duDcKRCEMWJCgC72mMjdbXxhRYqQIDAQABAoICAQCuw9ZlyFSNkL0AgLszsFSL +6YgL2qZexLHoHqSiOCPPbA5LdV89vTvdDCkGEWy33Qo1pHb1eIhc2CrdfffemO7y +KhT/RgWn4v1PIMvJDALJhDOPLpQ/1e0o1nQTJ/QuzWUnLVLse9WwGwrZXEV2KDcy +N2rD5bbpwcBr6pkv7SQDO4vDF9OGrdNko8dFQC80uBpDmvA/8po+0JUXClGDRaGl +FmiE8qKalb2F0dRT0gv5ZVh7W4ywpnFbUzo/3LK4DdOuFoqDdJfOkCqsU2h11KNW +znLQOgf/CT0pXhCGL8+M2WMp/Kqlqm2cR3LFt59LtJPlLMqiuad/qxBLY1K1Nrjz +LYJcgyQ00EzKuoY0c5f2b1p7JG4jrsocerUYCmMFMaQc9qDOicUyagjcXnUfggf6 +TyHAPFY0nYRqzGbVHOF4HPx28CJ3aE3egvlgC7G5XrHI7CIHrelazEC0iIkfutbj +SE6MEKde8XBiXB6R/pXFlJJGUHum8VLtHjHJR8qMlI7LOmasmIsSs9py1j1V8gKr +lPKLpGHN180RVPoYvULlJiJejmw/ODPWEaOXQQItemTSuYnD118Cb3y/nVev0wys +yqWwVmqP1WgEixGKAg1msVrQB2iY55aNlT2auZAtc5v3OSSNX0tLNQtsvxZC6hjW +YcSKPhFie1JxtETHxjgSCQKCAQEA+7c4SOF+V7Xme7FFOwvUb7+P+Lf68aFpKxeC +tUS2dnL5qfLFNFjMP+qte1xFKy+zQKQbZg7vcJ1v2SLI2rmHFAFNxp+pd4q6C4oj +eoWn5UgZutFfin6AZCIxO2i/4uVfOS8jEiIkw7eCflEvS6jB9EpieknnoFPjg42H +Bs2kDCf/1dlUlgcADcun02ffve9WkKBCOU+FOXZFKk0LGN6KQCdrJrGutwToMefv +ULzc7QVl1D2ARA7INjWB7PYqiWFYwRQXB4oEUVI4v2T0DPrCf+qpHvn+01fle+uN +W7gE3POLWbS8vuTQ34tdmOzZJoJkJ9/x9tTIOD4aa06mKoo7twKCAQEA2LNSWpmd +NjOf3W+Q9hyjpikiMJhvhaYO2jgfiNcCDDt8YRbMW2dpbWiGryzxwVMkVXkWMZLc +1MBjKYnlaAL+NXr7J3Upga5sjXkl801CqEZT8y/J3rzWmgwwvpd8mriqtX2jI78m +GgA6p4NmChou797GJci3Ai8cNCTzmQmLwWEgnuJKlaPcHZ5eRotGceSQ/CCFtbeC +TIcpNWaxhvtf5aSbhoAyS4RcpVEUanEE2gPGUNngYq/19ofC7mphChBV528075bi +661wrmmUlywrbcgsGfjUT+8y0aafWQq9JAmlRql68w0Gi30t/xznQPAlIUG8z2vR +6POpzeuV6zTOnwKCAQAUFmUJe+VHPp7sFBOASMtlN5ZXtObzzXvFEpU9vgQJo9dE +trkCGmwCVcoOZCio75+Qcwg0ttBo3keEvn/k5JVhBVGdnjQ58/ow3Y9DQdNKOtzC +yd6kAMBiPVBMe2mEw+U7fQWBdvQUIlrplbT+hrMjuaPuOmOfqdIoN20lH9gNmEuU +V0mmx1w7vZrhBhMW5zizRfbC+BObqFKQs6FFFM1XnU2xwtA8jsmw4d95Q/kleR7N +NzM7OyrDGLYLoQF4ASrCDcZgtaTukG8y5u2K85/98U4ZyL2LRCJuJzgar67DqzPd +rsy5Ny1sCYUopQ4XQqSXggmfNw/bXSlikt4z2uA1AoIBAFn1/99a3FgvEFP2SADU +HOATPX1dGxcpvAq9t+GwGMqJO3Z253mesbbY6Oj6SJbQdEoDjcIgzQqJn+ETvSfz +7iK3nmJgEk4i4i/NNoMN9Pk00Q8pLK4KSTEElIvbCcCVn1DfCoYBicjLhY4bT5Ys +DoZIPoxbChafBh9jo7lJrDoon0k2em4q62tkXpD8qs8Ha2Uv/zJUL4Sjq+jebB60 +ZrhIIMSyna6aEXgT89zIdJIpdQAFo1B06jBhZfxiL0zlQTRmB1zbj/L1Os09SZGE +pbbanexeT42rqLY+bPKjMagvVOzD2SXjp27rFdhN4Hcl+tQWnVKi2S7TURAKmF9f +udMCggEBAJxkdEJ7RDZej/Fw9xbqfslU449Tp3U9B8P+SkJEfGfCLX+3SwbyB5Xz +J0p8fMvc0iWhJ15bx+JIy6Qmi8/EPxZibZDDhPSpBgok1RrzRMh61cO/Gz8aB9xl +jciQPCsMaWqt0rFSE2L/xZvX0DUlvPOzBYIVOeWN+5JoeEHbHLxRtDMnTXaky/Vf +PTBLv6jSvdd4cWPOhoIRovvEBFvE8GqOusHJ5bNjRpY71F2PSJ7sYMP7RfTFfvkO +moF8U+ZpMIIFR8H5DJSAeocbVXXNLI6iRMbXqCecc4oTYU58kC0Xm7H/3/2Gqzl/ +XnrAAFMk+GLkZE8dvbKiMb+/IIDXWsg= -----END PRIVATE KEY----- diff --git a/lib/hx509/data/revoke.crt b/lib/hx509/data/revoke.crt index 2c2afc2975e3..07a419938218 100644 --- a/lib/hx509/data/revoke.crt +++ b/lib/hx509/data/revoke.crt @@ -2,25 +2,51 @@ Certificate: Data: Version: 3 (0x2) Serial Number: 3 (0x3) - Signature Algorithm: sha1WithRSAEncryption + Signature Algorithm: sha1WithRSAEncryption Issuer: CN=hx509 Test Root CA, C=SE Validity - Not Before: Apr 26 20:29:40 2009 GMT - Not After : Apr 24 20:29:40 2019 GMT + Not Before: May 23 15:05:12 2019 GMT + Not After : Jan 16 15:05:12 2038 GMT Subject: C=SE, CN=Revoke cert Subject Public Key Info: Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) + Public-Key: (4096 bit) Modulus: - 00:a6:5f:11:30:35:3a:5f:ed:c2:06:ac:f4:14:27: - c1:db:ae:79:f0:b6:9e:0a:83:e7:82:6a:69:92:a6: - 85:9c:5d:e4:8a:0e:6b:32:99:4d:22:b9:ea:a6:8c: - 84:9e:62:f0:a3:f1:d2:b0:ef:41:ce:93:ce:d9:49: - 43:be:0d:a7:ea:cd:37:bb:ba:4d:ee:75:ed:86:74: - 8a:e2:08:77:2b:60:91:30:b2:96:57:4e:42:d1:5e: - 6f:0d:f5:b2:d6:98:ed:3f:ab:a0:64:33:8b:52:ad: - b5:7a:4a:fd:70:dc:d8:8b:e1:47:0c:8d:8f:93:5c: - 9c:35:3f:cb:21:d7:5c:6c:b3 + 00:bf:d0:af:36:d0:76:65:eb:21:0c:44:48:66:6e: + 43:c8:d4:07:73:4f:2f:36:b7:1b:ec:6a:aa:7b:60: + f2:87:9a:94:bc:ba:91:f8:1c:c8:1a:01:e4:fb:d1: + ac:3f:a6:07:26:2a:b7:8f:79:f8:31:ea:4f:e3:9d: + 2d:84:43:0f:ee:d4:1d:5d:e3:f6:16:31:5c:bf:f9: + ce:3e:b8:4a:e3:77:2b:bc:41:ee:84:52:2a:c0:7a: + aa:86:a5:21:9c:c5:a0:2a:e6:d8:46:33:c5:87:14: + 76:a5:71:2d:ae:7a:e6:60:0c:3c:35:cb:af:80:6c: + bf:cf:eb:25:f3:0f:be:5b:53:59:cb:b2:9b:c9:17: + 86:2d:08:a7:60:1e:42:d5:80:ea:74:b3:d0:7c:3c: + 42:33:58:c2:bf:35:5b:e6:7a:8a:9c:fc:7f:fc:c9: + cc:3f:7e:52:d6:8c:33:1a:2b:03:de:a4:fb:04:86: + 13:a9:b6:0f:d2:a4:12:1d:88:a6:4d:aa:85:c2:ff: + 19:11:bf:04:e0:57:1c:2e:03:97:b8:83:9b:0d:75: + 95:d7:15:f4:31:5c:2e:76:39:25:f3:fa:b1:9a:ca: + de:c8:39:cf:03:72:d8:23:0a:00:3a:e9:66:ef:8a: + f2:b0:fc:56:04:3d:b8:e6:dc:f4:a0:ae:73:1b:ae: + e4:03:42:79:f0:ee:14:51:18:8f:bb:d5:7f:cb:5a: + 21:6d:b9:9d:b9:3c:9e:15:24:23:2d:bf:c5:a3:66: + 45:f6:33:dc:06:7b:e1:68:f7:75:2d:58:9d:e1:73: + 06:79:a0:de:68:e2:70:5f:5a:fc:05:a7:26:d6:76: + 57:f8:12:7b:48:07:93:65:a8:d1:04:94:a0:42:9e: + a8:8e:ff:3a:c7:aa:54:6d:c1:99:2d:2a:c2:33:65: + 49:82:e7:df:bd:18:10:e3:69:df:d6:d7:16:4b:72: + b3:3c:fb:81:72:97:cd:28:35:13:b9:2e:09:55:4d: + 40:eb:e0:2e:24:f5:f2:0c:04:e4:38:90:db:1f:7e: + 79:42:97:9d:74:7a:87:c3:18:da:ec:9e:8c:00:25: + 36:87:88:05:49:77:c2:76:fc:68:76:59:b0:1f:d7: + d5:81:d9:47:f9:e9:62:c6:f5:08:06:d0:21:50:eb: + c7:b6:d4:9e:dc:94:68:d0:0f:df:74:f1:43:2e:38: + 3c:76:ed:b1:b8:4d:88:8e:ae:e5:52:a9:9e:29:fa: + da:a6:aa:28:e2:0e:cf:c9:c7:4d:fd:cb:14:a3:aa: + d2:87:bf:e2:9f:09:86:e6:0e:77:14:c8:d8:96:b2: + 51:65:d6:bf:23:9b:da:ed:70:47:c5:7a:3e:1e:be: + 75:8b:8d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: @@ -28,26 +54,63 @@ Certificate: X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Subject Key Identifier: - AC:ED:61:9B:1A:7D:7D:27:D4:E3:B9:3D:79:9C:F1:96:10:B3:46:45 + C0:C4:1E:26:C8:53:2E:80:A5:50:44:F1:79:38:05:B4:12:CA:AA:7F Signature Algorithm: sha1WithRSAEncryption - 71:4d:fc:63:69:bb:b5:cf:0c:50:dc:de:55:ef:9b:90:07:42: - 98:3e:80:36:e4:94:aa:d5:f3:0b:56:38:12:1d:3d:e6:dc:a3: - 8b:bf:8a:f6:82:d6:25:8b:9c:88:ce:38:2a:ee:e1:2f:2e:8f: - c7:74:c6:42:5f:68:99:a5:48:e7:08:5a:bd:3c:fa:db:14:5a: - 39:cc:dc:50:c5:ba:05:97:c9:66:9e:39:d8:ce:17:a6:ec:6b: - bd:c9:c9:a8:d1:6d:dc:68:c0:79:20:6e:df:04:0a:14:37:06: - 7b:e8:54:62:60:0c:9f:d5:73:55:b7:d0:4f:cb:e0:14:75:65: - b7:d1 + b1:f4:93:82:51:8f:d2:a0:c0:a7:9a:da:d3:f6:fc:01:aa:ae: + e9:a1:05:32:62:9b:63:a2:a3:05:ea:9e:f8:b3:af:d2:50:42: + 70:6f:35:88:86:f2:f5:bb:6f:44:a7:9b:51:14:c8:e1:9e:13: + c4:e6:ab:5a:bb:40:50:c2:ae:d5:b5:64:48:ab:29:30:d6:90: + f6:6f:24:b2:e9:aa:8d:12:54:68:5f:70:bc:99:5c:cf:c5:7d: + ae:e7:d2:7c:50:c0:7f:a6:a8:ae:0f:3b:9d:1a:e4:18:b3:f8: + 90:2c:a4:cf:83:41:c8:54:82:20:df:bc:4e:6a:6e:e6:61:dd: + d1:fa:95:2e:4b:22:28:84:db:d8:47:fb:a6:d7:65:07:41:64: + 1f:16:db:39:ea:75:23:63:d5:59:df:03:cf:4f:28:2a:73:07: + da:0c:f2:3f:3a:cb:40:3b:73:92:2e:93:79:90:a0:4c:ed:bc: + aa:7a:c4:40:54:5f:39:cf:e2:81:59:98:73:ce:5e:71:2a:3a: + 1f:60:94:fd:c3:c4:7f:24:05:31:66:d2:5f:ba:62:db:5c:ec: + 40:38:79:ee:5a:6d:90:8d:f7:99:49:cc:e0:1e:8e:47:0e:50: + c4:19:c2:43:bc:87:33:c0:fd:8a:cf:af:71:35:0b:fb:14:7a: + c4:5b:01:09:86:5e:8a:ab:b9:8b:81:50:bc:a3:d9:59:53:30: + 2c:97:32:97:da:16:3b:42:78:84:31:13:9a:ad:a9:a4:9d:5c: + 5d:69:6a:eb:53:71:e8:95:11:04:d7:ef:50:c0:c2:32:55:75: + a9:db:0d:4a:5c:b4:10:91:60:88:ec:25:8c:26:52:a9:be:5b: + 71:5e:ba:e0:df:ad:ac:e0:cd:01:7b:8f:ff:c5:c6:f0:9e:e6: + e2:f6:44:31:07:3c:99:d5:8f:43:1d:c4:5e:57:58:0e:72:4b: + 76:5d:4e:14:f5:03:08:c4:d4:05:71:2b:da:71:8f:c8:ec:b2: + 1f:cd:c3:52:6e:6d:53:db:9a:40:37:77:53:71:02:1f:a5:12: + e6:32:1d:bc:0e:83:b5:03:e4:85:ba:54:b2:3c:2e:c0:70:77: + a5:86:21:fc:6e:f7:46:24:84:75:9a:0f:f5:af:fa:12:26:b9: + 65:e5:8c:89:7e:42:d3:5a:22:22:dc:96:ed:92:17:65:e4:12: + 21:9c:ae:8d:03:c3:3b:d6:bf:68:b8:ba:08:51:44:8a:77:07: + 9d:be:de:a1:0e:93:cf:17:29:e3:67:ff:9c:e5:ea:5a:0d:b0: + bc:8d:5f:f3:44:d1:f8:12:b3:53:82:09:30:13:e4:12:99:3c: + d0:73:09:85:64:95:9e:bb -----BEGIN CERTIFICATE----- -MIIB/DCCAWWgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw -OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA5MDQyNjIwMjk0MFoXDTE5 -MDQyNDIwMjk0MFowIzELMAkGA1UEBhMCU0UxFDASBgNVBAMMC1Jldm9rZSBjZXJ0 -MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmXxEwNTpf7cIGrPQUJ8Hbrnnw -tp4Kg+eCammSpoWcXeSKDmsymU0iueqmjISeYvCj8dKw70HOk87ZSUO+DafqzTe7 -uk3ude2GdIriCHcrYJEwspZXTkLRXm8N9bLWmO0/q6BkM4tSrbV6Sv1w3NiL4UcM -jY+TXJw1P8sh11xsswIDAQABozkwNzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAd -BgNVHQ4EFgQUrO1hmxp9fSfU47k9eZzxlhCzRkUwDQYJKoZIhvcNAQEFBQADgYEA -cU38Y2m7tc8MUNzeVe+bkAdCmD6ANuSUqtXzC1Y4Eh095tyji7+K9oLWJYuciM44 -Ku7hLy6Px3TGQl9omaVI5whavTz62xRaOczcUMW6BZfJZp452M4XpuxrvcnJqNFt -3GjAeSBu3wQKFDcGe+hUYmAMn9VzVbfQT8vgFHVlt9E= +MIIFATCCAumgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw +OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTE5MDUyMzE1MDUxMloXDTM4 +MDExNjE1MDUxMlowIzELMAkGA1UEBhMCU0UxFDASBgNVBAMMC1Jldm9rZSBjZXJ0 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv9CvNtB2ZeshDERIZm5D +yNQHc08vNrcb7Gqqe2Dyh5qUvLqR+BzIGgHk+9GsP6YHJiq3j3n4MepP450thEMP +7tQdXeP2FjFcv/nOPrhK43crvEHuhFIqwHqqhqUhnMWgKubYRjPFhxR2pXEtrnrm +YAw8NcuvgGy/z+sl8w++W1NZy7KbyReGLQinYB5C1YDqdLPQfDxCM1jCvzVb5nqK +nPx//MnMP35S1owzGisD3qT7BIYTqbYP0qQSHYimTaqFwv8ZEb8E4FccLgOXuIOb +DXWV1xX0MVwudjkl8/qxmsreyDnPA3LYIwoAOulm74rysPxWBD245tz0oK5zG67k +A0J58O4UURiPu9V/y1ohbbmduTyeFSQjLb/Fo2ZF9jPcBnvhaPd1LVid4XMGeaDe +aOJwX1r8Bacm1nZX+BJ7SAeTZajRBJSgQp6ojv86x6pUbcGZLSrCM2VJguffvRgQ +42nf1tcWS3KzPPuBcpfNKDUTuS4JVU1A6+AuJPXyDATkOJDbH355QpeddHqHwxja +7J6MACU2h4gFSXfCdvxodlmwH9fVgdlH+elixvUIBtAhUOvHttSe3JRo0A/fdPFD +Ljg8du2xuE2Ijq7lUqmeKfrapqoo4g7PycdN/csUo6rSh7/inwmG5g53FMjYlrJR +Zda/I5va7XBHxXo+Hr51i40CAwEAAaM5MDcwCQYDVR0TBAIwADALBgNVHQ8EBAMC +BeAwHQYDVR0OBBYEFMDEHibIUy6ApVBE8Xk4BbQSyqp/MA0GCSqGSIb3DQEBBQUA +A4ICAQCx9JOCUY/SoMCnmtrT9vwBqq7poQUyYptjoqMF6p74s6/SUEJwbzWIhvL1 +u29Ep5tRFMjhnhPE5qtau0BQwq7VtWRIqykw1pD2bySy6aqNElRoX3C8mVzPxX2u +59J8UMB/pqiuDzudGuQYs/iQLKTPg0HIVIIg37xOam7mYd3R+pUuSyIohNvYR/um +12UHQWQfFts56nUjY9VZ3wPPTygqcwfaDPI/OstAO3OSLpN5kKBM7byqesRAVF85 +z+KBWZhzzl5xKjofYJT9w8R/JAUxZtJfumLbXOxAOHnuWm2QjfeZSczgHo5HDlDE +GcJDvIczwP2Kz69xNQv7FHrEWwEJhl6Kq7mLgVC8o9lZUzAslzKX2hY7QniEMROa +ramknVxdaWrrU3HolREE1+9QwMIyVXWp2w1KXLQQkWCI7CWMJlKpvltxXrrg362s +4M0Be4//xcbwnubi9kQxBzyZ1Y9DHcReV1gOckt2XU4U9QMIxNQFcSvacY/I7LIf +zcNSbm1T25pAN3dTcQIfpRLmMh28DoO1A+SFulSyPC7AcHelhiH8bvdGJIR1mg/1 +r/oSJrll5YyJfkLTWiIi3Jbtkhdl5BIhnK6NA8M71r9ouLoIUUSKdwedvt6hDpPP +FynjZ/+c5epaDbC8jV/zRNH4ErNTggkwE+QSmTzQcwmFZJWeuw== -----END CERTIFICATE----- diff --git a/lib/hx509/data/revoke.key b/lib/hx509/data/revoke.key index 0fe2e18b2fb5..374bed15b7b2 100644 --- a/lib/hx509/data/revoke.key +++ b/lib/hx509/data/revoke.key @@ -1,16 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKZfETA1Ol/twgas -9BQnwduuefC2ngqD54JqaZKmhZxd5IoOazKZTSK56qaMhJ5i8KPx0rDvQc6TztlJ -Q74Np+rNN7u6Te517YZ0iuIIdytgkTCylldOQtFebw31staY7T+roGQzi1KttXpK -/XDc2IvhRwyNj5NcnDU/yyHXXGyzAgMBAAECgYBeDVZRM3YZrvZGAdZF4qfkAgGr -hAFaHnFtN60RG5Ri7m15YmdVhnal0AaIOt3qEDLL67RZFBjWqJaCHbnvIhcva5Gw -OLEQPsvvTBvRq5O7hTwij2f0hTGu7gOHiiW3YCPxvma1qHNOXKRDh5Gi2eG0gKgo -fUC2pqvPomNaqZERqQJBANFQXr+KQ9Hcv1cp2+FNOXg8x0sC20+Svwaxs+T4gSr2 -AaiWIJgcdYpxkNPke+IGPZ8Bip6jgRpRK1gRLhx7qw0CQQDLercoA7FiwpRMzo1j -Yvh4188uhodvuSg6Yj/meQ2zQvsjAipZ0XJgEuZZnoifxkl2A6K+tFLwSq1hy18K -C4a/AkEAnwfCRSMG7i8bDV2XWvGyhWEgRiSwfh/PlYV0WbZZZUut7OnLb+bHg11P -nT5OxWbacLHaITe3AkjDdtDuyONJDQJAN4RW3rMLPe/q+H3Os9Q4CPiQzZfk8gWp -xSwzVRWoOEXJMYcQuQrdUvs1IDSSAE3gkzNwvumCS4+EeM89MgdtDwJAN7ucdA1c -m6MiJgTVxTeva7cgw6PCF4Ph9AGRAB+m/qkg8I8W7G0tXxHVUAXfKdfeirigsrnT -LKLsQFEQrhuA5A== +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC/0K820HZl6yEM +REhmbkPI1AdzTy82txvsaqp7YPKHmpS8upH4HMgaAeT70aw/pgcmKrePefgx6k/j +nS2EQw/u1B1d4/YWMVy/+c4+uErjdyu8Qe6EUirAeqqGpSGcxaAq5thGM8WHFHal +cS2ueuZgDDw1y6+AbL/P6yXzD75bU1nLspvJF4YtCKdgHkLVgOp0s9B8PEIzWMK/ +NVvmeoqc/H/8ycw/flLWjDMaKwPepPsEhhOptg/SpBIdiKZNqoXC/xkRvwTgVxwu +A5e4g5sNdZXXFfQxXC52OSXz+rGayt7IOc8DctgjCgA66WbvivKw/FYEPbjm3PSg +rnMbruQDQnnw7hRRGI+71X/LWiFtuZ25PJ4VJCMtv8WjZkX2M9wGe+Fo93UtWJ3h +cwZ5oN5o4nBfWvwFpybWdlf4EntIB5NlqNEElKBCnqiO/zrHqlRtwZktKsIzZUmC +59+9GBDjad/W1xZLcrM8+4Fyl80oNRO5LglVTUDr4C4k9fIMBOQ4kNsffnlCl510 +eofDGNrsnowAJTaHiAVJd8J2/Gh2WbAf19WB2Uf56WLG9QgG0CFQ68e21J7clGjQ +D9908UMuODx27bG4TYiOruVSqZ4p+tqmqijiDs/Jx039yxSjqtKHv+KfCYbmDncU +yNiWslFl1r8jm9rtcEfFej4evnWLjQIDAQABAoICACTzfZ1woS5XEmG7kbrxyOsa +NWk4Ot8ufRmZHshvz6jh1X9Z7Z6/ZKjl7oe4R5dnU389wWjJVU/AVK2DbO5KwPoA +MLwSmyiBT93HsLySYhLZtTop9VnWPlggCVOw4f3CcG1zVPyJIqc4APc0C1nOYSzl +jn/Kgj+aM4VJRmFBiikrsGO2P56IgpeQUDYK/lME56Wdsi8MqLAdjD6rd825k5RU +bA91jHw6yJh+H6YN3Uv5ukWP0p/h68BnTPoVhfv2Ophq7hhmFPlmro4KsSKhb7Az +E6+Aki8kE+tAbRhIFgi8xhgKUt/WMt7lIVA4AFVrDf+cTLG6djE7JYECujf+A/xq +jC+BOn2BFzo5CNuc1+B0xZ6wLrQoKYSyAp2N7EbhNEb3xthxE940+PDAB0nfmDDl +B6LPkjsBFVe7Cd63F85uVHTMclbLC/yfiKaAolNb3pNh4UMWLhHYouLRNiVM+NLY +u06FTJPFsgUGmBPATFuV6IaHii6sMqMdArN+dU/NqMT1KTBGyZ79g6XwVSWVU2+S +oDZYRNERihwtr8vImQky17TY2rAbZKk9OK/Re67UOwnxkVSihv1Rt4CDwKkIWrh9 ++BPiC8nd/al/XjV4hN3hQeU2CVcHt23uobtPUvaL9Scf+1+e8WToLSSPeGwfD6EM +jpNBeI/V1IdiNUJnr8e9AoIBAQD/B5AThJW+avTqa2EfqhnB5KsVEKy8LWfUbH5I +PcUtiStlb+RatZb4yQXVQ1TpSSAFEXL6TZR4uHQsw1wXhRyi8CGWKxSxrxhxkw2V +RpAcuU2u9sHtmSzJHOn+sRnJPgJOijZ/EAHqc/Hi7VNdaSz6tFfFeYLYmVpeS0EU +CY/0JqHAQ5IrzGjrl2doG7myFhLA1oAYWElhtVMcE+mowgDxE4a1UOQQyrKA2p7T +9LuguPhOgvjB4t6uJ35HO2w3hvwAdsnsOb8g0qBdYlUpcATyb1Nl0252+ZWwA3gT +tVZ8iQ+bibMopyns60GbVnArfVkFn7a3hS/0ZW5Zy8aKI+G3AoIBAQDAi4qTbdVv +6BS3ePoUwsYDkC/17RGkfoFfH/jXWVhP7UNu5X/UFCM+VJwrYK3f6cpKMBtBIRPw +uHXeFCh2Mi3x/hrz3VRfY0qrgckByxhNTuXokQBec8mU4TzpPmc5XjADtVmaxnP8 +uU6cny+0s1lJ5xZM3nPvkZ9DMV+CbTbMiWIODJ+3Ak2S6FDB+wNemMpp3ppMrWNZ +5N0d+o/VSUTEGr/FmNAw0gZhsy8pdcDqoULDceqA40rL8F46kzAk58E4Gvb+rVMR +bVQcBrwSVOgY6MAtY5qLZcDLHcq9JU+tMB8AJHO1io2k4Xsz5WVBLlzTudHpgmJp +M5ELOUBwyCzbAoIBAQDrf6pVu6sjiVTcW4f2W3cpiuVIsHsx0aP9jqoWP6Qi5nXC +V87AzMq6tbbDNkfknHgK9g/8f0NJLttosoYJ2guVkrURHHshkRS7XBXA8MYHID5S +AN8XbsjidebGH/g10yMCL7MfJkL+o06MRKckrQiyAXLDke934DSIumk//YyG4l2f +U0ZZV4rTcp40jtWtU6DBndHvqScqKOy0EtdD1NJVy7grGqVftC2du0PLakUQp33z +0hGvyLXkj+eWE5NcuzNdolPX5YNO5fDcCv+lIiIPVSnn75QkHVlSjgGGAX/5w/87 +m65rLeITOzL8JJe0MS3ReaiaU0zzG+8I0Jln2raFAoIBAAGoMcUbCN8xrBv4Go7b +LkERmJgRNjmoLQzYhZe02SG29QGbUAJPOg5rQ/zLlDN9G5SP3WwuELHdpIYIvmBm +Bicy/KBkozk+7YGUWFp/mPHxX+EkflBRxsZVOeT3+INx4A/oG6FNW+os3hRS+mIf +uQD90B9ROsYxBqHZZu0Ea5hPBl0Als9IYcqF3UwOEPVbc0J9++31AAniAlUjtuEr +BEB7ynK04fXJmOx2Uk2VCdf7E0wDSvVY/2fJ5cWzRpLKu8rz0HRYoYJg4nxrQmsV +9/le52h8lvPkKEiXNQtzqr/eziV+KtDBJH7qwdisfLaW442e58OOr7IgE3t5Pqi5 +0EkCggEBAP3J+c6s88lfGnU35CzFK93IkumaYtHlrNj/87EBPMjpL38ykFCkeXXq +wtKAWI+i9Y7Y38xYvkWwNj8m44hCES7z8yc+blxlyg4UBTg6ms6/AMCF1OkkdAsl +xyacDGAm7JIj1w/B7qxWOkZOI25c0YY74kq4nBIP8lklHr0iykqc8BhwlYofEh/U +TMXAg0z+luS9Uiq4SayBeUcEkNguJu5syLtOvy+vR04fyOzHF9YFXqaRbJoCPnZg +RRx6Jo2dRdiy9yhOHzZRykuAH92M4jACE3V3wJMjlJea+YmZgaDwv5a5xT8dUw2W +waMpuNHGyfEypx5NFeO8UU95fKkcTWM= -----END PRIVATE KEY----- diff --git a/lib/hx509/data/secp256r1TestCA.cert.pem b/lib/hx509/data/secp256r1TestCA.cert.pem index 6cac58ee11ff..3522b096d187 100644 --- a/lib/hx509/data/secp256r1TestCA.cert.pem +++ b/lib/hx509/data/secp256r1TestCA.cert.pem @@ -1,12 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIBuDCCAV6gAwIBAgIBATAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G -A1UEChMHSGVpbWRhbDEVMBMGA1UEAxMMQ0Egc2VjcDI1NnIxMB4XDTE0MDMxMDE5 -NDAyM1oXDTM4MDExNzE5NDAyM1owNjELMAkGA1UEBhMCU0UxEDAOBgNVBAoTB0hl -aW1kYWwxFTATBgNVBAMTDENBIHNlY3AyNTZyMTBZMBMGByqGSM49AgEGCCqGSM49 -AwEHA0IABOUrhSvioYJaKUK9WjI5eGRAWsOB2DNslTkcgTkFsd3vD4/dGxaHBOIM -kuD9ldGK2sQArEIDKfrOHvP+oFz3jLajXTBbMB0GA1UdDgQWBBTrUd8AqGhfZvHV -spcznXeb328JgzAfBgNVHSMEGDAWgBTrUd8AqGhfZvHVspcznXeb328JgzAMBgNV -HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNIADBFAiBd6J2N4B6L -mtn0ZP/6vOyPkA7YMq2EwbVyTGlnBTwYsQIhALjsLWHQVSkt08rly48ns93DeSbM -XejBzmT8QXEdib+1 +MIIBuTCCAWCgAwIBAgIBATAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G +A1UECgwHSGVpbWRhbDEVMBMGA1UEAwwMQ0Egc2VjcDI1NnIxMCAXDTE5MDMyMjIy +MjUyNVoYDzI1MTgxMTIxMjIyNTI1WjA2MQswCQYDVQQGEwJTRTEQMA4GA1UECgwH +SGVpbWRhbDEVMBMGA1UEAwwMQ0Egc2VjcDI1NnIxMFkwEwYHKoZIzj0CAQYIKoZI +zj0DAQcDQgAE5SuFK+KhglopQr1aMjl4ZEBaw4HYM2yVORyBOQWx3e8Pj90bFocE +4gyS4P2V0YraxACsQgMp+s4e8/6gXPeMtqNdMFswHQYDVR0OBBYEFOtR3wCoaF9m +8dWylzOdd5vfbwmDMB8GA1UdIwQYMBaAFOtR3wCoaF9m8dWylzOdd5vfbwmDMAwG +A1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA0cAMEQCIF/JTbEv +iuYcuREFzWgZ/AgfLe2sRwEgSy6UcAWOYllkAiApMzA3xKjaX1/hhkDGKZnHfcTM +tRuM0FuTdO+e15ku8w== -----END CERTIFICATE----- diff --git a/lib/hx509/data/secp256r1TestCA.pem b/lib/hx509/data/secp256r1TestCA.pem index d0c7431880ae..9b1df2c9cf92 100644 --- a/lib/hx509/data/secp256r1TestCA.pem +++ b/lib/hx509/data/secp256r1TestCA.pem @@ -4,14 +4,14 @@ gHePPMwGKygIVDXTfjysn9zPiSOhRANCAATlK4Ur4qGCWilCvVoyOXhkQFrDgdgz bJU5HIE5BbHd7w+P3RsWhwTiDJLg/ZXRitrEAKxCAyn6zh7z/qBc94y2 -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIBuDCCAV6gAwIBAgIBATAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G -A1UEChMHSGVpbWRhbDEVMBMGA1UEAxMMQ0Egc2VjcDI1NnIxMB4XDTE0MDMxMDE5 -NDAyM1oXDTM4MDExNzE5NDAyM1owNjELMAkGA1UEBhMCU0UxEDAOBgNVBAoTB0hl -aW1kYWwxFTATBgNVBAMTDENBIHNlY3AyNTZyMTBZMBMGByqGSM49AgEGCCqGSM49 -AwEHA0IABOUrhSvioYJaKUK9WjI5eGRAWsOB2DNslTkcgTkFsd3vD4/dGxaHBOIM -kuD9ldGK2sQArEIDKfrOHvP+oFz3jLajXTBbMB0GA1UdDgQWBBTrUd8AqGhfZvHV -spcznXeb328JgzAfBgNVHSMEGDAWgBTrUd8AqGhfZvHVspcznXeb328JgzAMBgNV -HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNIADBFAiBd6J2N4B6L -mtn0ZP/6vOyPkA7YMq2EwbVyTGlnBTwYsQIhALjsLWHQVSkt08rly48ns93DeSbM -XejBzmT8QXEdib+1 +MIIBuTCCAWCgAwIBAgIBATAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G +A1UECgwHSGVpbWRhbDEVMBMGA1UEAwwMQ0Egc2VjcDI1NnIxMCAXDTE5MDMyMjIy +MjUyNVoYDzI1MTgxMTIxMjIyNTI1WjA2MQswCQYDVQQGEwJTRTEQMA4GA1UECgwH +SGVpbWRhbDEVMBMGA1UEAwwMQ0Egc2VjcDI1NnIxMFkwEwYHKoZIzj0CAQYIKoZI +zj0DAQcDQgAE5SuFK+KhglopQr1aMjl4ZEBaw4HYM2yVORyBOQWx3e8Pj90bFocE +4gyS4P2V0YraxACsQgMp+s4e8/6gXPeMtqNdMFswHQYDVR0OBBYEFOtR3wCoaF9m +8dWylzOdd5vfbwmDMB8GA1UdIwQYMBaAFOtR3wCoaF9m8dWylzOdd5vfbwmDMAwG +A1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA0cAMEQCIF/JTbEv +iuYcuREFzWgZ/AgfLe2sRwEgSy6UcAWOYllkAiApMzA3xKjaX1/hhkDGKZnHfcTM +tRuM0FuTdO+e15ku8w== -----END CERTIFICATE----- diff --git a/lib/hx509/data/secp256r2TestClient.cert.pem b/lib/hx509/data/secp256r2TestClient.cert.pem index f0f3a2445c55..5763c5a73e03 100644 --- a/lib/hx509/data/secp256r2TestClient.cert.pem +++ b/lib/hx509/data/secp256r2TestClient.cert.pem @@ -1,12 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIBrzCCAVWgAwIBAgIBAjAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G -A1UEChMHSGVpbWRhbDEVMBMGA1UEAxMMQ0Egc2VjcDI1NnIxMB4XDTE0MDMxMDE5 -NDAyM1oXDTM4MDExNzE5NDAyM1owMDELMAkGA1UEBhMCU0UxEDAOBgNVBAoTB0hl -aW1kYWwxDzANBgNVBAMTBkNsaWVudDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA -BO7/MCIBHf8gQLQ5ltp1uyCOCAw8uylZZ7+v/rB3oKHuAIyL6q/QjZXZH3FR5VcI -zANavN5SAfx9CFJpPk+pUISjWjBYMB0GA1UdDgQWBBSjXg4X3fs5xOQgTumjZQwF -I13RejAfBgNVHSMEGDAWgBTrUd8AqGhfZvHVspcznXeb328JgzAJBgNVHRMEAjAA -MAsGA1UdDwQEAwIEsDAKBggqhkjOPQQDAgNIADBFAiAa9d6aCxlioep3ViYqujWv -A28/16yXOrmLY1a2wcj3awIhAMeVjMiUTP/U4yXfb3uJjJmq8hfyNZ/CAiTQKORx -JjIt +MIIBsDCCAVegAwIBAgIBAjAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G +A1UECgwHSGVpbWRhbDEVMBMGA1UEAwwMQ0Egc2VjcDI1NnIxMCAXDTE5MDMyMjIy +MjUyNVoYDzI1MTgxMTIxMjIyNTI1WjAwMQswCQYDVQQGEwJTRTEQMA4GA1UECgwH +SGVpbWRhbDEPMA0GA1UEAwwGQ2xpZW50MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD +QgAE7v8wIgEd/yBAtDmW2nW7II4IDDy7KVlnv6/+sHegoe4AjIvqr9CNldkfcVHl +VwjMA1q83lIB/H0IUmk+T6lQhKNaMFgwHQYDVR0OBBYEFKNeDhfd+znE5CBO6aNl +DAUjXdF6MB8GA1UdIwQYMBaAFOtR3wCoaF9m8dWylzOdd5vfbwmDMAkGA1UdEwQC +MAAwCwYDVR0PBAQDAgSwMAoGCCqGSM49BAMCA0cAMEQCIBVFIAeFxXeB4LURDxv/ +YnGzJJK0b+pjK5hVEPYww8dzAiAmHrccM21Ga7S+/yFWIvMe3BKtAl0O62TTI2Fg +CHiIWQ== -----END CERTIFICATE----- diff --git a/lib/hx509/data/secp256r2TestClient.pem b/lib/hx509/data/secp256r2TestClient.pem index acf11b0413ff..9f49adc3e48b 100644 --- a/lib/hx509/data/secp256r2TestClient.pem +++ b/lib/hx509/data/secp256r2TestClient.pem @@ -1,14 +1,14 @@ -----BEGIN CERTIFICATE----- -MIIBrzCCAVWgAwIBAgIBAjAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G -A1UEChMHSGVpbWRhbDEVMBMGA1UEAxMMQ0Egc2VjcDI1NnIxMB4XDTE0MDMxMDE5 -NDAyM1oXDTM4MDExNzE5NDAyM1owMDELMAkGA1UEBhMCU0UxEDAOBgNVBAoTB0hl -aW1kYWwxDzANBgNVBAMTBkNsaWVudDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA -BO7/MCIBHf8gQLQ5ltp1uyCOCAw8uylZZ7+v/rB3oKHuAIyL6q/QjZXZH3FR5VcI -zANavN5SAfx9CFJpPk+pUISjWjBYMB0GA1UdDgQWBBSjXg4X3fs5xOQgTumjZQwF -I13RejAfBgNVHSMEGDAWgBTrUd8AqGhfZvHVspcznXeb328JgzAJBgNVHRMEAjAA -MAsGA1UdDwQEAwIEsDAKBggqhkjOPQQDAgNIADBFAiAa9d6aCxlioep3ViYqujWv -A28/16yXOrmLY1a2wcj3awIhAMeVjMiUTP/U4yXfb3uJjJmq8hfyNZ/CAiTQKORx -JjIt +MIIBsDCCAVegAwIBAgIBAjAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G +A1UECgwHSGVpbWRhbDEVMBMGA1UEAwwMQ0Egc2VjcDI1NnIxMCAXDTE5MDMyMjIy +MjUyNVoYDzI1MTgxMTIxMjIyNTI1WjAwMQswCQYDVQQGEwJTRTEQMA4GA1UECgwH +SGVpbWRhbDEPMA0GA1UEAwwGQ2xpZW50MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD +QgAE7v8wIgEd/yBAtDmW2nW7II4IDDy7KVlnv6/+sHegoe4AjIvqr9CNldkfcVHl +VwjMA1q83lIB/H0IUmk+T6lQhKNaMFgwHQYDVR0OBBYEFKNeDhfd+znE5CBO6aNl +DAUjXdF6MB8GA1UdIwQYMBaAFOtR3wCoaF9m8dWylzOdd5vfbwmDMAkGA1UdEwQC +MAAwCwYDVR0PBAQDAgSwMAoGCCqGSM49BAMCA0cAMEQCIBVFIAeFxXeB4LURDxv/ +YnGzJJK0b+pjK5hVEPYww8dzAiAmHrccM21Ga7S+/yFWIvMe3BKtAl0O62TTI2Fg +CHiIWQ== -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg6oD5CbNzN7oAWqcq diff --git a/lib/hx509/data/secp256r2TestServer.cert.pem b/lib/hx509/data/secp256r2TestServer.cert.pem index 91acde8f60e5..71935b8822b8 100644 --- a/lib/hx509/data/secp256r2TestServer.cert.pem +++ b/lib/hx509/data/secp256r2TestServer.cert.pem @@ -1,12 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIBsDCCAVWgAwIBAgIBAjAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G -A1UEChMHSGVpbWRhbDEVMBMGA1UEAxMMQ0Egc2VjcDI1NnIxMB4XDTE0MDMxMDE5 -NDAyM1oXDTM4MDExNzE5NDAyM1owMDELMAkGA1UEBhMCU0UxEDAOBgNVBAoTB0hl -aW1kYWwxDzANBgNVBAMTBlNlcnZlcjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA -BItZgn1C8ZBvKkkNoEofWL0JLCTaHT2lJj7d9jRtSKiR2PlOtd5HhteDqP78K4eg -lRMk5nqsmEooalfbNsFBy8SjWjBYMB0GA1UdDgQWBBTqMDTOezcRsax6lf6E/Xk+ -QzPorjAfBgNVHSMEGDAWgBTrUd8AqGhfZvHVspcznXeb328JgzAJBgNVHRMEAjAA -MAsGA1UdDwQEAwIEsDAKBggqhkjOPQQDAgNJADBGAiEAsvf//YdUWCD6OLZesENa -1mH8+b+kZDR6jx1JchRXAEQCIQDkTvTZrlmmxUaWEsf08/4xbxkYbrPAg4+VX2uI -QcEwUA== +MIIBsDCCAVegAwIBAgIBAjAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G +A1UECgwHSGVpbWRhbDEVMBMGA1UEAwwMQ0Egc2VjcDI1NnIxMCAXDTE5MDMyMjIy +MjUyNVoYDzI1MTgxMTIxMjIyNTI1WjAwMQswCQYDVQQGEwJTRTEQMA4GA1UECgwH +SGVpbWRhbDEPMA0GA1UEAwwGU2VydmVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD +QgAEi1mCfULxkG8qSQ2gSh9YvQksJNodPaUmPt32NG1IqJHY+U613keG14Oo/vwr +h6CVEyTmeqyYSihqV9s2wUHLxKNaMFgwHQYDVR0OBBYEFOowNM57NxGxrHqV/oT9 +eT5DM+iuMB8GA1UdIwQYMBaAFOtR3wCoaF9m8dWylzOdd5vfbwmDMAkGA1UdEwQC +MAAwCwYDVR0PBAQDAgSwMAoGCCqGSM49BAMCA0cAMEQCIB2nDbiSg6jTeoSWfCvG +23Pn4xxbes8Nb+/8+1lDjLWPAiA+KB8wJhUA4hO/Axfu85wKjddpbGtJR0JlxtEe +whF52Q== -----END CERTIFICATE----- diff --git a/lib/hx509/data/secp256r2TestServer.pem b/lib/hx509/data/secp256r2TestServer.pem index 0e9edd782bcf..31a354d151b4 100644 --- a/lib/hx509/data/secp256r2TestServer.pem +++ b/lib/hx509/data/secp256r2TestServer.pem @@ -1,14 +1,14 @@ -----BEGIN CERTIFICATE----- -MIIBsDCCAVWgAwIBAgIBAjAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G -A1UEChMHSGVpbWRhbDEVMBMGA1UEAxMMQ0Egc2VjcDI1NnIxMB4XDTE0MDMxMDE5 -NDAyM1oXDTM4MDExNzE5NDAyM1owMDELMAkGA1UEBhMCU0UxEDAOBgNVBAoTB0hl -aW1kYWwxDzANBgNVBAMTBlNlcnZlcjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA -BItZgn1C8ZBvKkkNoEofWL0JLCTaHT2lJj7d9jRtSKiR2PlOtd5HhteDqP78K4eg -lRMk5nqsmEooalfbNsFBy8SjWjBYMB0GA1UdDgQWBBTqMDTOezcRsax6lf6E/Xk+ -QzPorjAfBgNVHSMEGDAWgBTrUd8AqGhfZvHVspcznXeb328JgzAJBgNVHRMEAjAA -MAsGA1UdDwQEAwIEsDAKBggqhkjOPQQDAgNJADBGAiEAsvf//YdUWCD6OLZesENa -1mH8+b+kZDR6jx1JchRXAEQCIQDkTvTZrlmmxUaWEsf08/4xbxkYbrPAg4+VX2uI -QcEwUA== +MIIBsDCCAVegAwIBAgIBAjAKBggqhkjOPQQDAjA2MQswCQYDVQQGEwJTRTEQMA4G +A1UECgwHSGVpbWRhbDEVMBMGA1UEAwwMQ0Egc2VjcDI1NnIxMCAXDTE5MDMyMjIy +MjUyNVoYDzI1MTgxMTIxMjIyNTI1WjAwMQswCQYDVQQGEwJTRTEQMA4GA1UECgwH +SGVpbWRhbDEPMA0GA1UEAwwGU2VydmVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD +QgAEi1mCfULxkG8qSQ2gSh9YvQksJNodPaUmPt32NG1IqJHY+U613keG14Oo/vwr +h6CVEyTmeqyYSihqV9s2wUHLxKNaMFgwHQYDVR0OBBYEFOowNM57NxGxrHqV/oT9 +eT5DM+iuMB8GA1UdIwQYMBaAFOtR3wCoaF9m8dWylzOdd5vfbwmDMAkGA1UdEwQC +MAAwCwYDVR0PBAQDAgSwMAoGCCqGSM49BAMCA0cAMEQCIB2nDbiSg6jTeoSWfCvG +23Pn4xxbes8Nb+/8+1lDjLWPAiA+KB8wJhUA4hO/Axfu85wKjddpbGtJR0JlxtEe +whF52Q== -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgKo/47DaveCl90GxH diff --git a/lib/hx509/data/sub-ca.crt b/lib/hx509/data/sub-ca.crt index c63f59d3df47..befbd28d8d65 100644 --- a/lib/hx509/data/sub-ca.crt +++ b/lib/hx509/data/sub-ca.crt @@ -2,59 +2,122 @@ Certificate: Data: Version: 3 (0x2) Serial Number: 10 (0xa) - Signature Algorithm: sha1WithRSAEncryption + Signature Algorithm: sha1WithRSAEncryption Issuer: CN=hx509 Test Root CA, C=SE Validity - Not Before: Apr 26 20:29:41 2009 GMT - Not After : Apr 24 20:29:41 2019 GMT + Not Before: May 23 15:05:18 2019 GMT + Not After : Jan 16 15:05:18 2038 GMT Subject: C=SE, CN=Sub CA Subject Public Key Info: Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) + Public-Key: (4096 bit) Modulus: - 00:bd:3d:63:78:3e:31:85:d9:1d:b7:f8:04:02:58: - 53:12:de:1a:c6:95:9b:51:29:7b:c7:62:76:b9:a6: - 63:56:3d:47:c8:2f:bb:6b:9b:7d:d8:f1:a9:3c:0b: - 61:66:fd:d1:e7:d7:6d:74:a0:30:9c:a0:7d:80:41: - 04:1a:86:61:b4:12:79:9d:9d:b0:3b:fb:0a:4c:69: - 8f:06:33:07:85:0e:73:cd:01:fa:96:f9:6b:20:18: - d8:b1:06:03:21:b3:71:7a:ed:43:fd:29:d5:23:fa: - cc:cf:43:fc:83:4a:cb:8b:e6:98:db:b3:49:f1:ba: - 2a:97:72:b7:44:83:d6:e7:5f + 00:ea:9c:d3:ba:0e:de:f9:c6:3c:2e:ef:7e:91:40: + 8e:58:04:16:4f:ff:81:61:0c:fd:b4:d2:86:3c:8a: + 6a:f9:33:63:0b:8e:2b:ac:9c:5c:00:28:16:fe:32: + bc:75:55:00:d2:91:0c:92:c9:0a:2d:c7:e2:f4:dd: + 14:fe:20:d8:45:79:d1:a0:1e:5d:91:a5:d2:00:17: + a4:bd:44:35:9c:f4:5f:63:dc:b9:19:a5:66:73:b1: + 16:ae:e7:d5:59:bd:d3:85:b1:b7:ae:3e:a8:a8:9e: + 0d:d9:cd:f5:38:30:d3:56:d9:44:08:11:23:ca:bb: + 5e:96:fd:8d:e8:77:7e:c4:8e:58:a8:02:6d:20:77: + 9a:9d:4b:bd:6a:6e:c0:a4:77:d2:37:cb:b5:c4:4a: + 87:03:a9:aa:a8:22:4b:e9:13:f2:22:64:44:0c:b4: + 2b:60:56:9b:c7:76:1e:7d:ba:06:15:9a:ad:ae:36: + 9a:9d:f0:df:83:e5:64:4b:18:53:b1:1d:ed:bc:70: + 08:48:45:7e:c6:ab:ad:d9:bc:79:03:3d:af:e8:f6: + cd:4e:04:27:ce:8c:d7:09:d9:50:87:f7:76:37:eb: + a3:3b:96:46:b6:05:85:3c:f2:0a:23:3c:d2:8e:0e: + 86:08:19:6f:8f:56:2f:bd:90:80:98:a9:8a:c4:9a: + 71:9d:25:08:9b:d0:14:23:d4:99:ac:f9:68:44:fd: + 01:bd:e4:b0:1f:87:f2:0c:16:88:31:01:5e:af:df: + 81:c0:29:d1:05:c8:37:6f:4c:b6:81:b3:d0:f1:f5: + d9:1c:cf:e6:95:40:41:ec:2f:b9:39:d2:1b:48:c9: + 03:ca:0a:9f:4b:41:74:ff:31:bd:40:d5:46:cc:c9: + 84:94:e9:aa:d3:ae:df:fc:07:0e:4b:6c:68:07:70: + 92:aa:ff:9a:21:c0:67:aa:e8:72:7b:db:97:f4:d0: + fb:e9:6d:4c:48:19:55:fb:c4:f3:fa:78:c6:94:2f: + fd:88:b1:c7:58:fd:03:2a:28:51:5e:8e:2d:95:fa: + 46:57:b9:6c:93:b5:8a:44:21:82:1d:d2:c7:0b:88: + 24:2d:e0:45:0d:8f:3a:23:c4:1f:e2:2d:00:a4:71: + a7:01:c7:17:b8:03:29:fc:2e:92:9b:dd:75:cc:1e: + 0e:01:72:71:a7:80:9f:7b:e1:eb:35:42:1f:0c:1d: + ae:69:2c:ee:70:65:19:4c:5b:d7:07:27:c8:2c:ce: + cc:d1:67:39:de:88:0a:e1:21:c9:ad:50:f2:88:79: + 15:6d:7a:46:23:4a:93:bd:72:b5:3c:a4:d2:91:27: + ab:d2:f0:f7:5f:17:8c:7e:01:33:6e:2e:3e:8f:48: + 18:06:ef Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: - 9B:B5:FE:90:D3:72:49:B1:98:9A:67:76:A3:C9:22:15:F1:5A:AE:11 + 4D:9F:B8:92:F4:98:3B:7E:1F:EA:AE:A3:3C:DF:CF:E7:56:4E:F6:25 X509v3 Authority Key Identifier: - keyid:6E:48:13:DC:BF:8B:95:4C:13:F3:1F:97:30:DD:27:96:59:9B:0E:68 + keyid:FD:C6:56:72:BC:EA:82:19:48:00:B0:A3:8B:F7:79:3F:F7:26:FC:23 DirName:/CN=hx509 Test Root CA/C=SE - serial:99:32:DE:61:0E:40:19:8A + serial:99:65:F9:34:C3:90:C1:72 X509v3 Basic Constraints: CA:TRUE X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment, Certificate Sign, CRL Sign Signature Algorithm: sha1WithRSAEncryption - 25:cb:bf:77:d2:16:0f:a5:ac:4e:42:17:e1:81:03:36:1e:dc: - 33:1a:49:ba:1f:40:5b:5b:80:9c:20:b7:13:3b:f4:4f:79:c1: - b4:6e:14:d5:fd:84:59:58:d5:db:a6:6d:5b:6f:e6:d0:58:d6: - 8e:41:2c:ef:e9:c8:b7:ca:6f:cb:11:6e:13:45:f7:73:6e:91: - 71:22:14:18:b9:b4:ad:3b:c4:e9:6f:99:6d:59:59:52:6f:c8: - 65:67:f1:e4:d9:6f:0b:a3:3c:9f:ac:01:b7:1a:9b:97:74:92: - 7b:ea:05:a0:5d:09:77:fb:79:17:c2:35:2f:f9:09:fc:10:b3: - e0:3e + 8f:4e:97:f7:a7:87:17:27:af:2f:30:23:97:2e:09:35:03:01: + 9c:13:38:12:85:49:10:ce:69:c4:74:69:67:6d:61:3a:bb:c5: + 5a:e7:55:da:f0:a3:06:be:ff:55:eb:89:a2:65:2e:35:ca:24: + 49:0a:fa:01:3a:c8:50:af:94:ee:cd:e9:67:2a:1b:1b:a3:40: + 1e:e4:4a:7a:31:93:1c:e6:77:9e:a3:41:19:66:64:dd:f3:73: + 34:d7:28:38:3f:f5:94:2d:58:3f:bd:24:cd:5b:ed:77:81:53: + 31:45:67:e4:d7:85:ce:d2:10:f1:b7:0f:03:22:3c:c1:be:aa: + 8a:d1:92:b6:03:e5:92:a3:4c:d3:76:ee:8a:83:01:c8:a0:0a: + 53:3a:c6:a4:36:8d:51:35:a5:07:dc:8c:35:c9:03:fa:1d:ec: + 49:05:f0:b0:0e:fe:24:f5:4e:db:be:f3:00:b0:35:57:d6:31: + 02:c2:e1:6f:3a:2c:2c:42:f9:87:5b:c3:72:f7:46:6a:1f:0e: + 16:50:ee:a6:00:42:30:ad:05:07:d4:8e:0a:0d:c6:23:b3:d7: + 9b:01:57:12:7b:7d:1b:5d:60:b7:fe:78:4f:91:1b:76:df:a6: + a7:f5:61:76:3b:1c:6f:7c:c7:57:7f:bf:c7:ac:23:c5:c5:cf: + 6b:5e:83:1c:4c:7e:83:2d:f6:db:51:85:7c:d3:6b:dc:f6:f7: + 53:1f:26:3a:8d:91:f1:6a:43:cb:57:1a:24:71:94:48:74:72: + a1:58:ea:f8:0d:3e:71:5b:35:2f:30:b4:3a:2c:6e:b4:51:27: + 7e:66:e5:f8:cc:2b:88:bc:98:cf:24:6b:5f:46:31:3e:ce:58: + d4:26:01:87:c8:1b:d9:10:a1:76:3a:f1:8b:16:2f:3f:54:b0: + 95:ff:c0:4f:3a:67:2d:28:6e:2c:fb:81:87:92:c8:8c:13:45: + 3e:d0:ec:12:b8:52:0e:71:dc:dc:50:1f:57:44:1d:6f:80:bd: + 50:db:26:3e:63:27:53:9f:99:46:39:04:2b:66:a7:f9:f3:f3: + 99:c6:33:4a:44:0b:90:ea:5d:17:1c:41:1e:44:db:73:c5:68: + d1:e4:04:01:99:49:59:23:0d:2b:06:5a:fc:db:56:90:67:6d: + 28:b8:66:6c:56:70:12:ae:36:dd:f0:b9:6d:f1:c9:5c:77:0f: + 30:d9:46:e1:57:e5:d3:92:92:c1:74:40:99:24:00:ff:57:59: + 2d:48:e5:1f:97:34:8b:7f:26:3e:24:9e:a6:96:14:16:d7:be: + 94:1a:55:37:5a:d2:94:1f:df:9d:f2:8a:88:5d:e2:8b:c4:59: + 60:06:44:52:a9:73:29:ed -----BEGIN CERTIFICATE----- -MIICWDCCAcGgAwIBAgIBCjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw -OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA5MDQyNjIwMjk0MVoXDTE5 -MDQyNDIwMjk0MVowHjELMAkGA1UEBhMCU0UxDzANBgNVBAMMBlN1YiBDQTCBnzAN -BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvT1jeD4xhdkdt/gEAlhTEt4axpWbUSl7 -x2J2uaZjVj1HyC+7a5t92PGpPAthZv3R59dtdKAwnKB9gEEEGoZhtBJ5nZ2wO/sK -TGmPBjMHhQ5zzQH6lvlrIBjYsQYDIbNxeu1D/SnVI/rMz0P8g0rLi+aY27NJ8boq -l3K3RIPW518CAwEAAaOBmTCBljAdBgNVHQ4EFgQUm7X+kNNySbGYmmd2o8kiFfFa -rhEwWgYDVR0jBFMwUYAUbkgT3L+LlUwT8x+XMN0nllmbDmihLqQsMCoxGzAZBgNV -BAMMEmh4NTA5IFRlc3QgUm9vdCBDQTELMAkGA1UEBhMCU0WCCQCZMt5hDkAZijAM -BgNVHRMEBTADAQH/MAsGA1UdDwQEAwIB5jANBgkqhkiG9w0BAQUFAAOBgQAly793 -0hYPpaxOQhfhgQM2HtwzGkm6H0BbW4CcILcTO/RPecG0bhTV/YRZWNXbpm1bb+bQ -WNaOQSzv6ci3ym/LEW4TRfdzbpFxIhQYubStO8Tpb5ltWVlSb8hlZ/Hk2W8Lozyf -rAG3GpuXdJJ76gWgXQl3+3kXwjUv+Qn8ELPgPg== +MIIFXTCCA0WgAwIBAgIBCjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw +OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTE5MDUyMzE1MDUxOFoXDTM4 +MDExNjE1MDUxOFowHjELMAkGA1UEBhMCU0UxDzANBgNVBAMMBlN1YiBDQTCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOqc07oO3vnGPC7vfpFAjlgEFk// +gWEM/bTShjyKavkzYwuOK6ycXAAoFv4yvHVVANKRDJLJCi3H4vTdFP4g2EV50aAe +XZGl0gAXpL1ENZz0X2PcuRmlZnOxFq7n1Vm904Wxt64+qKieDdnN9Tgw01bZRAgR +I8q7Xpb9jeh3fsSOWKgCbSB3mp1LvWpuwKR30jfLtcRKhwOpqqgiS+kT8iJkRAy0 +K2BWm8d2Hn26BhWara42mp3w34PlZEsYU7Ed7bxwCEhFfsarrdm8eQM9r+j2zU4E +J86M1wnZUIf3djfrozuWRrYFhTzyCiM80o4OhggZb49WL72QgJipisSacZ0lCJvQ +FCPUmaz5aET9Ab3ksB+H8gwWiDEBXq/fgcAp0QXIN29MtoGz0PH12RzP5pVAQewv +uTnSG0jJA8oKn0tBdP8xvUDVRszJhJTpqtOu3/wHDktsaAdwkqr/miHAZ6rocnvb +l/TQ++ltTEgZVfvE8/p4xpQv/Yixx1j9AyooUV6OLZX6Rle5bJO1ikQhgh3SxwuI +JC3gRQ2POiPEH+ItAKRxpwHHF7gDKfwukpvddcweDgFycaeAn3vh6zVCHwwdrmks +7nBlGUxb1wcnyCzOzNFnOd6ICuEhya1Q8oh5FW16RiNKk71ytTyk0pEnq9Lw918X +jH4BM24uPo9IGAbvAgMBAAGjgZkwgZYwHQYDVR0OBBYEFE2fuJL0mDt+H+quozzf +z+dWTvYlMFoGA1UdIwRTMFGAFP3GVnK86oIZSACwo4v3eT/3JvwjoS6kLDAqMRsw +GQYDVQQDDBJoeDUwOSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFggkAmWX5NMOQ +wXIwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAeYwDQYJKoZIhvcNAQEFBQADggIB +AI9Ol/enhxcnry8wI5cuCTUDAZwTOBKFSRDOacR0aWdtYTq7xVrnVdrwowa+/1Xr +iaJlLjXKJEkK+gE6yFCvlO7N6WcqGxujQB7kSnoxkxzmd56jQRlmZN3zczTXKDg/ +9ZQtWD+9JM1b7XeBUzFFZ+TXhc7SEPG3DwMiPMG+qorRkrYD5ZKjTNN27oqDAcig +ClM6xqQ2jVE1pQfcjDXJA/od7EkF8LAO/iT1Ttu+8wCwNVfWMQLC4W86LCxC+Ydb +w3L3RmofDhZQ7qYAQjCtBQfUjgoNxiOz15sBVxJ7fRtdYLf+eE+RG3bfpqf1YXY7 +HG98x1d/v8esI8XFz2tegxxMfoMt9ttRhXzTa9z291MfJjqNkfFqQ8tXGiRxlEh0 +cqFY6vgNPnFbNS8wtDosbrRRJ35m5fjMK4i8mM8ka19GMT7OWNQmAYfIG9kQoXY6 +8YsWLz9UsJX/wE86Zy0obiz7gYeSyIwTRT7Q7BK4Ug5x3NxQH1dEHW+AvVDbJj5j +J1OfmUY5BCtmp/nz85nGM0pEC5DqXRccQR5E23PFaNHkBAGZSVkjDSsGWvzbVpBn +bSi4ZmxWcBKuNt3wuW3xyVx3DzDZRuFX5dOSksF0QJkkAP9XWS1I5R+XNIt/Jj4k +nqaWFBbXvpQaVTda0pQf353yiohd4ovEWWAGRFKpcynt -----END CERTIFICATE----- diff --git a/lib/hx509/data/sub-ca.key b/lib/hx509/data/sub-ca.key index 19415e8669e6..13570b1e2acf 100644 --- a/lib/hx509/data/sub-ca.key +++ b/lib/hx509/data/sub-ca.key @@ -1,16 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAL09Y3g+MYXZHbf4 -BAJYUxLeGsaVm1Epe8didrmmY1Y9R8gvu2ubfdjxqTwLYWb90efXbXSgMJygfYBB -BBqGYbQSeZ2dsDv7CkxpjwYzB4UOc80B+pb5ayAY2LEGAyGzcXrtQ/0p1SP6zM9D -/INKy4vmmNuzSfG6Kpdyt0SD1udfAgMBAAECgYEAi8GahGLqD/+YgxUXYOP59iUx -gRdb7UTFtSpypAjNtBLtwFoAACiFeIKAiWeeN4GcU6w1mbv0Krgb92wMq8oyvJIG -mD+jyzdYSj1C00nQ3WF9b77nasAGP6IzhP82H+c6HjIJOo04MrM0s7lW3ETJbqyq -CDpgqufEkXSKO4f1eAECQQD8RB3zRZw0+AMy+v8RBSvHGOyH8WPwheDKST9ycr/c -fizcSjjUVaJOH107/SH/GKn+wrDx4vSJXnQqnFLTRYufAkEAwAp0CeXerZhpxAHf -SnB/GFRE8xnR7U0sIuAkCupYtr0dQZj4bkeRWuM7dNujKM1EomU/S/ngHlns/KPJ -kH0MQQJABtkGgxsJoXp2A8VCdUDRrmbjzNDlqJrJvlP8r+ujf6XBK/2ryz/D1yEM -09sMODOAMdUxHm/NuYjh2GJD8U46+wJAN4OOEcJqgaI6iNfFtZ4Zj23k1KWVItUZ -OiezI5ik9oZqq6jNwAteQHjJmjlXzBayjYNZLdxY5k02jb3HKcaMQQJAdelGxbOu -NRR3NdcwRUdRBlqTCVAx1qXlDmYvvUNRsEAr17t9ij7bwfxTrFmIEdCoqTlY5K+Z -mg1qwSeTGe3x4Q== +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDqnNO6Dt75xjwu +736RQI5YBBZP/4FhDP200oY8imr5M2MLjiusnFwAKBb+Mrx1VQDSkQySyQotx+L0 +3RT+INhFedGgHl2RpdIAF6S9RDWc9F9j3LkZpWZzsRau59VZvdOFsbeuPqiong3Z +zfU4MNNW2UQIESPKu16W/Y3od37EjlioAm0gd5qdS71qbsCkd9I3y7XESocDqaqo +IkvpE/IiZEQMtCtgVpvHdh59ugYVmq2uNpqd8N+D5WRLGFOxHe28cAhIRX7Gq63Z +vHkDPa/o9s1OBCfOjNcJ2VCH93Y366M7lka2BYU88gojPNKODoYIGW+PVi+9kICY +qYrEmnGdJQib0BQj1Jms+WhE/QG95LAfh/IMFogxAV6v34HAKdEFyDdvTLaBs9Dx +9dkcz+aVQEHsL7k50htIyQPKCp9LQXT/Mb1A1UbMyYSU6arTrt/8Bw5LbGgHcJKq +/5ohwGeq6HJ725f00PvpbUxIGVX7xPP6eMaUL/2IscdY/QMqKFFeji2V+kZXuWyT +tYpEIYId0scLiCQt4EUNjzojxB/iLQCkcacBxxe4Ayn8LpKb3XXMHg4BcnGngJ97 +4es1Qh8MHa5pLO5wZRlMW9cHJ8gszszRZzneiArhIcmtUPKIeRVtekYjSpO9crU8 +pNKRJ6vS8PdfF4x+ATNuLj6PSBgG7wIDAQABAoICAEljDQeiJzVSQPkdiSW+X8hA +XwpfDgVhnuq0/7BoS9XvsQeoTRkNP+n8oFSbYkABeuRi4t/3auuvHtshXLOxanUx +CdVgKjyo9et5edqKP4r9FemS3YOcLVP7DPFhK2eK7WNgl+g1SWSVLBf5SL9u5mzA +QXuUgPGlco0gewdAebLaI/lJ6QDC6OZTDskAI9pOcL9rRUxFU75dkDhPohciWhdP +7clbgkX8UXYvCJKjYcvYOoPIKM1Gz2PemWS0E1nP1tGe6bhRpLpYcWUug1v0K9Zf +fRDuU9VUUN+PzpT5X01WtBSriSrexzKtM2aaW/J7sIlQC4l2mDBfxxn5zqJ4/Rhl +aOJ6MDrBaA0IiVSJaYtSXS13G6MS3H3zLm7z5ZeTIa5ysqlg0Sb44xVDDhGshb3k +/seBYviwHfZY8d2b2pp5FVUbwC3gL7wqr4oUN1iE3q8xdDxqRZfqqhvyBWuTOPvS +TqRjcx+eK+Y4xSdlldgsj/gIiRiWe6MOYwoC0mBOXOqO5hBOKPGWX26FmqUirmJt +3MCThLYcDTexLYiu+mpOl69YaoGCyXoWtiQpzdaJ/oPCmqLbMyL0O4t6eecK80d6 +mYSHBhqqXzNm03SMI2PyeuGadAjmJUY5GmT2V1+6JKWcVT/luMluEyfqjbZLxU7u +s8QGchKj1btBN21iQ7RBAoIBAQD5ghu4Jm9X9V+Z4RKrSDIrcep/gkm3LoTQ7jrm +tcZ0gOf0TLkCNEIMcCHGNj5V1seCbmsk7ysVVw0Ew1UeVBv5JlNroixV2/rF+G62 +MPT0o9BuboFfusM9G1fZP7IoTE2WL/6LXejRyxqxpdXLkT8+a/+52xpcmZzgLAJo +rd2+4ODywc2a2K97rBYFq+I7XajHs0NI/EMAAVUUmuY3ekyo3+YDPA9ys6sRJnAu +hhSvXPgeOep0UeDCXJFb3o+lXXnrEp6TUUPwxsmz88BNGrI3T7N5LT/6mV8Wm2i5 +gI0+KSVY2j/2aZmNk04xqVf9sYm+4OJyPqKbOPaJ9i7jzrx5AoIBAQDwt4EBESia +YLARxkWEJkfKhRcPBC/iYLSikrJh/LwCbAT/T4M/VotBJv4qGZgQLCVSX2lDZy2e +XPQZqmvcQbcA+rm/JX/jZkU4mW08GY4NtqZf4wAQv2vb7SCML86+QzzP2zTobyga +a4uXF/vJCFkxQz05fGuYS5NhPYZcCIjLLb6Lx02jy8S40am7JKErrjVzyQZVKxgS +hhvm5qW9wpbzvnczGkBWWf/bFVfzotO1Ghrdu1iBeJAN88wHNL0g8rFYAnO6ZigA +tj2l2qSeIzZ8IU43Tqm24DH9/GQNOdw90ML/kZkp/0rr0ZXD3KMxICpGlYdbjMgx +eZrFRFkT5rSnAoIBADMCDFSrVtvuh+rXfo+RpOAI293RbuyKEBD+gwAjbTzoFYN2 +I+R1doNAcUcqU7gMvqDFnhXg5zfnofu1SzN2EnnvAeLhNpse67eJQGjyvUE+NCA/ +ayd88OkPK/h38x4V606m5Szst+ob0Ys70edZ/EnwnkkKp+sCZHXXyW5JDSo2owY9 +5KChZ86qsZ3bM9bbIOQim8DSAYiAvToHKMVytTVZAJbssmPKo1BQQWLhel0XbooP +YQUCsCZL8lOLvmYaJBCQr+aCGJeirB2j2U5qBMEWBCTjwU6kCDKA9vnlc/qfQslV +ZPolQIUW9kdkzV5J61UgeGrOr0N4c75km9VqsFECggEBAJvNCfBY3MDe59b5T7Ey +3bCU59HOUffhw8idzlthq4adx7ZADqEGMOegh01Ud3mwOQ/RtV3tADfJzix2g41x +8zLtFSBE8zuJzC/QDkWh/LGfkJvrXvV4ECWumyxhHR1Eg629Icd3eqtvBFBtM4hw +oNojvRLiFvnhoKiFm9shovhuyS/LddMYZmGBQqxgDvkormwcpr6lP9Vte829Z3Uk +53MnyhsHWLELW3C/pceJkiFbnhv50FUsZYDCVUIsvmT+8A4YuDLjP+0GB2y70WSR +QgihvfBKN8qn3XOY0mFFG+nenvevk0T9ec6cPqUgv3dibDp3Ob7lpgVvwd8AV+9r +mW0CggEAW2N9dnmQ9Wz4l3WNGJsiEOdOgYXgFv4IqmPbUFBvVsr7EjpJ4QiEwwwK +rAY+RZW0kFrxK0a1IeMG9WYNWwPfnmA+5jarOnVQDctcWzPWTKQMkMm6r9HTK29b +BS5TNMyr0Tw58zhG65Y2fvqyHnnd+DeOLzAuRBNPiNDolwEHz/3NkygCYZ/vTWv5 +KzIdRRamjt2G3EAcQkmQB338Z16liqBbiAkVNfP6TaJ/f/T4McVXML1poG2Hna/k +cdhyTVWVjzTR/awu/w27dUG5DbkaACmAmIrvKVcQOLdnCxYsuAwSgyVC5obTkMv8 +FAyxqmq2U5lLkxSX9M7dtz1OfJnbxA== -----END PRIVATE KEY----- diff --git a/lib/hx509/data/sub-cert.crt b/lib/hx509/data/sub-cert.crt index 236e4d094265..3186c83946e6 100644 --- a/lib/hx509/data/sub-cert.crt +++ b/lib/hx509/data/sub-cert.crt @@ -2,25 +2,51 @@ Certificate: Data: Version: 3 (0x2) Serial Number: 11 (0xb) - Signature Algorithm: sha1WithRSAEncryption + Signature Algorithm: sha1WithRSAEncryption Issuer: C=SE, CN=Sub CA Validity - Not Before: Apr 26 20:29:41 2009 GMT - Not After : Apr 24 20:29:41 2019 GMT + Not Before: May 23 15:05:20 2019 GMT + Not After : Jan 16 15:05:20 2038 GMT Subject: C=SE, CN=Test sub cert Subject Public Key Info: Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) + Public-Key: (4096 bit) Modulus: - 00:c2:e7:0c:98:23:cd:54:66:28:8c:e4:75:fc:4e: - cd:1c:1d:eb:1f:0c:c4:56:78:07:7d:73:3d:9e:0d: - 02:29:a3:c9:f6:46:fa:24:ce:1f:49:f8:1f:0d:ea: - d7:aa:91:ed:0a:8d:69:05:a9:36:94:70:52:e8:05: - 42:04:19:6d:55:44:85:c2:d4:3a:2c:a7:ad:aa:42: - 54:cb:78:a1:fa:bb:b9:40:41:80:28:c4:27:42:a6: - 6b:f2:33:84:a2:c0:3e:f6:fe:b1:70:54:8a:0c:44: - 8f:81:1b:27:d8:7c:59:3f:f0:de:ea:dc:08:3f:88: - f8:f2:bf:58:3f:a4:fa:f5:9b + 00:b0:b9:77:f4:5d:e2:66:7d:10:16:aa:24:16:3b: + 13:8d:ad:b1:00:12:eb:49:14:8d:73:3a:e2:ee:f7: + fe:13:98:da:d9:d6:72:e2:8e:a9:dc:c6:d9:5c:86: + e6:03:fd:29:a5:de:46:05:02:4f:a9:79:25:61:5f: + f7:53:64:03:cd:2e:9d:c8:43:d9:45:48:14:7e:59: + ae:c6:ad:25:78:10:71:57:43:30:45:65:d4:0c:5d: + 52:91:97:dc:b8:93:38:64:9a:0b:4f:da:16:f7:1b: + 8e:aa:f5:e5:cc:3d:0d:84:ba:d7:fd:f9:5f:4a:ed: + c3:c8:36:66:f4:42:fc:5d:00:2b:7d:7b:8b:51:94: + 35:a9:27:3a:71:fb:ac:f5:2f:e4:d2:8b:c6:22:e5: + e5:a3:1b:13:95:3e:0f:0d:3e:07:1f:6e:23:b0:5d: + f7:60:01:e5:08:85:01:ac:48:31:32:38:1e:57:e8: + 1b:3c:38:c3:70:3a:81:1b:04:60:3b:c7:20:a9:8a: + fe:b9:c5:4b:c7:10:28:32:0a:7c:1d:f3:8f:5c:d0: + 2a:2e:83:97:3a:5f:42:34:95:1b:c4:b1:73:ff:23: + a9:e6:fb:9f:f4:40:2e:2f:c0:ad:9f:d6:c2:45:21: + 40:51:f9:2e:98:db:90:34:3e:f6:54:e5:fc:cc:d5: + 06:4c:19:81:53:af:bd:a1:8d:83:3a:b5:c7:1b:85: + 78:dc:64:65:f8:ed:88:b6:69:4d:c0:3b:da:9b:d5: + eb:32:e0:e0:1c:00:65:e7:f0:5b:f1:bc:e2:e8:8a: + a5:31:9e:d6:da:d3:c3:2f:d0:84:9a:f3:f1:2d:e1: + b3:63:3e:2a:ce:c9:98:45:1b:7e:8a:bc:2f:0a:f1: + 39:82:39:70:d0:f7:28:18:3a:74:eb:d0:4c:e7:99: + e5:e6:b1:f7:33:57:60:14:cf:2b:24:59:ed:30:f6: + a5:b1:6b:54:3d:74:ef:68:7c:69:b1:35:e8:1b:9e: + 0a:d4:38:27:ea:7c:1e:01:11:46:4e:07:b2:da:00: + f5:8c:a5:a6:d0:7f:24:a7:d9:32:a2:bf:6e:92:a3: + 16:83:1d:ed:74:e6:3f:6b:ab:1b:23:65:84:32:51: + 94:2f:1e:01:1d:13:b7:b3:6e:c2:2e:67:bd:33:8e: + 41:44:14:29:07:92:01:99:2d:f6:ac:51:26:a3:44: + 67:5e:cd:0e:35:e7:83:43:3a:20:78:63:23:4c:ee: + f4:5b:32:0f:17:49:14:d6:14:9d:d4:32:2d:b6:15: + 42:2a:7e:1f:3a:90:df:df:92:6d:b8:41:e3:39:29: + d9:c2:2c:bf:94:67:9e:a9:8b:10:14:3a:ca:0a:10: + cf:a4:5d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: @@ -28,26 +54,63 @@ Certificate: X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Subject Key Identifier: - C1:80:37:61:B7:F7:BD:09:84:1C:5C:CF:65:6D:FE:15:0B:78:85:C0 + C8:FC:4C:74:0D:42:18:8E:0A:4B:7C:61:C7:CD:36:FD:A9:96:8E:64 Signature Algorithm: sha1WithRSAEncryption - 97:06:c7:34:4f:17:20:6f:fd:f1:0e:eb:33:f1:eb:fe:49:ee: - 5d:6c:59:f2:4d:97:c0:ad:5a:2c:85:c2:b5:21:04:b0:ee:d1: - 2c:2b:54:0e:9c:82:c9:45:81:9c:2a:3a:e2:fa:78:94:52:56: - 19:99:11:44:78:f4:7d:b0:fc:d2:d3:49:d8:2f:9d:ff:23:5c: - 83:96:a0:14:a8:49:a1:bd:4a:ef:d2:67:96:5e:b7:36:36:86: - cc:ea:17:c3:3e:b7:18:ae:0a:03:43:4a:af:ab:ef:b9:c8:ec: - d6:27:39:c7:33:b7:34:54:d6:b5:1b:8c:85:a1:c1:13:b5:cd: - 0f:b7 + 5c:65:de:68:c8:80:3b:8b:08:74:2d:f4:89:51:42:7e:ac:41: + 83:d0:7f:ff:cb:d4:95:84:10:52:f9:2f:77:62:04:b9:03:8f: + a5:b2:16:92:19:c9:94:62:ae:3a:2b:73:89:59:73:2e:e3:05: + 05:0a:dc:e4:00:be:6b:fc:1e:ad:92:e2:8d:1d:a8:e2:71:6e: + 10:3b:50:5d:1c:c1:97:e7:4a:14:c3:1e:9a:a3:4c:e6:5f:4a: + fe:21:43:94:e1:e5:11:7c:42:c6:b7:06:d5:11:45:5d:3c:bf: + e7:9d:9b:4e:0a:9b:7a:94:09:ed:b1:fb:07:c4:2f:16:a3:8b: + 92:50:23:b6:5c:33:fa:2c:39:83:3a:6a:92:d2:00:a8:e0:a7: + 28:25:8a:b6:09:ee:17:6a:f3:be:38:c8:48:04:2e:81:96:9c: + 08:a2:3b:48:6e:f2:75:d8:5b:07:00:13:64:1f:a5:a1:7e:bf: + d1:a4:fa:5f:61:55:40:67:8a:76:31:28:1c:f8:a7:f0:9e:bb: + e0:bd:18:89:6c:9c:e7:21:9f:49:ab:3f:1b:43:12:c3:4d:fc: + cc:e7:f4:4c:4f:c0:45:5b:30:f7:9b:09:60:a7:46:a5:f0:8b: + ea:ab:62:78:3c:7a:cc:ea:09:2b:f7:7c:06:04:b2:f7:31:68: + b0:25:e0:7e:bf:50:b5:a3:b6:f3:1d:c0:42:95:d9:79:f6:8e: + 94:cc:b4:da:f9:e6:fe:7a:44:93:80:0b:25:d9:54:69:8e:d8: + 7e:08:a8:63:55:67:3c:32:87:52:73:38:fa:0a:e0:4c:ac:1e: + b1:7d:bc:89:ee:a5:d6:79:ed:79:2c:97:f0:c6:a4:1f:ff:ca: + 1e:38:a9:86:22:46:d3:ff:69:44:aa:7c:9d:c0:35:d3:99:03: + 86:5e:b4:d0:e4:16:c9:f1:83:16:5f:b8:b9:a0:8b:16:c2:31: + 17:2d:59:de:a7:b0:16:cc:63:10:16:17:20:cf:e3:af:02:92: + 48:d3:64:38:44:9c:16:a9:62:5b:be:7f:c8:1f:4e:69:d6:44: + 35:92:cd:69:fc:e5:23:60:4e:a3:93:92:1f:aa:6e:ae:77:cc: + 63:fe:ff:49:10:10:c4:3c:53:34:1c:d9:51:41:d8:73:86:5e: + d5:a8:22:38:b0:20:3a:11:3f:a0:50:ba:4a:ad:8f:1b:34:51: + 68:6e:66:6a:77:22:ec:a8:8a:14:ff:cc:3d:32:20:76:d9:a5: + d1:fc:4c:60:35:dc:1e:38:a4:02:ee:65:8b:79:8e:65:6c:2d: + dd:c8:54:70:c2:9e:03:29:a5:99:ac:9b:83:52:c4:19:1b:8e: + f1:15:cd:71:c8:1d:0a:de -----BEGIN CERTIFICATE----- -MIIB8jCCAVugAwIBAgIBCzANBgkqhkiG9w0BAQUFADAeMQswCQYDVQQGEwJTRTEP -MA0GA1UEAwwGU3ViIENBMB4XDTA5MDQyNjIwMjk0MVoXDTE5MDQyNDIwMjk0MVow -JTELMAkGA1UEBhMCU0UxFjAUBgNVBAMMDVRlc3Qgc3ViIGNlcnQwgZ8wDQYJKoZI -hvcNAQEBBQADgY0AMIGJAoGBAMLnDJgjzVRmKIzkdfxOzRwd6x8MxFZ4B31zPZ4N -AimjyfZG+iTOH0n4Hw3q16qR7QqNaQWpNpRwUugFQgQZbVVEhcLUOiynrapCVMt4 -ofq7uUBBgCjEJ0Kma/IzhKLAPvb+sXBUigxEj4EbJ9h8WT/w3urcCD+I+PK/WD+k -+vWbAgMBAAGjOTA3MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBTB -gDdht/e9CYQcXM9lbf4VC3iFwDANBgkqhkiG9w0BAQUFAAOBgQCXBsc0Txcgb/3x -Dusz8ev+Se5dbFnyTZfArVoshcK1IQSw7tEsK1QOnILJRYGcKjri+niUUlYZmRFE -ePR9sPzS00nYL53/I1yDlqAUqEmhvUrv0meWXrc2NobM6hfDPrcYrgoDQ0qvq++5 -yOzWJznHM7c0VNa1G4yFocETtc0Ptw== +MIIE9zCCAt+gAwIBAgIBCzANBgkqhkiG9w0BAQUFADAeMQswCQYDVQQGEwJTRTEP +MA0GA1UEAwwGU3ViIENBMB4XDTE5MDUyMzE1MDUyMFoXDTM4MDExNjE1MDUyMFow +JTELMAkGA1UEBhMCU0UxFjAUBgNVBAMMDVRlc3Qgc3ViIGNlcnQwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCwuXf0XeJmfRAWqiQWOxONrbEAEutJFI1z +OuLu9/4TmNrZ1nLijqncxtlchuYD/Sml3kYFAk+peSVhX/dTZAPNLp3IQ9lFSBR+ +Wa7GrSV4EHFXQzBFZdQMXVKRl9y4kzhkmgtP2hb3G46q9eXMPQ2Eutf9+V9K7cPI +Nmb0QvxdACt9e4tRlDWpJzpx+6z1L+TSi8Yi5eWjGxOVPg8NPgcfbiOwXfdgAeUI +hQGsSDEyOB5X6Bs8OMNwOoEbBGA7xyCpiv65xUvHECgyCnwd849c0Coug5c6X0I0 +lRvEsXP/I6nm+5/0QC4vwK2f1sJFIUBR+S6Y25A0PvZU5fzM1QZMGYFTr72hjYM6 +tccbhXjcZGX47Yi2aU3AO9qb1esy4OAcAGXn8FvxvOLoiqUxntba08Mv0ISa8/Et +4bNjPirOyZhFG36KvC8K8TmCOXDQ9ygYOnTr0EznmeXmsfczV2AUzyskWe0w9qWx +a1Q9dO9ofGmxNegbngrUOCfqfB4BEUZOB7LaAPWMpabQfySn2TKiv26SoxaDHe10 +5j9rqxsjZYQyUZQvHgEdE7ezbsIuZ70zjkFEFCkHkgGZLfasUSajRGdezQ4154ND +OiB4YyNM7vRbMg8XSRTWFJ3UMi22FUIqfh86kN/fkm24QeM5KdnCLL+UZ56pixAU +OsoKEM+kXQIDAQABozkwNzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4E +FgQUyPxMdA1CGI4KS3xhx802/amWjmQwDQYJKoZIhvcNAQEFBQADggIBAFxl3mjI +gDuLCHQt9IlRQn6sQYPQf//L1JWEEFL5L3diBLkDj6WyFpIZyZRirjorc4lZcy7j +BQUK3OQAvmv8Hq2S4o0dqOJxbhA7UF0cwZfnShTDHpqjTOZfSv4hQ5Th5RF8Qsa3 +BtURRV08v+edm04Km3qUCe2x+wfELxaji5JQI7ZcM/osOYM6apLSAKjgpyglirYJ +7hdq8744yEgELoGWnAiiO0hu8nXYWwcAE2QfpaF+v9Gk+l9hVUBninYxKBz4p/Ce +u+C9GIlsnOchn0mrPxtDEsNN/Mzn9ExPwEVbMPebCWCnRqXwi+qrYng8eszqCSv3 +fAYEsvcxaLAl4H6/ULWjtvMdwEKV2Xn2jpTMtNr55v56RJOACyXZVGmO2H4IqGNV +Zzwyh1JzOPoK4EysHrF9vInupdZ57Xksl/DGpB//yh44qYYiRtP/aUSqfJ3ANdOZ +A4ZetNDkFsnxgxZfuLmgixbCMRctWd6nsBbMYxAWFyDP468CkkjTZDhEnBapYlu+ +f8gfTmnWRDWSzWn85SNgTqOTkh+qbq53zGP+/0kQEMQ8UzQc2VFB2HOGXtWoIjiw +IDoRP6BQukqtjxs0UWhuZmp3IuyoihT/zD0yIHbZpdH8TGA13B44pALuZYt5jmVs +Ld3IVHDCngMppZmsm4NSxBkbjvEVzXHIHQre -----END CERTIFICATE----- diff --git a/lib/hx509/data/sub-cert.key b/lib/hx509/data/sub-cert.key index eb42cfcec4ba..e9fcb0d3fb15 100644 --- a/lib/hx509/data/sub-cert.key +++ b/lib/hx509/data/sub-cert.key @@ -1,16 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMLnDJgjzVRmKIzk -dfxOzRwd6x8MxFZ4B31zPZ4NAimjyfZG+iTOH0n4Hw3q16qR7QqNaQWpNpRwUugF -QgQZbVVEhcLUOiynrapCVMt4ofq7uUBBgCjEJ0Kma/IzhKLAPvb+sXBUigxEj4Eb -J9h8WT/w3urcCD+I+PK/WD+k+vWbAgMBAAECgYBIFo1h+FwJy39UHWxGVh8nNymv -4lj8Yojira0suEMEg8A/hyEeW97WzR8vVp1OSYsTTBp8LYoyfRktGETCn2UAbxnZ -WGF3nx7TPYhX83N8QFT+NuIih051w9KkGcACD8PZqqeCIyt9YEOnNX276WToCzNy -121aeDYeimlUJopzAQJBAPBL53LfzOyB5EnQIbT9GTciFQEMJvMQPQqd8xo4S62m -3ydHIFDtGFP/1ZytGevGQWnkF0hxTc/PbUmoFxp+e8kCQQDPo7ddWjR3gxwEuy9M -5sj52OqTwUyS5V+mMUVua06gTaTIs66yh3yv1QpczQV1sr8o6EJ6v3qJKqIC3qRn -BBBDAkEA1JAAdDCfANPCEr1nI8gEJy4h8GREjBzgMmUYaChGYZ1Mp10WrB+ftqaH -2mmRlWwx7y7SncWEtIBjx5VGoqwiaQJBAIeeQeSaR0yL+N/qNrG+xyPRFx3ckhwb -7sZIxjWhpuAy9l8UZRU8QydBOZx1WIyQbCTW1pz/tZQjoV/IdY7Ha6sCQQCojspS -iBO6CALYSsdIL6ZX/bXqGmPyXbxszGkYlaJx2FmD2MjSVM2RxPmx5RLNL02EfFLX -DWUplanFI5eZTZ0N +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCwuXf0XeJmfRAW +qiQWOxONrbEAEutJFI1zOuLu9/4TmNrZ1nLijqncxtlchuYD/Sml3kYFAk+peSVh +X/dTZAPNLp3IQ9lFSBR+Wa7GrSV4EHFXQzBFZdQMXVKRl9y4kzhkmgtP2hb3G46q +9eXMPQ2Eutf9+V9K7cPINmb0QvxdACt9e4tRlDWpJzpx+6z1L+TSi8Yi5eWjGxOV +Pg8NPgcfbiOwXfdgAeUIhQGsSDEyOB5X6Bs8OMNwOoEbBGA7xyCpiv65xUvHECgy +Cnwd849c0Coug5c6X0I0lRvEsXP/I6nm+5/0QC4vwK2f1sJFIUBR+S6Y25A0PvZU +5fzM1QZMGYFTr72hjYM6tccbhXjcZGX47Yi2aU3AO9qb1esy4OAcAGXn8FvxvOLo +iqUxntba08Mv0ISa8/Et4bNjPirOyZhFG36KvC8K8TmCOXDQ9ygYOnTr0EznmeXm +sfczV2AUzyskWe0w9qWxa1Q9dO9ofGmxNegbngrUOCfqfB4BEUZOB7LaAPWMpabQ +fySn2TKiv26SoxaDHe105j9rqxsjZYQyUZQvHgEdE7ezbsIuZ70zjkFEFCkHkgGZ +LfasUSajRGdezQ4154NDOiB4YyNM7vRbMg8XSRTWFJ3UMi22FUIqfh86kN/fkm24 +QeM5KdnCLL+UZ56pixAUOsoKEM+kXQIDAQABAoICAAxzNIExsAZ6XwzJtbsfNFRx +3RtdOdgvK3vntR8St4KX7SsVkYhmdo8ILz32fvPe/PUjgJlPvV76GukOQrVMQXxO +AW2fYgogdtkj5k0224Hm3qVAJYFuGA8679sz8KfML1ffBlb8zUthVJ60rhjCYFZu +d1L8I3t63qUXOA+TPIYsweOYNYtsvo8JJXPsQBYR5rPyhuXkflYMTUfhVFwhd4z+ +TGNba1cHKyR7gk+p0lVwYKrevjRy50nbxUaq+0Ca2bE4CpP500nV2I8V8AKIKxxl +yeL3AEtrdJWRv6AOxFZAI/MS3QTvFJHmqBSvo4YNPqPHw0GfjjwwB1iZz0J663OI +5hZ1dHdaLk3HSb3XdemMnwi5guJru+ojmGv9w4si9gpVdayzRiar4BG3Q2s2u68b +t/Gr/5grWUFzhZua2BVTRpYzMQ2dX9aX/YNJdXV67Syg1sNb6jasjYXdjMhBhkD7 +UrgyUFgB/dC2M55AuCYtuSXbEdQAlMtrHOgdYfLSNRRj8FLCgnhe/72KB1hAhCrh +S5NKWdIfd3eDDoRYcCmiiKJ+5dPppy4G1xYxx/CvJep6NybSK18fsVYBDoXD3c00 +YoseUWueKcJshWDn71nYupwvvlbIegvOllvijcLMnFFKCDP0Yxfp8cZBZTYZrCH1 +Y4C/r4dnhCaxbS86Xf0dAoIBAQDrAqNl0BzrOBsDRDpdDy9yJgdiumII76yQFzEh +xm0OgBleKvx50awbuACDGoVQ9wFExX3NajDX5G5hwQkzy4UnG87RS2NZuaIgkN9o +IbSqDlswurlGYHG1azfBeOivnaGFMtxx+X0aM9TfXy50WgCnjgogXOcvfKkiCQiQ +kQuoLwBCEDX730gzrypcfbpECuo8lKP3s3dgan6uDkvmmAVQSW30maZOltToAljq +Hdf73JB+UNwTUrpCZH5F5EhKXZSRexDBGr5FeaxHi/R+whg73LS8Y6X97mpqs7Hq +FSmayZ3ILJx3sWJCyV2D+6k2Sk9gBWbMSUdGpS9BmBIZKS1fAoIBAQDAgil3ZhI1 +25DxeHLAS+ZcLVl5v/j3DfZsBfn4F6MjpqI9GAjaWnq/H54nv8PcYSlhWuFsN2dz +haJYzDJtFevor/I6DPYfrM2Sfxcz9rsi3m8+qGNLdVO/++hg9bxcUrIwiT8kv2Xi +OJnXvEFil5Ldmb/NM98TaUu//jYg4yr2w6f70rrtyVAsio3q7xrV1r7q2FjpF/Gq +BFJJ0pBwXtnYHJojaA2im9BnTtRmBxA4Y5/ImVofp7XFIuqI5SfYO9RNd/LX95Lv +pIg9DofsIMnK9v8Zp09s7UtNh76JbrG35mVvR9c7VZ5bBqbAJuk6WoRKyerkrMOE +7WfaNPtf4QvDAoIBAGyjk5WFV1kFXrdr2u8aDfzex5tEPf2Tjlot3nCWoeOKJC/7 +/yrxWnaV4Oa6Y9bB2LxJ75X9+QZUexKFghOHic5CdKEcEJlxzxju39frfPEAIfes +2elGvEn5fpTZp/dHD1vb3zxw8Pwj6cw42+i9kn/ikZvUVqsFHcq2EleCNblRwPTJ +Oatt1JrP5u1K0ciSoyXOMN5ZAF553IXp5fx7Wjl7OHFSdibuYw29yAyyLx4nIETE +bHgiTihS/Gyi0yhNiliWY3BhRIQpcxLACA5w+3Lw3DwadKmmhVs+Jojnr4v2mBHp +TYunXJ0zKR/SPq7yOy9QT+0wEtr9kZLpEbS/7FECggEAO69fadxkovwbOTKN6V7e +4g9RYXUKnJZgo2dK9AdoFiKQxH5SKFjLG7ySzWIgOJCLQtrpbyLSWTfCeON+cuHM +DY2XfTYNjQ6HgfcTW5IQvSPXu8Z7Wqbau3g/uOgXaUxeYLv8rskErpm74O5GG2pB +J6GGnPmLHTqVOMZ5Q8MKzA0nZOUV/alfyR+AFqnhWRFGigtfrY016O+ED81P6PcP +dXiQtY+KQrMqbw06vxNLjSAeJxSco5ncum0z6BOcQedy0D3zNdBVZyVM9BkwPR6B +UgM4XlzIPE5p/XSrt3JxeUHeixzr90J5YWFzi7nEr8nmoEVwJUwHJoxwmW+5zCU6 +/wKCAQEAgg9azbPTBLQsvQxp1G+nNeGfQzwe1QrlHFdW8e/rKudsXUoEoBoT77Z/ +xEcErH5uhFPz6twMYv2qaZPTY+mmB0/5q/TCo/KXguahr5eLrunYgkkjtRz4Tw2x +ebBwoVSorX75txGIw+AZLgzYamkZpYc8ZC46aCLEbpFj8hNAuhibY+s/1oc+zL7P +eCe+MYKKbk91KajbceSRIzFeyFa9nUOd4EM31Ebp4lxGSaLcp386C8naFa+EowoI +4TLagaViDshP1ysaHdpiEjt0DnjKC/TlzE17ttpdSFTwFe0GsND2TuV0Fgk0SAjG +uj2qsRY0KoByw9kyWVQeMxTuF6/EaQ== -----END PRIVATE KEY----- diff --git a/lib/hx509/data/sub-cert.p12 b/lib/hx509/data/sub-cert.p12 Binary files differindex f9d48ed1de06..c929d7c89667 100644 --- a/lib/hx509/data/sub-cert.p12 +++ b/lib/hx509/data/sub-cert.p12 diff --git a/lib/hx509/data/test-ds-only.crt b/lib/hx509/data/test-ds-only.crt index 7c5b452a6390..95df000b3007 100644 --- a/lib/hx509/data/test-ds-only.crt +++ b/lib/hx509/data/test-ds-only.crt @@ -2,25 +2,51 @@ Certificate: Data: Version: 3 (0x2) Serial Number: 5 (0x5) - Signature Algorithm: sha1WithRSAEncryption + Signature Algorithm: sha1WithRSAEncryption Issuer: CN=hx509 Test Root CA, C=SE Validity - Not Before: Apr 26 20:29:40 2009 GMT - Not After : Apr 24 20:29:40 2019 GMT + Not Before: May 23 15:05:14 2019 GMT + Not After : Jan 16 15:05:14 2038 GMT Subject: C=SE, CN=Test cert DigitalSignature Subject Public Key Info: Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) + Public-Key: (4096 bit) Modulus: - 00:eb:6c:c9:0d:97:91:ab:88:5c:44:a7:40:ed:25: - b1:d9:0d:cd:22:1e:07:80:15:49:05:b0:7d:f2:bc: - 6c:12:7a:4a:74:a8:26:4c:98:0f:29:d0:b2:68:21: - c3:bb:6a:cd:4a:27:71:5b:8b:51:12:ed:47:cc:21: - 94:ee:05:11:55:61:2c:88:22:33:c2:4e:12:ca:ed: - 63:00:10:4c:4f:7c:62:97:a0:9f:95:2a:99:d7:8e: - a7:8a:d7:53:b2:b2:7d:a8:b7:5f:dd:4c:79:30:e7: - 48:0e:0d:9d:6d:85:04:56:63:d4:27:53:09:a9:bc: - b3:c1:67:1e:65:bb:4e:10:a5 + 00:db:8d:a2:5f:bd:67:a2:66:d7:80:3d:9b:5e:d7: + 31:5b:05:06:4f:0c:aa:5c:e8:0b:06:bc:30:8f:f9: + fc:b3:1d:de:4f:c4:18:0d:7a:ab:00:7a:7e:5d:b2: + fd:85:d8:22:9d:d8:b7:e2:e8:98:e6:47:b6:63:01: + 90:d5:e9:80:c7:ac:e4:32:bf:df:10:af:73:11:d2: + 82:21:bf:5b:76:37:d2:03:67:c5:9a:7b:44:a5:4a: + 4e:a6:05:d3:95:09:fb:13:3a:7a:ca:b9:4f:28:24: + e2:cb:75:ee:6d:97:a6:62:fb:bc:57:ed:6e:2f:e9: + 0a:7f:61:4b:c7:9a:45:7c:49:5d:03:fe:4e:09:8b: + 9c:30:60:67:42:0f:89:44:08:0b:4e:65:96:6f:f8: + 83:27:10:de:99:7a:8d:bc:e1:ab:23:cd:d2:83:57: + 0f:5a:99:26:dd:6e:16:3b:d5:4d:7e:4d:d1:85:e8: + 37:44:69:de:ea:9e:79:af:eb:b3:6f:87:0b:23:97: + 53:81:b3:e4:64:2a:1d:f9:2c:6d:54:63:15:8e:39: + 9c:70:b0:c1:85:91:be:21:4b:4d:73:21:0a:59:fc: + 20:b9:60:6c:7d:ca:ed:ab:e7:22:79:cf:c4:5b:bc: + 9e:fe:90:ec:e7:48:c0:0d:60:2c:6d:db:bb:ed:95: + 70:cc:14:b4:45:9b:9b:45:92:fa:d2:50:ab:5a:60: + 1b:96:6c:81:d7:2a:4f:60:df:29:38:26:9a:7b:ea: + 68:e8:cf:dc:c3:25:a8:2a:d4:79:ea:69:7b:96:2d: + 2d:aa:8c:39:1e:9c:00:bf:51:8c:66:4b:14:20:f0: + cb:3a:19:b2:03:5c:78:63:72:56:bf:8f:fa:49:19: + 98:d0:25:1b:24:ad:85:51:1f:07:d9:72:94:70:7d: + 47:b1:9d:88:86:26:d5:01:d6:10:c9:04:60:01:b7: + c5:5d:6f:e6:10:c4:7e:85:87:b6:8b:ce:15:ec:79: + bb:05:83:3d:98:91:90:42:5a:28:f9:1f:65:07:63: + 15:97:3d:8d:c2:33:f8:9c:70:c2:a5:53:6d:90:db: + 6c:15:30:1e:6f:a1:09:8e:e5:56:79:fd:7e:11:f8: + bd:44:5c:99:35:7c:56:03:1a:bf:15:fa:1f:08:8f: + 1f:82:a8:2e:c3:a5:f4:94:a1:4e:9f:ef:4b:c6:6f: + af:12:ee:ee:c0:c0:39:3e:47:bf:17:6e:09:c6:8c: + 47:89:b0:a3:26:92:95:91:38:07:c9:eb:5e:2b:8a: + 65:c1:26:21:60:68:f1:27:5b:76:7e:a8:81:25:31: + 6e:14:06:08:09:62:13:9c:c8:af:01:e8:9b:4a:9e: + 18:b1:35 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: @@ -28,26 +54,64 @@ Certificate: X509v3 Key Usage: Digital Signature, Non Repudiation X509v3 Subject Key Identifier: - 30:2F:86:11:EA:5A:CD:C6:B4:61:FC:11:59:74:34:7C:16:93:25:52 + 6B:E9:29:4E:C6:18:4A:A0:2F:A9:AC:67:3D:F7:80:7C:CE:8A:97:66 Signature Algorithm: sha1WithRSAEncryption - 15:f4:85:10:1a:98:d7:ec:74:4c:2b:55:1f:db:c9:2f:e0:ad: - 2d:76:83:17:e1:13:d7:17:8d:27:a7:e3:21:1f:63:f2:30:94: - ae:9f:1f:b9:4f:6a:6b:ce:50:7d:1a:a7:4e:be:f1:98:33:16: - a0:53:a3:06:61:4f:6e:11:8b:55:3f:cd:91:4f:0a:0b:2d:f1: - 5a:68:13:e2:f9:25:88:00:74:79:e8:f4:a9:c4:5c:9e:df:c0: - 17:e2:e5:75:54:3d:64:65:52:b4:a5:9c:51:ff:c3:ec:8f:88: - 06:18:f6:a5:42:b9:d9:75:7b:d1:4c:d1:fa:ab:89:b3:24:5a: - 14:aa + 9e:b3:b6:2d:27:65:c4:2e:2a:a2:f1:d6:3c:ba:4b:c6:b9:47: + fe:72:5a:fe:f4:f7:92:4c:17:7c:f5:88:91:eb:f9:1a:6a:c3: + 82:a9:8b:6f:4e:e1:62:d2:15:d8:50:12:aa:cf:ef:2e:73:2a: + 86:cb:59:49:1a:35:17:4e:c4:2e:ac:65:5a:f0:13:da:35:78: + 20:59:e7:f9:8c:9a:97:0f:76:cf:cf:2d:79:69:b2:9f:15:77: + d9:af:20:ff:ab:07:18:f4:ef:5d:4d:c2:56:bc:fb:a6:52:aa: + 53:a3:5f:91:5b:83:61:e7:fe:c1:89:4f:57:c3:8a:ba:d2:89: + ed:9f:28:b0:f7:18:25:dc:d1:e8:4e:f0:ef:50:70:e5:cf:6d: + ba:1e:d9:98:11:13:02:53:15:9b:98:95:b2:8a:60:a4:6c:f9: + c6:23:4a:9d:25:ce:31:fe:17:fc:1f:11:43:52:4c:45:ef:f6: + 38:c5:e7:94:98:34:3c:05:8f:d0:a1:82:71:9d:d1:ec:93:ef: + 7e:7d:9d:ba:2c:7d:82:14:e7:ce:8a:e1:e9:bf:6a:82:0b:44: + 1e:5d:1e:85:b4:81:0e:f2:c1:1c:54:8b:b1:e9:35:82:c2:44: + 23:22:b0:96:3a:ab:0e:6c:f0:24:41:e0:bf:62:86:01:1e:e2: + 29:af:d0:cd:06:83:84:66:a6:2a:32:d4:f8:f5:31:3f:d4:20: + 34:07:6e:78:d0:f7:a7:64:fa:d4:81:15:c0:71:bc:10:3c:44: + 8b:fc:f0:8b:03:7e:ca:9e:6f:e0:d2:f3:14:67:3b:ea:1b:79: + 59:3c:98:5d:70:3a:b4:87:d8:45:99:91:63:f6:db:7d:35:d3: + 39:df:ac:31:db:94:fc:90:c8:87:01:11:1b:10:9f:2f:15:53: + 5c:f2:5f:08:cb:72:d3:f6:ed:63:39:e9:45:b7:ae:bd:db:21: + 93:4a:fc:42:78:2b:db:ac:cd:ed:ca:f0:06:2a:f9:45:18:ed: + de:31:3d:78:fd:94:a2:65:63:ba:ce:13:37:4a:ce:68:8b:39: + eb:e1:24:d7:ea:ca:7f:25:d1:a3:63:97:8c:a9:f6:19:f9:68: + d3:8a:0b:bf:2e:8a:db:58:9c:97:42:40:de:c3:b5:e8:84:d9: + 3b:02:56:7e:d7:83:ab:e0:4d:e0:49:4f:8a:bd:c1:e9:aa:90: + c7:96:bb:09:e0:6c:77:1c:15:48:20:4e:95:6f:7e:87:59:33: + 75:da:5f:91:d6:35:65:67:15:a8:1f:1a:ff:23:c8:89:90:8c: + 38:a6:12:70:5f:78:c2:1b:ea:66:64:23:95:d2:b1:4c:fb:e1: + ed:22:24:b0:3b:da:8f:1b -----BEGIN CERTIFICATE----- -MIICCzCCAXSgAwIBAgIBBTANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw -OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA5MDQyNjIwMjk0MFoXDTE5 -MDQyNDIwMjk0MFowMjELMAkGA1UEBhMCU0UxIzAhBgNVBAMMGlRlc3QgY2VydCBE -aWdpdGFsU2lnbmF0dXJlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDrbMkN -l5GriFxEp0DtJbHZDc0iHgeAFUkFsH3yvGwSekp0qCZMmA8p0LJoIcO7as1KJ3Fb -i1ES7UfMIZTuBRFVYSyIIjPCThLK7WMAEExPfGKXoJ+VKpnXjqeK11Oysn2ot1/d -THkw50gODZ1thQRWY9QnUwmpvLPBZx5lu04QpQIDAQABozkwNzAJBgNVHRMEAjAA -MAsGA1UdDwQEAwIGwDAdBgNVHQ4EFgQUMC+GEepazca0YfwRWXQ0fBaTJVIwDQYJ -KoZIhvcNAQEFBQADgYEAFfSFEBqY1+x0TCtVH9vJL+CtLXaDF+ET1xeNJ6fjIR9j -8jCUrp8fuU9qa85QfRqnTr7xmDMWoFOjBmFPbhGLVT/NkU8KCy3xWmgT4vkliAB0 -eej0qcRcnt/AF+LldVQ9ZGVStKWcUf/D7I+IBhj2pUK52XV70UzR+quJsyRaFKo= +MIIFEDCCAvigAwIBAgIBBTANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw +OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTE5MDUyMzE1MDUxNFoXDTM4 +MDExNjE1MDUxNFowMjELMAkGA1UEBhMCU0UxIzAhBgNVBAMMGlRlc3QgY2VydCBE +aWdpdGFsU2lnbmF0dXJlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA +242iX71nombXgD2bXtcxWwUGTwyqXOgLBrwwj/n8sx3eT8QYDXqrAHp+XbL9hdgi +ndi34uiY5ke2YwGQ1emAx6zkMr/fEK9zEdKCIb9bdjfSA2fFmntEpUpOpgXTlQn7 +Ezp6yrlPKCTiy3XubZemYvu8V+1uL+kKf2FLx5pFfEldA/5OCYucMGBnQg+JRAgL +TmWWb/iDJxDemXqNvOGrI83Sg1cPWpkm3W4WO9VNfk3Rheg3RGne6p55r+uzb4cL +I5dTgbPkZCod+SxtVGMVjjmccLDBhZG+IUtNcyEKWfwguWBsfcrtq+ciec/EW7ye +/pDs50jADWAsbdu77ZVwzBS0RZubRZL60lCrWmAblmyB1ypPYN8pOCaae+po6M/c +wyWoKtR56ml7li0tqow5HpwAv1GMZksUIPDLOhmyA1x4Y3JWv4/6SRmY0CUbJK2F +UR8H2XKUcH1HsZ2IhibVAdYQyQRgAbfFXW/mEMR+hYe2i84V7Hm7BYM9mJGQQloo ++R9lB2MVlz2NwjP4nHDCpVNtkNtsFTAeb6EJjuVWef1+Efi9RFyZNXxWAxq/Ffof +CI8fgqguw6X0lKFOn+9Lxm+vEu7uwMA5Pke/F24JxoxHibCjJpKVkTgHyeteK4pl +wSYhYGjxJ1t2fqiBJTFuFAYICWITnMivAeibSp4YsTUCAwEAAaM5MDcwCQYDVR0T +BAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFGvpKU7GGEqgL6msZz33gHzOipdm +MA0GCSqGSIb3DQEBBQUAA4ICAQCes7YtJ2XELiqi8dY8ukvGuUf+clr+9PeSTBd8 +9YiR6/kaasOCqYtvTuFi0hXYUBKqz+8ucyqGy1lJGjUXTsQurGVa8BPaNXggWef5 +jJqXD3bPzy15abKfFXfZryD/qwcY9O9dTcJWvPumUqpTo1+RW4Nh5/7BiU9Xw4q6 +0ontnyiw9xgl3NHoTvDvUHDlz226HtmYERMCUxWbmJWyimCkbPnGI0qdJc4x/hf8 +HxFDUkxF7/Y4xeeUmDQ8BY/QoYJxndHsk+9+fZ26LH2CFOfOiuHpv2qCC0QeXR6F +tIEO8sEcVIux6TWCwkQjIrCWOqsObPAkQeC/YoYBHuIpr9DNBoOEZqYqMtT49TE/ +1CA0B2540PenZPrUgRXAcbwQPESL/PCLA37Knm/g0vMUZzvqG3lZPJhdcDq0h9hF +mZFj9tt9NdM536wx25T8kMiHAREbEJ8vFVNc8l8Iy3LT9u1jOelFt6692yGTSvxC +eCvbrM3tyvAGKvlFGO3eMT14/ZSiZWO6zhM3Ss5oiznr4STX6sp/JdGjY5eMqfYZ ++WjTigu/LorbWJyXQkDew7XohNk7AlZ+14Or4E3gSU+KvcHpqpDHlrsJ4Gx3HBVI +IE6Vb36HWTN12l+R1jVlZxWoHxr/I8iJkIw4phJwX3jCG+pmZCOV0rFM++HtIiSw +O9qPGw== -----END CERTIFICATE----- diff --git a/lib/hx509/data/test-ds-only.key b/lib/hx509/data/test-ds-only.key index 24493f8d4daa..236df841bf58 100644 --- a/lib/hx509/data/test-ds-only.key +++ b/lib/hx509/data/test-ds-only.key @@ -1,16 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOtsyQ2XkauIXESn -QO0lsdkNzSIeB4AVSQWwffK8bBJ6SnSoJkyYDynQsmghw7tqzUoncVuLURLtR8wh -lO4FEVVhLIgiM8JOEsrtYwAQTE98Ypegn5UqmdeOp4rXU7Kyfai3X91MeTDnSA4N -nW2FBFZj1CdTCam8s8FnHmW7ThClAgMBAAECgYEApDDTq8oYy0Qn7a2kR4Cxn8rT -VUcSPg8aRYCI5qDo0p49jUy0oVivwp8NvjhGNVDQajZGBe2NFqEsIL8PCk24frfF -LNUAi0FllQjq4iUKTKJyahqQvUenhVaAUdYJdDfS6wZM4xYc3TxHpKdbp+DVii+F -HA9dcpGCwumbRv7ZmoECQQD+iQOM/iJAXOJa0QEwqsuAlQbC82S3yoedpX7AAup3 -lme8BreDMPyv5cCVs8UW9z+z9N+4wEB9cmA98vhCxq9FAkEA7MeeLY04wyFH4VBO -1/GqiTVdOF5mOd3dCfv6xWgO2xUe0h1twIuAmbsST9Bvj7AQM2nAv1EoU88OrhVX -BY/B4QJAZnqflVqUS7mZ4NqZUhDR0jkt+buo516Bb3U8LO5/nBpQNaG2rPlCI0er -XBp+1ZpCaZ/Dm0y8KkWsfgSe87OuyQJBANefXRN8VGGWECBGAtax86vplc+8X3l4 -6k6qUg6tGUI3NI8BT64VG/JjImTemomOOuKm/mj7Hi9cErFDK7Eb3eECQQCxNUEt -Lxdipay7Iz1yAr953GoQAXdgJ4l6dmOyle1wE21Mvsc4okGr6cNAp2K3d/LnOAId -a09Ph64VsUwGaIEh +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDbjaJfvWeiZteA +PZte1zFbBQZPDKpc6AsGvDCP+fyzHd5PxBgNeqsAen5dsv2F2CKd2Lfi6JjmR7Zj +AZDV6YDHrOQyv98Qr3MR0oIhv1t2N9IDZ8Wae0SlSk6mBdOVCfsTOnrKuU8oJOLL +de5tl6Zi+7xX7W4v6Qp/YUvHmkV8SV0D/k4Ji5wwYGdCD4lECAtOZZZv+IMnEN6Z +eo284asjzdKDVw9amSbdbhY71U1+TdGF6DdEad7qnnmv67Nvhwsjl1OBs+RkKh35 +LG1UYxWOOZxwsMGFkb4hS01zIQpZ/CC5YGx9yu2r5yJ5z8RbvJ7+kOznSMANYCxt +27vtlXDMFLRFm5tFkvrSUKtaYBuWbIHXKk9g3yk4Jpp76mjoz9zDJagq1HnqaXuW +LS2qjDkenAC/UYxmSxQg8Ms6GbIDXHhjcla/j/pJGZjQJRskrYVRHwfZcpRwfUex +nYiGJtUB1hDJBGABt8Vdb+YQxH6Fh7aLzhXsebsFgz2YkZBCWij5H2UHYxWXPY3C +M/iccMKlU22Q22wVMB5voQmO5VZ5/X4R+L1EXJk1fFYDGr8V+h8Ijx+CqC7DpfSU +oU6f70vGb68S7u7AwDk+R78XbgnGjEeJsKMmkpWROAfJ614rimXBJiFgaPEnW3Z+ +qIElMW4UBggJYhOcyK8B6JtKnhixNQIDAQABAoICAFOpQ99xoCT9RU8DqsnX/GGv +p3jF3cErVtBJM8QZQVbLoeQJWBUC0liLVM3Fn9+5vW8inuejNGhDmVdeyF8K7Fyq +IAbKoGiOQq3e5mGPtn10xd0wVNcJ8918VD3laHuZYwgvt4y6UlR8wcM//AvcxrVf +MaTbv6oYBj0FyUeVHLdAiWY1KG1wuqKgiZhdrTO0UQKdqVaffvKK9hfL4GjCIWGy +U25i5WHjjDDCe0xvemkPpDB/jVfPc/c5TitgCG8OKYt1ZYe+EeCtP+CsMjj+zL72 +awtx/zwzjhzHwgqF45jof1vER3Mjua9Qkw2Rw0QluvxMI0n6qdwu8p8mJRViZalZ +waaUk4EvlB4ZE3tA3NRKFyrmEn2zehzna0o72Je06NuShtnxPKkGAnw3ieys5noJ +c8IB7v0R3r9xwJOt5ZO/OEnI68v6ijcGPcPkSTfJP5hlVxwtNCg6n0wCVnojemmm +nqpEGritdpe53FkDR/EYfX/Idn4yAaJs/Z0SuN6Q2KNVSXJjlSZLg8PHATxlRWtd +4rX4W+gFVudT59EYWY7cxa0yrrQOJXxLzxiPt0H+aKJTiwQ0mYKLH/HAugl7byhe +U4QwJ0VNU2JxpX+1OhRQaMhooMH3Y6XSYITq04OIxYzdAlflb2WffZ3JyIpIAv7+ +Tymxyu7/DkQzFpb0QngdAoIBAQD29SgKA3n17R1MJkfmRxE5JlQpkZXRkzw1vDbW +48b6JYna6jRvb8ktpn738iW+VJ+1j96q5MyofR/SlkO1ZOtsh3V9i1ddZTGt8Zqe +Bgq6HYxCSZmc24wtq3G4nMNfbvcpOgssSmh/LMQeKTCVQTwmGnf1xLoI9D8qshIT +vwQTB7/820qHsraiLVdrHpuuBCiaLo/uEy8hRwBeCzgKjo2HvrzrDtjVE8vEafYV +7MRUtfyhwXAD5TZPhcTT0SvysISCt7NHrUEPyNN+ISs4Eeql+o93Zv7sOTQPfsIk +ajzguDSu7E71hu4RBW185IbVj8CELi5GnCMMKlI38AosWKPXAoIBAQDjl5q7Yrz+ +nsC47scggwCStU+sXv5cKYi+gLOctj/oBLJKqnsK6o3JI2AyAIBLq/DxrZ7kvtbb +IFrxaNQWPJKKyx+e2pcCwlgcQCIZ8spQ0cdqW0UcZmMEN/T2b16V3BoaSUnIqBlL +yye+NsCDNNX9pTf6+8Si3WzbnWRvGO+yMJuzIbPy0I4JupKChNKdjhsZe3yGCcmJ +dzNy2rJAX2Qtx4NNdunF2jSNqcN9ZYG8wX7cQ+JH+BXa2efqpXC7eZB0QtjVqwIm +Awpi3FkcWlshgofo4AhcsLfBzkiZ9NyGlm+vZswNqOiTM4mLajlB0/EapEDEgru+ +P3/LIQ5+DrHTAoIBAQDrL4wjBS6H63nERIyinDml0H/EWrZwMSTdE9KyEZg0L726 +cuLe4XmY9P/kB4K0YQj8MvhejajuKMM+nQX8YRDneZWFq0bXVgDa48VZCu36Uxt5 +IXiebmNwNt8Fbp2NbDML2xA67N3Zh3t6McXnzomGzBxEPUbiMiFZ+t3GWlp5+R54 +oyq2UpclmcKv7CVcsu8r7n35v+FZcrHB3jNPsnTMuvRVcv1C5yhedH78YFCVT/84 +2OxheU+gqgdJpeGRrVN03ZdqAnB8pMftTY9IRZ/O0/D/SGIr+0o+G3yui1JQvHzH +vZpwr0BXi3C6yTQzfEReXVCKxDWIZ2GHjh1SIFRfAoIBAD0mufuJXzCm5S+LcNOK +f3fr4Zl1+LA4tLZDDH+Z9HfZ8zHetqrLNQeLSsiEm/Q5Icc+GEhsAnzkJ6tfuES1 +R8alJzzejN6/6z7D+KWyN6wZgZRRK7Oiyw4SHu6sI+TuO9E+SeXxTMKxtl8EhRt7 +8ddyMiVsynvcNOiZVKgJMjZVmzA5aQlgAhoZGE6bc5/D1AI3zNCTBqS584fzvRtQ +xjEKv3vr7IotxBsgNxeVU5OtBfIXB1DBFtYz4H2KsEyfMDIc1/gpN62Q+ZRwkjzt +BjltwijPMU/+Z5FaZOWBBlPfTej6HO+6p6sNmPJtuy61zL2UzpY+bkWC+EpS+nri +ZeMCggEBAJRin7+udPZRw43qycfjPSIQs35QmbT922ti4l/7ywOC5RTcmb4/tB4Y +qMliOl09FPuvBbxoZxIMX4sUVHGsmic6UAy2JxLGTok0inmtOKgwXl7eB2m+5+8C +j8VbfUNs5mnkD7f60Huo/vLFsdV29j8wNmbEN+fMQUXNa6n//PoNqs+cYLU+2Ysx +G78x6sdjDKvjyRmz+m43dE5aS5EddDWXSwYRhcKkXI6zqg4jHtqqPHNNsXPzTQKg +ubXoF0YU1IIV1+HrdlxqfnbHqApB9qF8pA+ovDLMWW4Vzi8MIuebR0N78KRyaF2s +CB/IgCJRaFy9Ch2Nz4ODay/Vbyj//Js= -----END PRIVATE KEY----- diff --git a/lib/hx509/data/test-enveloped-aes-128 b/lib/hx509/data/test-enveloped-aes-128 Binary files differindex 070174513a79..a4e0c0db8b2d 100644 --- a/lib/hx509/data/test-enveloped-aes-128 +++ b/lib/hx509/data/test-enveloped-aes-128 diff --git a/lib/hx509/data/test-enveloped-aes-256 b/lib/hx509/data/test-enveloped-aes-256 Binary files differindex 0c91acf5a7d5..f94371304eea 100644 --- a/lib/hx509/data/test-enveloped-aes-256 +++ b/lib/hx509/data/test-enveloped-aes-256 diff --git a/lib/hx509/data/test-enveloped-des b/lib/hx509/data/test-enveloped-des Binary files differindex 404a55bbebb4..a2df2df10b7c 100644 --- a/lib/hx509/data/test-enveloped-des +++ b/lib/hx509/data/test-enveloped-des diff --git a/lib/hx509/data/test-enveloped-des-ede3 b/lib/hx509/data/test-enveloped-des-ede3 Binary files differindex c5e7d3db4890..d0e451e189ab 100644 --- a/lib/hx509/data/test-enveloped-des-ede3 +++ b/lib/hx509/data/test-enveloped-des-ede3 diff --git a/lib/hx509/data/test-enveloped-rc2-128 b/lib/hx509/data/test-enveloped-rc2-128 Binary files differindex 75d8a0caa23a..ddc2a27c6609 100644 --- a/lib/hx509/data/test-enveloped-rc2-128 +++ b/lib/hx509/data/test-enveloped-rc2-128 diff --git a/lib/hx509/data/test-enveloped-rc2-40 b/lib/hx509/data/test-enveloped-rc2-40 Binary files differindex 5ce90dddd53a..13c57648bb46 100644 --- a/lib/hx509/data/test-enveloped-rc2-40 +++ b/lib/hx509/data/test-enveloped-rc2-40 diff --git a/lib/hx509/data/test-enveloped-rc2-64 b/lib/hx509/data/test-enveloped-rc2-64 Binary files differindex dad301051231..02fa0f3ecfaf 100644 --- a/lib/hx509/data/test-enveloped-rc2-64 +++ b/lib/hx509/data/test-enveloped-rc2-64 diff --git a/lib/hx509/data/test-ke-only.crt b/lib/hx509/data/test-ke-only.crt index 7494305beb42..27e759950536 100644 --- a/lib/hx509/data/test-ke-only.crt +++ b/lib/hx509/data/test-ke-only.crt @@ -2,25 +2,51 @@ Certificate: Data: Version: 3 (0x2) Serial Number: 4 (0x4) - Signature Algorithm: sha1WithRSAEncryption + Signature Algorithm: sha1WithRSAEncryption Issuer: CN=hx509 Test Root CA, C=SE Validity - Not Before: Apr 26 20:29:40 2009 GMT - Not After : Apr 24 20:29:40 2019 GMT + Not Before: May 23 15:05:13 2019 GMT + Not After : Jan 16 15:05:13 2038 GMT Subject: C=SE, CN=Test cert KeyEncipherment Subject Public Key Info: Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) + Public-Key: (4096 bit) Modulus: - 00:c0:85:dd:0b:7f:d7:6a:ee:c0:ab:e3:06:fd:40: - 44:10:23:e3:94:62:a0:b8:09:af:cd:01:eb:47:92: - 5b:07:c8:7a:84:b8:72:12:cb:42:a4:b1:be:77:08: - 5f:e9:6c:d5:05:3f:eb:61:9b:96:68:39:65:79:04: - c1:08:c3:8a:b3:bd:42:79:31:b6:3b:23:1e:d0:04: - b1:dc:80:5b:dd:1f:53:a7:60:78:bd:74:d4:27:70: - 1f:0a:e5:1f:42:97:ff:8d:af:c8:03:99:e4:28:f2: - da:b0:ea:34:a0:d4:39:37:59:37:f4:71:1e:bb:55: - ad:d7:91:b2:a1:c0:5e:40:7f + 00:cc:e5:88:ad:77:9f:da:7d:88:28:88:b6:0f:e6: + f6:2b:a1:55:da:7e:4e:75:8b:46:8c:e6:9c:f6:c4: + 06:ea:68:0e:85:7d:c4:d6:bb:a9:c5:82:3a:88:9e: + d1:e5:71:f9:2b:2e:48:62:f7:ac:7a:de:cc:f4:ae: + 07:da:86:2f:07:21:be:ec:f5:de:3b:0c:d0:66:88: + a7:75:0a:ee:17:c6:9e:b3:2f:9b:b0:88:3a:ad:de: + b3:bd:36:2d:20:30:9e:36:f0:3b:9d:e2:5f:4a:d4: + 1c:42:49:29:5b:70:35:02:40:79:82:a7:9d:ee:a7: + 05:85:d0:75:46:c2:77:4c:b9:20:6f:93:4a:85:8f: + fa:44:08:6a:ef:26:7f:af:20:e7:b3:a2:18:4d:78: + dc:e6:5e:c1:06:aa:54:a3:6c:07:a0:6b:92:14:f0: + 52:62:cf:d1:c4:08:81:4e:73:3b:27:19:34:a0:32: + 0d:66:70:05:ca:3e:13:18:85:18:d6:9c:30:b9:66: + 93:af:df:ff:71:07:ab:77:ab:00:32:d5:c4:64:7f: + af:06:e6:aa:7d:90:e3:7b:82:46:1b:d8:42:f5:7a: + 15:5f:b3:ca:b2:4d:e6:8d:65:29:ff:aa:88:73:15: + 85:21:69:23:a6:24:48:95:8e:a4:e5:2e:a0:c9:e2: + 75:bf:79:85:1d:b9:2a:e8:da:b2:fa:15:f9:c2:1b: + b3:69:3b:01:9c:54:4b:2b:19:ef:b8:f7:60:d9:78: + 8b:a8:b8:84:e4:0a:73:21:22:de:d8:27:9b:a7:7d: + 61:dc:da:55:8f:c0:36:4e:e4:99:8b:1b:44:03:d2: + 51:24:37:d5:2e:a2:32:7c:65:20:0a:4a:9b:9f:8f: + ea:16:7b:ac:fe:cf:57:a3:dc:75:98:4d:35:84:cf: + 20:63:39:d4:13:34:7e:f7:10:e5:ec:31:d9:5d:1d: + bd:e3:d9:c1:b7:ef:ce:39:d0:89:0e:b8:84:f5:9e: + 5b:1e:da:48:1a:32:d3:0d:95:92:02:e2:bb:19:6f: + 09:f6:6e:38:38:3c:56:1a:0c:38:81:d9:a0:d2:ac: + 99:18:43:33:e9:0c:1c:cb:f1:80:1c:7d:9e:e3:07: + 41:24:51:82:a5:04:00:fb:77:dd:9e:7d:7e:04:32: + 40:d6:da:76:1a:88:77:37:64:34:44:e9:b6:c5:45: + 50:54:28:bd:dc:aa:a8:53:f3:4c:26:77:89:56:be: + d6:89:82:83:d6:0e:27:0a:8b:ab:7b:aa:51:d8:4d: + e4:d5:4f:b1:27:0d:cf:80:ba:e1:ab:51:f2:47:45: + 30:34:e2:55:a8:55:cd:03:c8:f7:12:0c:78:ac:05: + 2c:99:47 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: @@ -28,26 +54,64 @@ Certificate: X509v3 Key Usage: Non Repudiation, Key Encipherment X509v3 Subject Key Identifier: - 95:66:6F:BD:03:40:04:B1:BA:9B:FC:A6:F1:CF:B6:93:41:B9:AB:61 + A1:E1:E0:08:58:84:EB:A7:1E:0E:7C:44:D0:E7:CA:B2:BC:93:8F:2B Signature Algorithm: sha1WithRSAEncryption - 3e:d9:cb:96:da:5f:4d:49:10:45:2f:42:cf:32:9a:d7:fe:72: - 4f:24:d7:60:e1:0e:df:da:03:73:44:4f:27:7e:f9:cf:aa:16: - c5:18:8a:ec:0d:56:0a:1f:1e:41:87:0a:67:62:d5:73:20:26: - e1:2e:10:6d:cd:ef:c2:28:2b:99:9a:13:5c:73:ad:a2:7d:5c: - 34:31:42:b2:44:52:ad:4f:96:06:30:b8:31:59:b6:e1:68:5d: - a0:ee:0f:83:45:1e:51:9d:8d:bc:8f:43:9f:42:c5:82:90:e4: - 00:9b:91:13:40:e4:15:60:e6:cd:3a:29:a9:4c:a1:c8:33:0d: - d6:24 + 62:5e:48:de:71:64:4f:fd:94:97:49:a0:1d:a0:50:f1:6f:56: + d6:90:79:51:a0:8c:04:c5:d3:ec:d2:e0:d6:4d:0e:ab:19:55: + 0c:9e:e2:5d:e8:5b:8c:cd:14:c3:b6:28:ff:21:f7:21:37:9f: + 0b:6e:cd:52:22:eb:61:23:4a:28:ce:80:c7:68:41:a7:4b:9a: + 4f:9d:b2:8f:04:6d:6f:57:f1:91:e9:a4:d7:26:f9:78:c9:c2: + 6d:e0:d7:25:9c:12:91:73:eb:2b:1e:e7:32:3f:46:1e:58:56: + a1:fc:b9:9a:dc:85:8f:1e:51:a8:a8:d8:5b:cb:18:75:ea:1b: + 9c:75:66:50:a1:9a:95:0f:50:8b:54:1a:7b:5f:4e:5a:c3:31: + 1a:c4:11:81:31:d2:35:4a:d0:be:13:70:63:9f:b5:0d:6c:ce: + 08:e9:fa:5e:41:28:92:74:f9:26:37:26:18:ca:44:b6:d7:ca: + 1b:63:22:c1:71:86:4f:fc:e8:ef:fd:e8:ef:b6:f1:2d:a1:7a: + e4:b5:12:f5:8e:60:fe:bc:de:8f:a9:c2:4a:29:60:f4:1b:26: + 7a:0f:cd:34:94:a4:d2:56:21:b0:33:a9:4d:7f:fc:6c:d8:71: + 17:8a:1b:d6:e5:78:98:76:f0:8d:d1:0e:85:bc:69:36:ec:99: + d6:56:13:22:35:9a:dc:43:b4:f2:d7:6f:25:6d:7c:6e:70:54: + 53:c4:fb:4f:33:c0:20:f9:fd:4e:51:b1:e9:fa:65:05:cc:09: + d6:47:4e:3a:a0:8c:bc:e9:fe:1b:07:b7:06:3c:62:05:17:a5: + 9e:46:79:04:9c:20:41:77:f9:50:e8:f3:86:0f:72:63:c9:6e: + 74:1b:1e:dd:ef:e4:b7:a0:e6:83:3d:d7:38:a0:8a:80:c9:3d: + 1b:ca:7b:96:ce:ac:37:a8:b9:51:30:98:d5:60:b5:26:c8:53: + a1:7a:ab:18:2c:36:22:83:9f:95:19:8a:78:2d:17:e4:aa:d5: + 37:e9:1e:fe:2a:ae:34:64:d4:9d:a7:0a:a9:a8:1b:c3:29:38: + 89:e7:57:4f:8b:f6:3b:74:4c:39:82:ce:36:2e:24:ab:90:fb: + dd:da:ec:eb:81:3a:66:0c:01:d6:03:8c:00:39:b0:83:96:51: + 7f:27:0e:e5:8c:d4:ba:c7:6b:f4:13:b9:ba:5a:02:71:44:62: + 21:33:51:6d:93:6b:04:6b:dd:e1:64:f5:3f:ca:98:39:b1:91: + 94:68:3d:1f:ea:91:b8:db:98:c3:a5:82:aa:24:b2:32:e3:f6: + 8e:7e:8f:e3:eb:0c:57:1f:27:70:10:d0:97:db:7a:8f:46:d9: + 8f:db:ff:5f:2d:ff:a2:fd -----BEGIN CERTIFICATE----- -MIICCjCCAXOgAwIBAgIBBDANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw -OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA5MDQyNjIwMjk0MFoXDTE5 -MDQyNDIwMjk0MFowMTELMAkGA1UEBhMCU0UxIjAgBgNVBAMMGVRlc3QgY2VydCBL -ZXlFbmNpcGhlcm1lbnQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMCF3Qt/ -12ruwKvjBv1ARBAj45RioLgJr80B60eSWwfIeoS4chLLQqSxvncIX+ls1QU/62Gb -lmg5ZXkEwQjDirO9QnkxtjsjHtAEsdyAW90fU6dgeL101CdwHwrlH0KX/42vyAOZ -5Cjy2rDqNKDUOTdZN/RxHrtVrdeRsqHAXkB/AgMBAAGjOTA3MAkGA1UdEwQCMAAw -CwYDVR0PBAQDAgVgMB0GA1UdDgQWBBSVZm+9A0AEsbqb/Kbxz7aTQbmrYTANBgkq -hkiG9w0BAQUFAAOBgQA+2cuW2l9NSRBFL0LPMprX/nJPJNdg4Q7f2gNzRE8nfvnP -qhbFGIrsDVYKHx5BhwpnYtVzICbhLhBtze/CKCuZmhNcc62ifVw0MUKyRFKtT5YG -MLgxWbbhaF2g7g+DRR5RnY28j0OfQsWCkOQAm5ETQOQVYObNOimpTKHIMw3WJA== +MIIFDzCCAvegAwIBAgIBBDANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw +OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTE5MDUyMzE1MDUxM1oXDTM4 +MDExNjE1MDUxM1owMTELMAkGA1UEBhMCU0UxIjAgBgNVBAMMGVRlc3QgY2VydCBL +ZXlFbmNpcGhlcm1lbnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM +5Yitd5/afYgoiLYP5vYroVXafk51i0aM5pz2xAbqaA6FfcTWu6nFgjqIntHlcfkr +Lkhi96x63sz0rgfahi8HIb7s9d47DNBmiKd1Cu4Xxp6zL5uwiDqt3rO9Ni0gMJ42 +8Dud4l9K1BxCSSlbcDUCQHmCp53upwWF0HVGwndMuSBvk0qFj/pECGrvJn+vIOez +ohhNeNzmXsEGqlSjbAega5IU8FJiz9HECIFOczsnGTSgMg1mcAXKPhMYhRjWnDC5 +ZpOv3/9xB6t3qwAy1cRkf68G5qp9kON7gkYb2EL1ehVfs8qyTeaNZSn/qohzFYUh +aSOmJEiVjqTlLqDJ4nW/eYUduSro2rL6FfnCG7NpOwGcVEsrGe+492DZeIuouITk +CnMhIt7YJ5unfWHc2lWPwDZO5JmLG0QD0lEkN9UuojJ8ZSAKSpufj+oWe6z+z1ej +3HWYTTWEzyBjOdQTNH73EOXsMdldHb3j2cG378450IkOuIT1nlse2kgaMtMNlZIC +4rsZbwn2bjg4PFYaDDiB2aDSrJkYQzPpDBzL8YAcfZ7jB0EkUYKlBAD7d92efX4E +MkDW2nYaiHc3ZDRE6bbFRVBUKL3cqqhT80wmd4lWvtaJgoPWDicKi6t7qlHYTeTV +T7EnDc+AuuGrUfJHRTA04lWoVc0DyPcSDHisBSyZRwIDAQABozkwNzAJBgNVHRME +AjAAMAsGA1UdDwQEAwIFYDAdBgNVHQ4EFgQUoeHgCFiE66ceDnxE0OfKsryTjysw +DQYJKoZIhvcNAQEFBQADggIBAGJeSN5xZE/9lJdJoB2gUPFvVtaQeVGgjATF0+zS +4NZNDqsZVQye4l3oW4zNFMO2KP8h9yE3nwtuzVIi62EjSijOgMdoQadLmk+dso8E +bW9X8ZHppNcm+XjJwm3g1yWcEpFz6yse5zI/Rh5YVqH8uZrchY8eUaio2FvLGHXq +G5x1ZlChmpUPUItUGntfTlrDMRrEEYEx0jVK0L4TcGOftQ1szgjp+l5BKJJ0+SY3 +JhjKRLbXyhtjIsFxhk/86O/96O+28S2heuS1EvWOYP683o+pwkopYPQbJnoPzTSU +pNJWIbAzqU1//GzYcReKG9bleJh28I3RDoW8aTbsmdZWEyI1mtxDtPLXbyVtfG5w +VFPE+08zwCD5/U5Rsen6ZQXMCdZHTjqgjLzp/hsHtwY8YgUXpZ5GeQScIEF3+VDo +84YPcmPJbnQbHt3v5Leg5oM91zigioDJPRvKe5bOrDeouVEwmNVgtSbIU6F6qxgs +NiKDn5UZingtF+Sq1TfpHv4qrjRk1J2nCqmoG8MpOInnV0+L9jt0TDmCzjYuJKuQ ++93a7OuBOmYMAdYDjAA5sIOWUX8nDuWM1LrHa/QTubpaAnFEYiEzUW2TawRr3eFk +9T/KmDmxkZRoPR/qkbjbmMOlgqoksjLj9o5+j+PrDFcfJ3AQ0Jfbeo9G2Y/b/18t +/6L9 -----END CERTIFICATE----- diff --git a/lib/hx509/data/test-ke-only.key b/lib/hx509/data/test-ke-only.key index ea8a9e03f9d1..d3617847d84a 100644 --- a/lib/hx509/data/test-ke-only.key +++ b/lib/hx509/data/test-ke-only.key @@ -1,16 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMCF3Qt/12ruwKvj -Bv1ARBAj45RioLgJr80B60eSWwfIeoS4chLLQqSxvncIX+ls1QU/62Gblmg5ZXkE -wQjDirO9QnkxtjsjHtAEsdyAW90fU6dgeL101CdwHwrlH0KX/42vyAOZ5Cjy2rDq -NKDUOTdZN/RxHrtVrdeRsqHAXkB/AgMBAAECgYEArZfGYXkLb0MKfbJ+edn5xSfn -K8PmsSsi1lJ1qJph9Fmjh4qcaS/XzpLqb4Ago2Rbi5lAD0nwS9f9FCriN5nBtJCO -frm3b4Ct0yQrtwID3kVqGDg6MmMu+11x8IlQAz/zDZ34ik/3+Z+G9N4WRUD2HFRr -+18SzS5yhZmmjgKYkGkCQQDt/LKcz020nfVednN/6fzx6ZbSFX/x8MehJaI/BEbS -uqAl6u9pr24I8FaDGySdBsJua4xZJVS6YUE4LXqRFeIFAkEAzxg9PQp7AqK3Cf90 -6pS7IKnHfRraBY6uvioHVIqjU1LYOoLGHKzlrtOhGDpN3E12S/0u6LJZGRAZ/7Aa -f98LswJAFbvLD/j6jrESNGM63waeW/VKGbtu6MhlYrkOHRUl5p62e1/+JzenI9fW -/rge2txAK1dVBNsc5rx0+U1l8RP/hQJANZFXhcqINw5Puk5Rt7vxC2nfKAUiD/3w -RVApxTx3Mr5jH/9jr1cpsicbrGCocyu2RcGfuKEpWspHb1PmBt1y8QJBAJYfAmjL -B4p8C9TCnb2NosRj/2wLcvdMJV22E8KFWzXAqRL9FKUKASULKxHy+rne4FHytEQD -w7MMQNWHjQVnFcM= +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDM5Yitd5/afYgo +iLYP5vYroVXafk51i0aM5pz2xAbqaA6FfcTWu6nFgjqIntHlcfkrLkhi96x63sz0 +rgfahi8HIb7s9d47DNBmiKd1Cu4Xxp6zL5uwiDqt3rO9Ni0gMJ428Dud4l9K1BxC +SSlbcDUCQHmCp53upwWF0HVGwndMuSBvk0qFj/pECGrvJn+vIOezohhNeNzmXsEG +qlSjbAega5IU8FJiz9HECIFOczsnGTSgMg1mcAXKPhMYhRjWnDC5ZpOv3/9xB6t3 +qwAy1cRkf68G5qp9kON7gkYb2EL1ehVfs8qyTeaNZSn/qohzFYUhaSOmJEiVjqTl +LqDJ4nW/eYUduSro2rL6FfnCG7NpOwGcVEsrGe+492DZeIuouITkCnMhIt7YJ5un +fWHc2lWPwDZO5JmLG0QD0lEkN9UuojJ8ZSAKSpufj+oWe6z+z1ej3HWYTTWEzyBj +OdQTNH73EOXsMdldHb3j2cG378450IkOuIT1nlse2kgaMtMNlZIC4rsZbwn2bjg4 +PFYaDDiB2aDSrJkYQzPpDBzL8YAcfZ7jB0EkUYKlBAD7d92efX4EMkDW2nYaiHc3 +ZDRE6bbFRVBUKL3cqqhT80wmd4lWvtaJgoPWDicKi6t7qlHYTeTVT7EnDc+AuuGr +UfJHRTA04lWoVc0DyPcSDHisBSyZRwIDAQABAoICAGWOQz9PcnDWFX2ZvTuGi282 +qRoBzpueK5q81wHMSW03pDLwEncoTs5xbNe4eGqUIh8P8przDY9dDRMdixD5vyd2 +x24lsz9ra4PWqcFuaHJqZNCFgVJvQz5Yipf22UkCL/kk+zeXMwogtdz47EHBDNUP +5eoncDUQncEkgGxRCNaDT5td0ur+YNoFnhLo7xJ7abx0VD1Z8YtRXbUTCZ5ydhlC +GAa+0ubdAKh8WrLqlGAdsyLPjCrAzW3fdJGLrrL4eYH7YKokiTSZy5glrpSDtbLm +QndWLxzLiqT1/g/hEdcf6qYjtAzKZcKhaL6q5LS97t2Pgjbf9wYBzKM3iERoNVmO +D8sWmSg9fiNRjzZY1b1ulE9PQhQOUB8MWUCBPBeimQtCJKqxC9HoH+WH2OkV+ikV +cj3pwVqvK/fJtLZ5jC42ZEsLD5YpnDpxtcj3yrrJ0g5ikWhMU94EcOOsIgkpeqCT +L/G8x/H5rgmdN15rI3qERdJRbkDzq8AEriaNo8lbr9xEWRggzs6vmg1x5scNfpFW +hFRkGO5iGheScrR9rIwmFVSz+N1g9K4RhKXsgGmmj0pHSn+2NozxKPXsSzNSrgGZ +YJc1c7Yv3S5Nqwkzzy+o4WICejJAjzGf5y2bUQ+CIA/SUtmyygADYCClLQ0hjpjc +llslljxigyjVDNFTOV3ZAoIBAQDtcdnK3Iy32+cJ1yuL2t8lWSlu1Bbazmz7heH1 +FSYzPyqidwQKIKuuZEMfRb0dBZGxPszoiWZxn3Dc8oDbHGDp9TwDkfxT2S51fvOE +PUdc6sAFUn79joTl5kak+rPDjNWiNpax4kQJU4/kUtibs1bHkZx1voYZ3J2ZeWDH +td3OY+lHMOU6dUpXYoQEYLbc95gU+fCLZRLP/ZVSrvhZm2/Q8HUHohf6Wb9l2ufC +cGwUkb3iUk+OyboEu3oQgUY5DBX8rQsvje+sbmk0my6vhCO8LuuqNfxUrijSJuzW +aWSC0khPcOolJpNJLYVDYbuzqckev/GCzCLAj55z60WQA1gVAoIBAQDc6IyFJbn8 +gPWvXPa53e2Me4kdzb6VnYHSyvAeBXMLbxXJTPFmBTa+MV2jpA6JO4pmOyfjdtZw +a9zEXIRG/RpFitxQCcsHVI5TnARyU/J0tkrdRy/ujHYh1lg3lk2EAPxmmkzRLpES +VatfjzQLt+teBCNWi08aeQmzwlVcwId5frEkhnz60C2YXqUIPLAHz9peMWrElSbB +TT9pHnT+gRE/WgqHiov9va7Zz3wFYo5p1GmBIIKTvlIoWHQYIh7ily9O7Oe4kDIQ +3rFLEtwAeiBrICRsOs3bidcdtAV9H+OTl+H6sILZGuWZfHH9Bhiwhfv0Q6qsD2du +Jukz/jLcMUbrAoIBADYvwTAWXNaojHUmcX2dGUeArX/pTr3oVd6gkwxHI0yWobgp +yPY2tnc50keUtq+k0bbNSh3XHVXYuPzzKozWUReTK3r1GcxYx81wh0oqYdrGh8Ov +K+PZXmLIxl5oCBYcUbSPGJzHshcexruoXF5L8wXgKQCF1jyYqC6aEIgC7PdovZfN +hMJueeSvSslk+NY8eqxuzYJCMqTcjfMskuiAHGhmN47iYu5zBMbNyg4JceDP0bGQ +by96wcTKs/SIS+pA49Oh+eeEUKndGI00zNapJS6Q1p8lasw4YoBy+aGEs7dXHcFj +V0vbHcmZZcwWxasemBM4Ynki9NtU6ygxDNLssHECggEBALXkXN+9IpjAbotIFncQ +PupvRYVexVBX8m9oXbG6dvGxM9UeH54LKPoNl7aH/NgOSHTIvJ1UWlkS1yJvsxLo +kFs2bRUSGzQb8Vzyl86zRG3JM3djiBn5WcOew+BxR74rOagZ4KpUl2rrU0JJnWcQ +tyIgciBucGGxy8VRfAv1Exd8s8sJWZsDEqflNinEHoUwJfNs6SaYUOLVAiNByr9L +8rGhKA5Wi9IP/wqlBs9ASVbmaUDDTgDssqU5v82nOpsENRXdhya2xCKT2pOgIbna +1Rqfyp27BYmAw7lXYzWVrkL2ykEqWXL97JMmnoziGi4vBDgqBzvJKzbNnzMKWUJo +6KUCggEAWseXquzJlsbVLjowrIua9lwfFm+YUyqKMPmZ1TUblMEv9IrkbHGyXv49 +H9jSs85g8GAH/BwB1G9oDZjnP+Yj0Zjsd9ZImFz2+VRcVCSCBUj4Qv1HAxls/Aq/ +/QCUhj0o/TIcbO5V8ImUOlwKUyoNW7rXGEl4b152J+wakxiA1LYTs08usxsv0KtY +qbqv0VicOBYXjnn3SSSoR7i11vm9CZPa7g3YEBuI0T3QaPvZHRueovgsdmL6OLH/ +hdFb/mA9f8aEsCVUbbDstRnlldZOtfHuqj3f4NbmxcaxX0D95kl7QqRibehFTOGG +VNAP/Wqk5Tqv9O/YM7QH6VFyharThw== -----END PRIVATE KEY----- diff --git a/lib/hx509/data/test-nopw.p12 b/lib/hx509/data/test-nopw.p12 Binary files differindex bece1f1cce41..9349b0fc7b6f 100644 --- a/lib/hx509/data/test-nopw.p12 +++ b/lib/hx509/data/test-nopw.p12 diff --git a/lib/hx509/data/test-pw.key b/lib/hx509/data/test-pw.key index fae8e5cee692..066e58170a74 100644 --- a/lib/hx509/data/test-pw.key +++ b/lib/hx509/data/test-pw.key @@ -1,18 +1,54 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,8E591DF1F7BA7038BC8A176AA9C47330 +DEK-Info: AES-256-CBC,AE4D50F1D037E93C416E5EE0BA31DED7 -7sslSZnKwAzVwntpdDZkgOP/LOHtI8tck4XJFKWDLRm3YQ88TEOJe4aH6oAYJeil -imCrnaeTFv/KYYxcn0kNmMDMw2+AC5kKhzxFkBpB66g1IY4PJOWbX52DGPLj82IJ -ahB5J0eruslPSUv5NhJc5BbWwoGcOKo26vv0QSLgUIOm5k1g2JcsnhR4UptQ2Oa6 -EjbulkE9RvQWYlTfF3KKlpgNkTO+46EcYJ5a3rKYC3z3R7wklKrYw9WWdIIu5BE9 -Yw4BX07+bUDn7qtTIOcmtw3EUYFVRpSCeDequfRV2DHxdaQs12Brba+nzWD/rMZZ -zCtbkSSk/0O8qmiAtHVfWilE7t7jTxVd1g10ZHrvcOgKfr9Z1UgM7G1EMdjViCkR -CIAYbmDSVLXkmeONg/MZU14XJHizJR4po0iZDBBeyF6NvsvgU1w2Jfiocp1RT8QB -AnRIWKgzZ0chKjjSY/2+q0Fkzae7OdXdggRDVf4HMKWiayi0xz8vBxObRuXRPbmp -QhcyuQUcoiJ69HqFpODBelnwBfNbnMfq2w/u38ytv75Q5jqNoALCsVy22QoFz5RX -d+RFt+5VFZYUsqApA6yzLAJbvVcyIVIFWv8lQwsMzMBFk5gO2KAle0mHhJW1ufAV -6p1tMCWRjRxBMXKQ4O2lHWi2jRQjPWJyJMKKCv+yXEHwXSoDRKJYNsO57m/cDE0S -388gWkry4HT46Gnn2uH+eXavT4Wu/7NWCRuvgV5VLVik/L3OVx086w+3sZEliuk8 -WnfVqctp+BVQEwTk3CT9Bx5TFvAWl2vDs7bxkbAUsYa6yz8JQWIJ7DOsy3UmDKN0 +RwILhdS+r3Tt/J+aXaydLB4AX3vuR/qXW4/Qi3LOgY5bIDEJvoc5m52gTtDgefc4 +H/Evvn9jLq72TkOipLgnnCga9uYbJgiE3/dTZXDwcnCzsorkNIECs2KyGVAR7ouT +FDoRpx+2zC6Yt2kV3vkI+wgtkB/u+hfrZ0hiC/NjmH+3/6gSmceb6L34cAKcvLb/ +OeaI3beTSlTEQ22CtxNwmFTGSqiEdw9pFYOTjcGus4s39zGNDnFtp17jZAFQf/v/ +dm//a93yGS2ytkAsNuMNOwGTFe54ipwXOWNxenCWUWltvaHH8UbT9qcVnZ/RbKtY +QzDl8nJGPzatM+R9xdWfjI5VU3DxfrgEzHtEUGlU1Cr17k8MubEzHQPimVYqfU9s +9GjM3PXuLUw11tXzUS8udWhA9kHZ3VTNie+y7+XlCSibODw4BSAFokBp7uJLe7dF +G5UH+unv7rsBtuOhqCKSnoRgztc5SsoarCt0cKadJRkLK4trgki1g6Vcq4QdqbyI +8+qfG787fWISC6CGOQMXnpsQX3XfzpodXpEsaQDpjomAUOKcSmMdEvhf5qHlBnS1 +TNoA8qRb4e08BBez00jTAu/7M46MxgmKDFzavYsWfEqqvwPQVDAFyQkcuT3ZXwtl +m5Ay7TBB7hh/yDH+BTXfg4l62ZlGWG0rVczhcNTLMWuWj/HErFmRD2ousUmqPJz+ +3B//V3ad0eVVfJv2bLmT4f4VTmcpvGjtFflMtrR/hGzDLaWnlswr69F8ZREdxX40 +7W0fePlUhYpT/OsA5wQylHcYx9GcA+LOS9vXK5JgaL7jH4FP/5z61VG64CBhTMYc +aAQl4jVwKz9yvQpMCWNf2wIghNRw0p4Ih2ZEFBY1wzjL+n4uzmSNwLhX5yZ0Y9oO +T6u38KvazXutWn6+jAOZaE/EaacOrj3m3ZCSPs6Gtre8k6lfpniY0EPGcf+x5MON +oIGZXB43G9CQv6hLBG1Vr49CW3yFxtyX4UQlBcn+62A6CeLR9qoPdrWS3utT/sgF +PrbhGXNbROIFd+zf/ZDCh7Gfm76+R/yJ32tZQXCAoTHitNf6UPlzQxamoFrWgJ7+ +S5+Xeh/DVvJq1P6mbo8n8Noyci+zrZIQXWMSKyirk3pnMZ9e/MtUnjG6S9fb7V7n +eRuN3Z1k/jyKLAAPJVPe7myG5L+Cz6BS1rwT9h43Pi/pKW65Le5PU+h/9qCBOHNW +fEegF2Bqu2/cJZovUAyekXwYQp7XQrSaxLG8EA57SGkC66tBhiyyScW271dDA5hy +TU8nBMh39xj27uRh5AO9LrK4Q6Wn6l/b+KVMV+Kg3S7iMyuvfsHTL+vM8DlPtcb4 +e4yjGT5V4A4RsiDxs2+rDHQV24eWEgEamlzIMJsyVvFPVwKWPwSPgMd9S6uHMI7T +Na8SGnO239JzHMav88cq1MVLUv2XH4mmqk7i/JNjl3nzQRwOlXtgICjHjlACJut1 +7vH4U8l1DmfVzrcfh2Vc9XahnTA5aWuQsPjrRv1hFTW3HVcpFwtxV1wTAwCN9dnQ +cB9nTSe+RosfRypuwPRGOWaiWckUOAFVLJiIThuh2e5/SZkIuMgtID86rjDTAKB6 +0JP1DxMOXa0gv0SdrIwv5cQl2kG+uaXhListTm3pl/XAqpSmCyY53wRm2RWDJuNs +m8myLHyjDCoYxWPqqhV9LYpU4VFYGgo3eZK/b9Tw4IcOpdosJxhpvGxu1a2ZmQxU +bkx1hyzKj7ZmfGhvG/f7J+n5tuEloa1EbicAhLZDWi8lBMnKV3rAAADXXm4rhFUO +ar8sBfJfRC0dGpgE5zoR0pU2Wx8dIFFqLlHvT0DkPIrTDYnxbbmT0CGNHzVgetn+ +N+4tGdP1v8+Vd+BipaQAXor6kd1pn+oywKttx6eZE1jHHnZzJpX6VrqwnIdxtlEJ +3Pp4l04+bcu+/1WUKRvNXwPLjNzIZjaFJxdKUVjC/9JbB/Vx3nKi/VB+ymy/cCoM +Zte4Owf0cxnYRXE6pBw4FkZJPitf6b67G21cbnzQPC3ZLpm0TOA6eO+Lsgb+WBo/ +3MGnIhFuT5PmIiSTLiajfKR1H6pP/Sf55P2B/qCX+aTdpvMrytnz1n9rbF8w9mYN +QPb1UbJyZJDEOCtoYLH9hNTI5msHeBoQMCeTbDML7SqQRNHcFynXY4qqVF/avt36 +ZLrKv6PZuQTRsXr+1JbgJydHQVanqeK4XPwK84FE+guHZWo3ug6+eEgqMKYkzAKA +GAN3Oinitkcpnt74ZH0XocmMwUGS7qj5UiNm73gIP6MEA1uYXqpb7FnJRALwb33r +qYJ72qomcNt/iow4M3kkMDSSPlat/2OhtWtWijYKwk3c5yZmV6Bc+QX6MZS3MZXy +vrk0L/bUV1m8YCCiuSiwuyQslEZUfY6klIJlTJ7NkHHT47vgwmJGYU1LamsuZfwe +LzH1xeDCxtCUUGgvtngj+dgoNMr7CxB9MemJo/gFOa0XlZq0CezSfM457RgM536A +b+62dmd12tARkRlvlNj3wck70r16Xz7tUmFWFdsro/ga9wvqnjwKVKUsA/xpZy7H +nhtLvMnvnk0Zv+wvRWB3D16TC6kHQjnI3PjLGYa7fwMTErmBNDxMz+8JvFwMqrJd +an4QBQocGTSO+HMsb3krHo9AdBBSsiRNYWNPda9an9qjARy7rbo9Fy5khWyZA89q ++pGDtn5nPrNvbCz48aaGH9FBZlywweDQdCnWe4hNl3+z9NQxxf+pKRIu6AI58iqj +IWezU+pwyJjPA3e6u5zZ7IiRfmRnuxeouH0c6YcKsgMNlsIM7D/vjo2YXpkbyQqV +aEpAVzknHcypN1PIsfXU2Zo51jG66AD8y5zQ2nUlZnat7YciryxnpvFVef9Nf62N +kYxzdJdAT6pfEXk2L7xORX3a97yN3mCzPp2i5jIkhOtVbVdvG7xgGcoPNGEIhMIo +Al4YdPiMb/dJPmKAkJJptAYKpQAaEvhKtv4t8NZ0c3EEYVwJc8eJaz+cKCsLJEMX ++7OMT8Tj6IMWIY1aWetQix3A/iQjBSUfM7AmqvYRv8Y/F14EM5eC4RLFK5o4RWWf +Ck9XeE5fG0q1pSpbnrjeopakwy008unT+CILpjWLBnIXJ6kI8fTASeFrLtWurNkv -----END RSA PRIVATE KEY----- diff --git a/lib/hx509/data/test-signed-data b/lib/hx509/data/test-signed-data Binary files differindex 583c2aa7fc1b..edba3857b3df 100644 --- a/lib/hx509/data/test-signed-data +++ b/lib/hx509/data/test-signed-data diff --git a/lib/hx509/data/test-signed-data-noattr b/lib/hx509/data/test-signed-data-noattr Binary files differindex 6c6d02fffcbb..5d768f88b2a7 100644 --- a/lib/hx509/data/test-signed-data-noattr +++ b/lib/hx509/data/test-signed-data-noattr diff --git a/lib/hx509/data/test-signed-data-noattr-nocerts b/lib/hx509/data/test-signed-data-noattr-nocerts Binary files differindex 7de2f4492885..5f20eeec2cbe 100644 --- a/lib/hx509/data/test-signed-data-noattr-nocerts +++ b/lib/hx509/data/test-signed-data-noattr-nocerts diff --git a/lib/hx509/data/test-signed-sha-1 b/lib/hx509/data/test-signed-sha-1 Binary files differindex 583c2aa7fc1b..3580544a0aa9 100644 --- a/lib/hx509/data/test-signed-sha-1 +++ b/lib/hx509/data/test-signed-sha-1 diff --git a/lib/hx509/data/test-signed-sha-256 b/lib/hx509/data/test-signed-sha-256 Binary files differindex 20228788ebce..edba3857b3df 100644 --- a/lib/hx509/data/test-signed-sha-256 +++ b/lib/hx509/data/test-signed-sha-256 diff --git a/lib/hx509/data/test-signed-sha-512 b/lib/hx509/data/test-signed-sha-512 Binary files differindex b4bc5a6ae609..0816fab839c1 100644 --- a/lib/hx509/data/test-signed-sha-512 +++ b/lib/hx509/data/test-signed-sha-512 diff --git a/lib/hx509/data/test.combined.crt b/lib/hx509/data/test.combined.crt index ae16b63c49c6..2adab3347413 100644 --- a/lib/hx509/data/test.combined.crt +++ b/lib/hx509/data/test.combined.crt @@ -2,25 +2,51 @@ Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) - Signature Algorithm: sha1WithRSAEncryption + Signature Algorithm: sha1WithRSAEncryption Issuer: CN=hx509 Test Root CA, C=SE Validity - Not Before: Apr 26 20:29:40 2009 GMT - Not After : Apr 24 20:29:40 2019 GMT + Not Before: May 23 15:05:12 2019 GMT + Not After : Jan 16 15:05:12 2038 GMT Subject: C=SE, CN=Test cert Subject Public Key Info: Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) + Public-Key: (4096 bit) Modulus: - 00:e8:6a:8a:12:02:ed:86:e3:1a:b6:79:18:cc:ab: - c3:d4:cf:30:f4:dc:2a:90:71:c3:00:18:20:84:73: - d6:a4:55:b6:71:e4:33:fd:b7:a3:e3:6d:d4:ff:29: - d2:56:7f:40:63:e4:bf:12:8a:16:7e:ff:5b:e9:6a: - ce:50:b4:e3:85:11:a1:22:cd:c2:b4:e5:46:b2:0f: - 3e:04:85:7b:a5:4d:3e:7a:b8:c7:7c:d0:2d:fb:95: - 60:d1:40:42:bc:28:ae:f1:3c:7c:0e:5f:ca:e4:8f: - fc:4a:2a:1d:ef:10:05:4d:09:54:b7:12:16:79:bb: - bf:cd:a0:92:66:9e:94:e1:ff + 00:a9:c9:ce:f8:b7:77:99:3c:72:54:8c:cf:0a:63: + 9d:f2:df:0d:07:6f:22:54:17:71:ff:76:a6:d1:9e: + 33:f5:05:3f:ac:32:be:58:e5:7c:a7:d3:29:dd:3d: + 38:62:64:8d:82:d2:aa:f5:05:36:f3:bc:ad:7f:4e: + b9:c5:56:89:ea:c2:d7:b1:96:69:fd:f7:4e:35:56: + 59:7c:03:91:79:60:f4:a1:a8:78:a0:1a:04:2e:0a: + 98:b7:cc:be:f3:ea:28:6a:d7:5e:80:8d:74:c7:f4: + d8:96:48:44:94:1b:ce:4f:9a:65:8d:54:c6:c4:69: + b3:be:fb:e4:91:79:5e:c5:ba:f9:df:03:de:14:e2: + 68:1a:6a:e9:51:83:01:0f:e6:09:0f:c9:a1:78:b4: + 75:45:18:f0:43:7c:11:37:b2:91:cd:50:6e:71:42: + 69:c0:36:da:e1:bc:24:fa:bd:8f:c5:ce:ca:d4:af: + b3:f1:d7:20:c1:ac:4d:31:42:c5:cd:6e:6c:41:0c: + 8e:8d:08:8f:2c:b0:76:02:18:d7:0d:0f:fe:ca:67: + 3f:b6:fe:1b:36:a7:ca:33:bd:01:36:7e:97:f6:e3: + 55:9c:4b:a5:fa:48:58:a7:07:ca:c8:71:2c:e9:05: + 7e:3a:40:4a:aa:b7:34:13:e1:b0:5a:eb:58:50:0e: + 99:31:bd:6f:e9:fb:bd:4b:f8:05:70:5e:01:41:36: + cf:cd:7f:6e:d1:e6:de:e7:23:a9:86:49:61:26:fc: + a9:58:a3:45:37:b2:47:fa:ee:cd:74:e1:a1:28:cc: + 50:5f:e9:b0:fe:67:0b:7e:dc:4f:e9:fe:5d:ea:55: + 9a:87:d0:13:6d:9e:b9:f1:cd:08:b3:da:c7:d2:3e: + dc:fa:d2:03:58:f7:e6:43:03:5b:c9:0d:ee:d6:26: + b0:fa:eb:36:5e:a3:d0:ae:cb:00:4c:97:bb:9a:63: + 09:59:10:6b:c5:f9:e7:4a:3f:76:eb:a2:63:8f:45: + cc:43:8f:4a:15:2f:dc:3e:f2:11:3d:07:03:c4:b8: + c5:e5:65:1a:c7:d2:87:42:53:d3:a9:3f:fb:99:a0: + b8:45:43:45:ec:09:59:c9:bd:55:22:e0:0e:19:ed: + 49:fd:b6:db:5c:84:b0:01:89:50:a3:ca:1e:41:ba: + 82:87:db:da:b5:2b:71:08:ae:1b:70:41:41:ca:24: + 70:6b:9a:c9:db:1d:b2:65:94:01:9d:ed:b8:b5:36: + 4c:f0:f0:39:be:bf:e4:49:02:d4:55:ec:11:dd:23: + e3:6f:c1:28:99:77:44:29:70:a2:6e:ec:b2:53:86: + e1:c1:45:3c:67:ea:12:08:b3:be:d2:be:9f:00:b0: + 9b:1f:61 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: @@ -28,42 +54,115 @@ Certificate: X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Subject Key Identifier: - CE:77:6E:DE:0B:F4:21:F8:78:C0:1A:7C:C3:B9:66:EC:4C:3D:4A:23 + D3:E1:59:20:A1:DE:3D:12:57:0A:3D:BA:0A:6E:67:0E:40:A7:9A:88 Signature Algorithm: sha1WithRSAEncryption - 45:23:30:f4:ce:b8:c9:b6:a0:2e:4a:a0:64:bd:be:57:d5:64: - ed:4a:8d:95:a3:9a:19:3c:56:7b:14:a6:2e:6c:37:37:ae:2a: - b1:42:2e:0c:b8:7e:57:f5:5a:38:29:8d:78:53:b3:2d:c8:c2: - 97:f3:ab:51:6a:c4:df:86:97:ca:68:55:39:e0:f8:99:5a:bd: - a4:e1:34:50:34:8f:70:d2:74:2d:b8:90:ef:b8:d2:22:3a:ce: - be:82:a8:4b:b3:32:cd:1b:8d:0b:69:7d:0c:d7:b6:33:dc:68: - 41:76:a1:36:20:8e:ba:34:45:be:71:bd:ab:bf:74:77:87:e6: - bf:7f + 0f:2c:68:90:33:67:b2:86:09:26:ec:65:29:ae:76:d6:a6:2f: + 53:0e:d3:16:cd:2e:0d:a8:d1:14:22:f5:63:66:a9:3d:78:43: + 40:a9:db:ef:02:52:d1:a9:c3:0b:ad:24:8e:a0:56:63:1f:ba: + 23:48:64:74:ac:2c:bd:67:f8:87:6d:bf:d6:83:68:aa:99:ce: + 4c:0b:30:d6:06:59:7c:74:0e:2c:8b:ee:5a:61:af:ff:f7:3c: + 51:10:a7:93:44:6f:bb:f4:8b:5a:2b:5e:1c:4c:89:60:71:af: + fd:bf:c0:fd:19:04:12:81:a0:ce:ed:b4:dc:64:12:80:36:18: + 9f:1c:33:25:94:dd:94:51:eb:a1:c6:21:06:b5:16:05:7d:d3: + 20:53:de:60:5d:40:6c:f1:7b:a1:98:7f:1a:bd:39:46:0a:ec: + a6:cc:eb:7a:96:d5:43:6d:e5:c7:61:d2:f9:ed:76:a8:44:3f: + c8:9d:45:1a:2c:3b:52:f8:08:7b:67:39:aa:ae:88:4f:eb:90: + 99:9c:f8:8b:ae:c7:7a:eb:40:b1:ea:78:51:74:e9:11:2c:c2: + d7:c0:93:35:c3:27:59:89:dd:1e:e6:4a:ed:fd:dc:1f:08:e2: + 80:ce:a0:72:ec:04:d7:2c:1d:d6:2c:67:f3:b9:ce:e9:be:70: + 10:82:b5:bf:45:29:c1:cc:36:11:5d:83:3d:17:11:03:b0:17: + e1:3c:05:f0:ea:07:c6:3e:62:ce:2b:d9:55:41:dc:0c:55:82: + 0f:e0:d5:a8:02:65:fa:c8:bd:60:16:b4:6d:53:08:9b:06:25: + 94:c7:8f:ee:ac:5d:25:ad:cd:9d:af:7f:a8:5a:99:49:fc:fb: + ad:69:8e:c4:c9:57:7c:88:2c:32:2b:ec:11:ed:61:cc:44:92: + a7:18:11:19:96:e6:be:88:5d:ed:0f:dc:ca:2a:31:e9:2d:aa: + 03:75:03:f4:42:5e:6c:86:b9:7f:b7:59:70:ba:09:b1:ba:28: + 3a:be:68:45:a0:2e:89:0b:ea:a6:d9:85:58:bf:54:1c:02:56: + 3a:d4:4f:88:7a:5e:c8:21:33:64:76:74:68:36:7a:a4:1c:a6: + 5b:b8:f1:ef:98:10:82:84:d4:df:2d:34:4b:6d:15:62:55:31: + b2:78:93:33:37:20:db:a0:30:85:db:cf:00:7c:b3:b3:a2:a9: + 31:d7:06:fb:e7:ec:38:4f:3d:61:73:bf:b8:21:b0:c5:f8:3f: + 98:8d:db:aa:23:01:41:d4:3c:99:cb:ce:4a:ff:10:fe:a7:52: + 3b:8c:0f:30:6d:a4:4e:53:4d:60:2b:6a:05:ab:ef:b8:61:9c: + a4:85:99:ae:b8:63:c8:e3 -----BEGIN CERTIFICATE----- -MIIB+jCCAWOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw -OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA5MDQyNjIwMjk0MFoXDTE5 -MDQyNDIwMjk0MFowITELMAkGA1UEBhMCU0UxEjAQBgNVBAMMCVRlc3QgY2VydDCB -nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6GqKEgLthuMatnkYzKvD1M8w9Nwq -kHHDABgghHPWpFW2ceQz/bej423U/ynSVn9AY+S/EooWfv9b6WrOULTjhRGhIs3C -tOVGsg8+BIV7pU0+erjHfNAt+5Vg0UBCvCiu8Tx8Dl/K5I/8Siod7xAFTQlUtxIW -ebu/zaCSZp6U4f8CAwEAAaM5MDcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYD -VR0OBBYEFM53bt4L9CH4eMAafMO5ZuxMPUojMA0GCSqGSIb3DQEBBQUAA4GBAEUj -MPTOuMm2oC5KoGS9vlfVZO1KjZWjmhk8VnsUpi5sNzeuKrFCLgy4flf1WjgpjXhT -sy3Iwpfzq1FqxN+Gl8poVTng+JlavaThNFA0j3DSdC24kO+40iI6zr6CqEuzMs0b -jQtpfQzXtjPcaEF2oTYgjro0Rb5xvau/dHeH5r9/ +MIIE/zCCAuegAwIBAgIBAjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw +OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTE5MDUyMzE1MDUxMloXDTM4 +MDExNjE1MDUxMlowITELMAkGA1UEBhMCU0UxEjAQBgNVBAMMCVRlc3QgY2VydDCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKnJzvi3d5k8clSMzwpjnfLf +DQdvIlQXcf92ptGeM/UFP6wyvljlfKfTKd09OGJkjYLSqvUFNvO8rX9OucVWierC +17GWaf33TjVWWXwDkXlg9KGoeKAaBC4KmLfMvvPqKGrXXoCNdMf02JZIRJQbzk+a +ZY1UxsRps7775JF5XsW6+d8D3hTiaBpq6VGDAQ/mCQ/JoXi0dUUY8EN8ETeykc1Q +bnFCacA22uG8JPq9j8XOytSvs/HXIMGsTTFCxc1ubEEMjo0IjyywdgIY1w0P/spn +P7b+GzanyjO9ATZ+l/bjVZxLpfpIWKcHyshxLOkFfjpASqq3NBPhsFrrWFAOmTG9 +b+n7vUv4BXBeAUE2z81/btHm3ucjqYZJYSb8qVijRTeyR/ruzXThoSjMUF/psP5n +C37cT+n+XepVmofQE22eufHNCLPax9I+3PrSA1j35kMDW8kN7tYmsPrrNl6j0K7L +AEyXu5pjCVkQa8X550o/duuiY49FzEOPShUv3D7yET0HA8S4xeVlGsfSh0JT06k/ ++5mguEVDRewJWcm9VSLgDhntSf2221yEsAGJUKPKHkG6gofb2rUrcQiuG3BBQcok +cGuaydsdsmWUAZ3tuLU2TPDwOb6/5EkC1FXsEd0j42/BKJl3RClwom7sslOG4cFF +PGfqEgizvtK+nwCwmx9hAgMBAAGjOTA3MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXg +MB0GA1UdDgQWBBTT4Vkgod49ElcKPboKbmcOQKeaiDANBgkqhkiG9w0BAQUFAAOC +AgEADyxokDNnsoYJJuxlKa521qYvUw7TFs0uDajRFCL1Y2apPXhDQKnb7wJS0anD +C60kjqBWYx+6I0hkdKwsvWf4h22/1oNoqpnOTAsw1gZZfHQOLIvuWmGv//c8URCn +k0Rvu/SLWiteHEyJYHGv/b/A/RkEEoGgzu203GQSgDYYnxwzJZTdlFHrocYhBrUW +BX3TIFPeYF1AbPF7oZh/Gr05RgrspszrepbVQ23lx2HS+e12qEQ/yJ1FGiw7UvgI +e2c5qq6IT+uQmZz4i67HeutAsep4UXTpESzC18CTNcMnWYndHuZK7f3cHwjigM6g +cuwE1ywd1ixn87nO6b5wEIK1v0Upwcw2EV2DPRcRA7AX4TwF8OoHxj5izivZVUHc +DFWCD+DVqAJl+si9YBa0bVMImwYllMeP7qxdJa3Nna9/qFqZSfz7rWmOxMlXfIgs +MivsEe1hzESSpxgRGZbmvohd7Q/cyiox6S2qA3UD9EJebIa5f7dZcLoJsbooOr5o +RaAuiQvqptmFWL9UHAJWOtRPiHpeyCEzZHZ0aDZ6pBymW7jx75gQgoTU3y00S20V +YlUxsniTMzcg26AwhdvPAHyzs6KpMdcG++fsOE89YXO/uCGwxfg/mI3bqiMBQdQ8 +mcvOSv8Q/qdSO4wPMG2kTlNNYCtqBavvuGGcpIWZrrhjyOM= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- -MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAOhqihIC7YbjGrZ5 -GMyrw9TPMPTcKpBxwwAYIIRz1qRVtnHkM/23o+Nt1P8p0lZ/QGPkvxKKFn7/W+lq -zlC044URoSLNwrTlRrIPPgSFe6VNPnq4x3zQLfuVYNFAQrworvE8fA5fyuSP/Eoq -He8QBU0JVLcSFnm7v82gkmaelOH/AgMBAAECgYBSUxqhEqRsORmHNRHRva3aPaHL -ugjhrUozSFiMUjPfdfTwFrNL1baZopfl4jx9Iwn92FLOEFezmGRII+r8r3Y/SY9k -9SS1X4IlPBIHggDKun9OJlpkAFKlOU6HDlEdB/rXR/unzGHQYgQ9DqX3OUEEHPFr -OOxm0Yj5gvLXvCJDgQJBAPipSzTEAQAtNE/xAnTtZzZD6ABiLE62kMCBJ3dd4NBF -3+u6nssdExpdXBFrRtSqMxpbKZ5C+j2LFUI+1I6Zdd8CQQDvRoJNb5mUg3Xe+xkX -JZ/ezXv2bq8pJgPPYnMC4F1Z9KqBRIl+6hDZanKkJP6+JKzHzyNALQv8++/4u/PT -CtfhAkEAhpSp3X8Pw5azr2iTmdE7gUUzdbGspVVt9qJwR8yJdm+7B4xTkT7FLgnF -YLAc/9C2I9efKMa7RT/XW6lBxYQNJQJAe2SMK+zicbE9pwkszkAL6vVi+RnpYLoG -+vrVPuV/nrVK/LDgiz+gAs8fYcDmUh5NsBkFH8JbTVKLVWVv/yS3YQJAA7u25lSb -JMuylkeVzpg52uaOTNK2NtOH8cXZOSMp8q4evQsrvoiVF4MGoZp0zVGpUUYIUaLA -BN+BKthYPQEPPg== +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCpyc74t3eZPHJU +jM8KY53y3w0HbyJUF3H/dqbRnjP1BT+sMr5Y5Xyn0yndPThiZI2C0qr1BTbzvK1/ +TrnFVonqwtexlmn99041Vll8A5F5YPShqHigGgQuCpi3zL7z6ihq116AjXTH9NiW +SESUG85PmmWNVMbEabO+++SReV7FuvnfA94U4mgaaulRgwEP5gkPyaF4tHVFGPBD +fBE3spHNUG5xQmnANtrhvCT6vY/FzsrUr7Px1yDBrE0xQsXNbmxBDI6NCI8ssHYC +GNcND/7KZz+2/hs2p8ozvQE2fpf241WcS6X6SFinB8rIcSzpBX46QEqqtzQT4bBa +61hQDpkxvW/p+71L+AVwXgFBNs/Nf27R5t7nI6mGSWEm/KlYo0U3skf67s104aEo +zFBf6bD+Zwt+3E/p/l3qVZqH0BNtnrnxzQiz2sfSPtz60gNY9+ZDA1vJDe7WJrD6 +6zZeo9CuywBMl7uaYwlZEGvF+edKP3bromOPRcxDj0oVL9w+8hE9BwPEuMXlZRrH +0odCU9OpP/uZoLhFQ0XsCVnJvVUi4A4Z7Un9tttchLABiVCjyh5BuoKH29q1K3EI +rhtwQUHKJHBrmsnbHbJllAGd7bi1Nkzw8Dm+v+RJAtRV7BHdI+NvwSiZd0QpcKJu +7LJThuHBRTxn6hIIs77Svp8AsJsfYQIDAQABAoICAGR9MKY7z+k9wV0RSaiYdO89 +3HQ97k9e4PWVv/3oaE/oH1tHXSk4CaM6c1ih1zFE2gxHqy8BOxje3sCuU3zcTxxG +3WoZ3/mT2RHwXV3srrjsDV1wXJRFUZv+YYzG/W1XdTxm42OqVSfTXizz8MLIAj9S +3i/bsRimht/OLeV7s//LPgAkRdiOd5bLF/RKWOKT/2D8sTjDdXTD4c/PKlGQuoKN +zA/0gqpkzP81X52Xe/RTA/EFXLcR4C1AUR+KqY+Af0mwqN4H5tVIS0/Ka90rTl10 +5lzj4C9k92PPxVv/aOmSeyTaEQ4kq3OQRRCFC1OPELphOs/3RjdOKBZnnAkl2ryC +pg2EquKfA4W1LGqI+MbNhKlppnyBef5FNOHK9PsH6luF/KASTtLvc5/Xu/d0Lza5 +flS9ah/srA4ejwDsUnREjajwfroGxpl7Nem9NCneETqOc0yBRsJalDhbsxTbotQ+ +tHq2CqMNtuxXRDk59QHDSszzjUMKnDqkADdKjHy2cWkKkjgBnk4iqL+BKN7pUU50 +R7t0Fh3HNa6EGW8UQwPQFAEE7C9AhhI+keT5zyQZ3F+Dppx+qDbUv3xKwti/9Y53 +IttHyi+N3SBWNTiJZmJ1X1tY5KGXIWvbotuU8jSxXvzebn1nOjQtxcEuNdgJv5Bk +m7mRe5VjtaFtj0qM0yJRAoIBAQDZWanHESJ/IU1BrYx10tp92CYbgZiV8g+LJB1j +EdkaMg6ak0mzWPWmeKPKalMEcF6/RwBcicBZYZaOLGVfl3wVd9Qk+O7k5sc7HaV3 +9hIdAlpLgbl3Owf7IcW+D7A48+Cd6dHDx0pWijf17OYaPis2+2m1Kdx+VC4QA1Jb +w/h8dctUlqrkAFBnrAxHG3RPtE4fk8SknS8MWYwNTqPaVEhHpbS7PRvSX8nAk0EP +aLlNV+G+twqng4aZWTN/usPYW05eh4kmhnSaSNe93EQIkwcyqk1hASxgFhFxid1c +QkiwSoJl06ilbNietbEBcdepmJKEHJyzUPFuCBe1bTdRukBbAoIBAQDH+wFG3ADb +S8CHXVgN+YuOYgKihkPqJxWYwZJaRDg/8Brp3+U4gWy8crwAr3yyu1ZxloRjUoxw +31Jc0ec6lGLMYWqSVjAOFWs0OL2IG27qVxZ4qiAjO+Y88KFj4b9ZJnZBGBt0bjhk +ZTDnEJlK1F27IIFiFU1Z/lG9gjEisFf4OFDbCLzgy39IampF6FvteEx9lTcWjFSC +dQJwGRDwvm5jWF0BYyf6yCrnkQUk80Fc6DXm5gUhFyA6qu0cbm5Z+BpGC9J2+QlE +vANLTGeol8f3iDv264U6iQ5S6pdzcg+BHcG8F3uXvMmnEKBTKxyJeACAJzlmL/Oc +VqCdbN5v3mvzAoIBAQDVtJmAR9K5WU8TAscWmmmGTt65MOWMmWK7FplmbYgff5Ro +W+WdWBzAv+GcBor11F70h6VNV4wu1gsoY3KRWOsCWL3YVILfwiGmeHHXz7TjnQqX +L0fiecJRJFW/mMFWXkQ+QEalzu/Cw0hen71nlDT9bJn1LOHFvJNF3149KCTMiy2P +UE1avQxRwxKXX+Eu9UPTPIGesYYvCGTyOJ5W74PaHo3jhCQ050YB+UeBFSENcRlf +Ya4yItpXMSO3tTUXKD+YJn+tx4oioPivj0G9hIMRR+2pMXQmTcx87GcgbXP3EmvA +Hyq07J7Y/iC6IOtBr+hvyYoxraaU35QgKPC5hP39AoIBAQCjg1bt62E/7daEWAxx +kMNNLlJdNU8+m6qK9muGJxWfIeG/rPQtmZWhGGckYFijg44Q3jNtSsfOWqtrfa2F +NmL6HgUXliVAvr6jOmmuak/siDy1eNVCOe3tkgtEMgdVC5/RZba9Ioo1fI/Zvra4 +eqARK2jfG+/dT5biTxuB85JaQSHLln9phrqSKYCvnGfd6WkRnfonE6Ld8HKH2dcC +IZL84/lX8w1zfkumf+sm5UdigfPg0d8LyW7uyWeKwbi1E6nX8D6sTMAJVXmUDesL +7N7yRJBTOwv6aqotnecr2+1Vc1E/TCwgS5rOYUfV+QAiXt556piCN18HS8WUMrpF +2iWFAoIBAD2Dn6bz86duyuuQ4CPAnawONcEVmUpajbrIKi0hqYEVIN5IF/LshvNY +Lqtf/PWWWocF9b1K71wDuMs499Tf6Kr0b+AuBRZs9WbMthJhY5+xzU9IqwbRzgFJ +81BGu796PezbBOS7vVqrGkpi3CBG0nDg3gQ3ZbBLVtEcx0WfX8QMXw9Ib9UxfOOX +jKVEvNoy1R0p2C21xan5/fUyR5K/Dq5DIylUrpxWMUgC8lIktDulItGKh/3llCq+ +uu+wN91SkXC1pxTG3yDKP49PrcTV6M7G1JYUXkSQaiWgwNEz59f/7pMH7xxFsaHI +nC68md8aa7+0IQEQqbKOdr+LhyMXCFA= -----END PRIVATE KEY----- diff --git a/lib/hx509/data/test.crt b/lib/hx509/data/test.crt index dc4d2a273b3a..2c06613ae595 100644 --- a/lib/hx509/data/test.crt +++ b/lib/hx509/data/test.crt @@ -2,25 +2,51 @@ Certificate: Data: Version: 3 (0x2) Serial Number: 2 (0x2) - Signature Algorithm: sha1WithRSAEncryption + Signature Algorithm: sha1WithRSAEncryption Issuer: CN=hx509 Test Root CA, C=SE Validity - Not Before: Apr 26 20:29:40 2009 GMT - Not After : Apr 24 20:29:40 2019 GMT + Not Before: May 23 15:05:12 2019 GMT + Not After : Jan 16 15:05:12 2038 GMT Subject: C=SE, CN=Test cert Subject Public Key Info: Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) + Public-Key: (4096 bit) Modulus: - 00:e8:6a:8a:12:02:ed:86:e3:1a:b6:79:18:cc:ab: - c3:d4:cf:30:f4:dc:2a:90:71:c3:00:18:20:84:73: - d6:a4:55:b6:71:e4:33:fd:b7:a3:e3:6d:d4:ff:29: - d2:56:7f:40:63:e4:bf:12:8a:16:7e:ff:5b:e9:6a: - ce:50:b4:e3:85:11:a1:22:cd:c2:b4:e5:46:b2:0f: - 3e:04:85:7b:a5:4d:3e:7a:b8:c7:7c:d0:2d:fb:95: - 60:d1:40:42:bc:28:ae:f1:3c:7c:0e:5f:ca:e4:8f: - fc:4a:2a:1d:ef:10:05:4d:09:54:b7:12:16:79:bb: - bf:cd:a0:92:66:9e:94:e1:ff + 00:a9:c9:ce:f8:b7:77:99:3c:72:54:8c:cf:0a:63: + 9d:f2:df:0d:07:6f:22:54:17:71:ff:76:a6:d1:9e: + 33:f5:05:3f:ac:32:be:58:e5:7c:a7:d3:29:dd:3d: + 38:62:64:8d:82:d2:aa:f5:05:36:f3:bc:ad:7f:4e: + b9:c5:56:89:ea:c2:d7:b1:96:69:fd:f7:4e:35:56: + 59:7c:03:91:79:60:f4:a1:a8:78:a0:1a:04:2e:0a: + 98:b7:cc:be:f3:ea:28:6a:d7:5e:80:8d:74:c7:f4: + d8:96:48:44:94:1b:ce:4f:9a:65:8d:54:c6:c4:69: + b3:be:fb:e4:91:79:5e:c5:ba:f9:df:03:de:14:e2: + 68:1a:6a:e9:51:83:01:0f:e6:09:0f:c9:a1:78:b4: + 75:45:18:f0:43:7c:11:37:b2:91:cd:50:6e:71:42: + 69:c0:36:da:e1:bc:24:fa:bd:8f:c5:ce:ca:d4:af: + b3:f1:d7:20:c1:ac:4d:31:42:c5:cd:6e:6c:41:0c: + 8e:8d:08:8f:2c:b0:76:02:18:d7:0d:0f:fe:ca:67: + 3f:b6:fe:1b:36:a7:ca:33:bd:01:36:7e:97:f6:e3: + 55:9c:4b:a5:fa:48:58:a7:07:ca:c8:71:2c:e9:05: + 7e:3a:40:4a:aa:b7:34:13:e1:b0:5a:eb:58:50:0e: + 99:31:bd:6f:e9:fb:bd:4b:f8:05:70:5e:01:41:36: + cf:cd:7f:6e:d1:e6:de:e7:23:a9:86:49:61:26:fc: + a9:58:a3:45:37:b2:47:fa:ee:cd:74:e1:a1:28:cc: + 50:5f:e9:b0:fe:67:0b:7e:dc:4f:e9:fe:5d:ea:55: + 9a:87:d0:13:6d:9e:b9:f1:cd:08:b3:da:c7:d2:3e: + dc:fa:d2:03:58:f7:e6:43:03:5b:c9:0d:ee:d6:26: + b0:fa:eb:36:5e:a3:d0:ae:cb:00:4c:97:bb:9a:63: + 09:59:10:6b:c5:f9:e7:4a:3f:76:eb:a2:63:8f:45: + cc:43:8f:4a:15:2f:dc:3e:f2:11:3d:07:03:c4:b8: + c5:e5:65:1a:c7:d2:87:42:53:d3:a9:3f:fb:99:a0: + b8:45:43:45:ec:09:59:c9:bd:55:22:e0:0e:19:ed: + 49:fd:b6:db:5c:84:b0:01:89:50:a3:ca:1e:41:ba: + 82:87:db:da:b5:2b:71:08:ae:1b:70:41:41:ca:24: + 70:6b:9a:c9:db:1d:b2:65:94:01:9d:ed:b8:b5:36: + 4c:f0:f0:39:be:bf:e4:49:02:d4:55:ec:11:dd:23: + e3:6f:c1:28:99:77:44:29:70:a2:6e:ec:b2:53:86: + e1:c1:45:3c:67:ea:12:08:b3:be:d2:be:9f:00:b0: + 9b:1f:61 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: @@ -28,26 +54,63 @@ Certificate: X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Subject Key Identifier: - CE:77:6E:DE:0B:F4:21:F8:78:C0:1A:7C:C3:B9:66:EC:4C:3D:4A:23 + D3:E1:59:20:A1:DE:3D:12:57:0A:3D:BA:0A:6E:67:0E:40:A7:9A:88 Signature Algorithm: sha1WithRSAEncryption - 45:23:30:f4:ce:b8:c9:b6:a0:2e:4a:a0:64:bd:be:57:d5:64: - ed:4a:8d:95:a3:9a:19:3c:56:7b:14:a6:2e:6c:37:37:ae:2a: - b1:42:2e:0c:b8:7e:57:f5:5a:38:29:8d:78:53:b3:2d:c8:c2: - 97:f3:ab:51:6a:c4:df:86:97:ca:68:55:39:e0:f8:99:5a:bd: - a4:e1:34:50:34:8f:70:d2:74:2d:b8:90:ef:b8:d2:22:3a:ce: - be:82:a8:4b:b3:32:cd:1b:8d:0b:69:7d:0c:d7:b6:33:dc:68: - 41:76:a1:36:20:8e:ba:34:45:be:71:bd:ab:bf:74:77:87:e6: - bf:7f + 0f:2c:68:90:33:67:b2:86:09:26:ec:65:29:ae:76:d6:a6:2f: + 53:0e:d3:16:cd:2e:0d:a8:d1:14:22:f5:63:66:a9:3d:78:43: + 40:a9:db:ef:02:52:d1:a9:c3:0b:ad:24:8e:a0:56:63:1f:ba: + 23:48:64:74:ac:2c:bd:67:f8:87:6d:bf:d6:83:68:aa:99:ce: + 4c:0b:30:d6:06:59:7c:74:0e:2c:8b:ee:5a:61:af:ff:f7:3c: + 51:10:a7:93:44:6f:bb:f4:8b:5a:2b:5e:1c:4c:89:60:71:af: + fd:bf:c0:fd:19:04:12:81:a0:ce:ed:b4:dc:64:12:80:36:18: + 9f:1c:33:25:94:dd:94:51:eb:a1:c6:21:06:b5:16:05:7d:d3: + 20:53:de:60:5d:40:6c:f1:7b:a1:98:7f:1a:bd:39:46:0a:ec: + a6:cc:eb:7a:96:d5:43:6d:e5:c7:61:d2:f9:ed:76:a8:44:3f: + c8:9d:45:1a:2c:3b:52:f8:08:7b:67:39:aa:ae:88:4f:eb:90: + 99:9c:f8:8b:ae:c7:7a:eb:40:b1:ea:78:51:74:e9:11:2c:c2: + d7:c0:93:35:c3:27:59:89:dd:1e:e6:4a:ed:fd:dc:1f:08:e2: + 80:ce:a0:72:ec:04:d7:2c:1d:d6:2c:67:f3:b9:ce:e9:be:70: + 10:82:b5:bf:45:29:c1:cc:36:11:5d:83:3d:17:11:03:b0:17: + e1:3c:05:f0:ea:07:c6:3e:62:ce:2b:d9:55:41:dc:0c:55:82: + 0f:e0:d5:a8:02:65:fa:c8:bd:60:16:b4:6d:53:08:9b:06:25: + 94:c7:8f:ee:ac:5d:25:ad:cd:9d:af:7f:a8:5a:99:49:fc:fb: + ad:69:8e:c4:c9:57:7c:88:2c:32:2b:ec:11:ed:61:cc:44:92: + a7:18:11:19:96:e6:be:88:5d:ed:0f:dc:ca:2a:31:e9:2d:aa: + 03:75:03:f4:42:5e:6c:86:b9:7f:b7:59:70:ba:09:b1:ba:28: + 3a:be:68:45:a0:2e:89:0b:ea:a6:d9:85:58:bf:54:1c:02:56: + 3a:d4:4f:88:7a:5e:c8:21:33:64:76:74:68:36:7a:a4:1c:a6: + 5b:b8:f1:ef:98:10:82:84:d4:df:2d:34:4b:6d:15:62:55:31: + b2:78:93:33:37:20:db:a0:30:85:db:cf:00:7c:b3:b3:a2:a9: + 31:d7:06:fb:e7:ec:38:4f:3d:61:73:bf:b8:21:b0:c5:f8:3f: + 98:8d:db:aa:23:01:41:d4:3c:99:cb:ce:4a:ff:10:fe:a7:52: + 3b:8c:0f:30:6d:a4:4e:53:4d:60:2b:6a:05:ab:ef:b8:61:9c: + a4:85:99:ae:b8:63:c8:e3 -----BEGIN CERTIFICATE----- -MIIB+jCCAWOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw -OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA5MDQyNjIwMjk0MFoXDTE5 -MDQyNDIwMjk0MFowITELMAkGA1UEBhMCU0UxEjAQBgNVBAMMCVRlc3QgY2VydDCB -nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA6GqKEgLthuMatnkYzKvD1M8w9Nwq -kHHDABgghHPWpFW2ceQz/bej423U/ynSVn9AY+S/EooWfv9b6WrOULTjhRGhIs3C -tOVGsg8+BIV7pU0+erjHfNAt+5Vg0UBCvCiu8Tx8Dl/K5I/8Siod7xAFTQlUtxIW -ebu/zaCSZp6U4f8CAwEAAaM5MDcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYD -VR0OBBYEFM53bt4L9CH4eMAafMO5ZuxMPUojMA0GCSqGSIb3DQEBBQUAA4GBAEUj -MPTOuMm2oC5KoGS9vlfVZO1KjZWjmhk8VnsUpi5sNzeuKrFCLgy4flf1WjgpjXhT -sy3Iwpfzq1FqxN+Gl8poVTng+JlavaThNFA0j3DSdC24kO+40iI6zr6CqEuzMs0b -jQtpfQzXtjPcaEF2oTYgjro0Rb5xvau/dHeH5r9/ +MIIE/zCCAuegAwIBAgIBAjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw +OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTE5MDUyMzE1MDUxMloXDTM4 +MDExNjE1MDUxMlowITELMAkGA1UEBhMCU0UxEjAQBgNVBAMMCVRlc3QgY2VydDCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKnJzvi3d5k8clSMzwpjnfLf +DQdvIlQXcf92ptGeM/UFP6wyvljlfKfTKd09OGJkjYLSqvUFNvO8rX9OucVWierC +17GWaf33TjVWWXwDkXlg9KGoeKAaBC4KmLfMvvPqKGrXXoCNdMf02JZIRJQbzk+a +ZY1UxsRps7775JF5XsW6+d8D3hTiaBpq6VGDAQ/mCQ/JoXi0dUUY8EN8ETeykc1Q +bnFCacA22uG8JPq9j8XOytSvs/HXIMGsTTFCxc1ubEEMjo0IjyywdgIY1w0P/spn +P7b+GzanyjO9ATZ+l/bjVZxLpfpIWKcHyshxLOkFfjpASqq3NBPhsFrrWFAOmTG9 +b+n7vUv4BXBeAUE2z81/btHm3ucjqYZJYSb8qVijRTeyR/ruzXThoSjMUF/psP5n +C37cT+n+XepVmofQE22eufHNCLPax9I+3PrSA1j35kMDW8kN7tYmsPrrNl6j0K7L +AEyXu5pjCVkQa8X550o/duuiY49FzEOPShUv3D7yET0HA8S4xeVlGsfSh0JT06k/ ++5mguEVDRewJWcm9VSLgDhntSf2221yEsAGJUKPKHkG6gofb2rUrcQiuG3BBQcok +cGuaydsdsmWUAZ3tuLU2TPDwOb6/5EkC1FXsEd0j42/BKJl3RClwom7sslOG4cFF +PGfqEgizvtK+nwCwmx9hAgMBAAGjOTA3MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXg +MB0GA1UdDgQWBBTT4Vkgod49ElcKPboKbmcOQKeaiDANBgkqhkiG9w0BAQUFAAOC +AgEADyxokDNnsoYJJuxlKa521qYvUw7TFs0uDajRFCL1Y2apPXhDQKnb7wJS0anD +C60kjqBWYx+6I0hkdKwsvWf4h22/1oNoqpnOTAsw1gZZfHQOLIvuWmGv//c8URCn +k0Rvu/SLWiteHEyJYHGv/b/A/RkEEoGgzu203GQSgDYYnxwzJZTdlFHrocYhBrUW +BX3TIFPeYF1AbPF7oZh/Gr05RgrspszrepbVQ23lx2HS+e12qEQ/yJ1FGiw7UvgI +e2c5qq6IT+uQmZz4i67HeutAsep4UXTpESzC18CTNcMnWYndHuZK7f3cHwjigM6g +cuwE1ywd1ixn87nO6b5wEIK1v0Upwcw2EV2DPRcRA7AX4TwF8OoHxj5izivZVUHc +DFWCD+DVqAJl+si9YBa0bVMImwYllMeP7qxdJa3Nna9/qFqZSfz7rWmOxMlXfIgs +MivsEe1hzESSpxgRGZbmvohd7Q/cyiox6S2qA3UD9EJebIa5f7dZcLoJsbooOr5o +RaAuiQvqptmFWL9UHAJWOtRPiHpeyCEzZHZ0aDZ6pBymW7jx75gQgoTU3y00S20V +YlUxsniTMzcg26AwhdvPAHyzs6KpMdcG++fsOE89YXO/uCGwxfg/mI3bqiMBQdQ8 +mcvOSv8Q/qdSO4wPMG2kTlNNYCtqBavvuGGcpIWZrrhjyOM= -----END CERTIFICATE----- diff --git a/lib/hx509/data/test.key b/lib/hx509/data/test.key index 37203bf0db2d..927813f76062 100644 --- a/lib/hx509/data/test.key +++ b/lib/hx509/data/test.key @@ -1,16 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAOhqihIC7YbjGrZ5 -GMyrw9TPMPTcKpBxwwAYIIRz1qRVtnHkM/23o+Nt1P8p0lZ/QGPkvxKKFn7/W+lq -zlC044URoSLNwrTlRrIPPgSFe6VNPnq4x3zQLfuVYNFAQrworvE8fA5fyuSP/Eoq -He8QBU0JVLcSFnm7v82gkmaelOH/AgMBAAECgYBSUxqhEqRsORmHNRHRva3aPaHL -ugjhrUozSFiMUjPfdfTwFrNL1baZopfl4jx9Iwn92FLOEFezmGRII+r8r3Y/SY9k -9SS1X4IlPBIHggDKun9OJlpkAFKlOU6HDlEdB/rXR/unzGHQYgQ9DqX3OUEEHPFr -OOxm0Yj5gvLXvCJDgQJBAPipSzTEAQAtNE/xAnTtZzZD6ABiLE62kMCBJ3dd4NBF -3+u6nssdExpdXBFrRtSqMxpbKZ5C+j2LFUI+1I6Zdd8CQQDvRoJNb5mUg3Xe+xkX -JZ/ezXv2bq8pJgPPYnMC4F1Z9KqBRIl+6hDZanKkJP6+JKzHzyNALQv8++/4u/PT -CtfhAkEAhpSp3X8Pw5azr2iTmdE7gUUzdbGspVVt9qJwR8yJdm+7B4xTkT7FLgnF -YLAc/9C2I9efKMa7RT/XW6lBxYQNJQJAe2SMK+zicbE9pwkszkAL6vVi+RnpYLoG -+vrVPuV/nrVK/LDgiz+gAs8fYcDmUh5NsBkFH8JbTVKLVWVv/yS3YQJAA7u25lSb -JMuylkeVzpg52uaOTNK2NtOH8cXZOSMp8q4evQsrvoiVF4MGoZp0zVGpUUYIUaLA -BN+BKthYPQEPPg== +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCpyc74t3eZPHJU +jM8KY53y3w0HbyJUF3H/dqbRnjP1BT+sMr5Y5Xyn0yndPThiZI2C0qr1BTbzvK1/ +TrnFVonqwtexlmn99041Vll8A5F5YPShqHigGgQuCpi3zL7z6ihq116AjXTH9NiW +SESUG85PmmWNVMbEabO+++SReV7FuvnfA94U4mgaaulRgwEP5gkPyaF4tHVFGPBD +fBE3spHNUG5xQmnANtrhvCT6vY/FzsrUr7Px1yDBrE0xQsXNbmxBDI6NCI8ssHYC +GNcND/7KZz+2/hs2p8ozvQE2fpf241WcS6X6SFinB8rIcSzpBX46QEqqtzQT4bBa +61hQDpkxvW/p+71L+AVwXgFBNs/Nf27R5t7nI6mGSWEm/KlYo0U3skf67s104aEo +zFBf6bD+Zwt+3E/p/l3qVZqH0BNtnrnxzQiz2sfSPtz60gNY9+ZDA1vJDe7WJrD6 +6zZeo9CuywBMl7uaYwlZEGvF+edKP3bromOPRcxDj0oVL9w+8hE9BwPEuMXlZRrH +0odCU9OpP/uZoLhFQ0XsCVnJvVUi4A4Z7Un9tttchLABiVCjyh5BuoKH29q1K3EI +rhtwQUHKJHBrmsnbHbJllAGd7bi1Nkzw8Dm+v+RJAtRV7BHdI+NvwSiZd0QpcKJu +7LJThuHBRTxn6hIIs77Svp8AsJsfYQIDAQABAoICAGR9MKY7z+k9wV0RSaiYdO89 +3HQ97k9e4PWVv/3oaE/oH1tHXSk4CaM6c1ih1zFE2gxHqy8BOxje3sCuU3zcTxxG +3WoZ3/mT2RHwXV3srrjsDV1wXJRFUZv+YYzG/W1XdTxm42OqVSfTXizz8MLIAj9S +3i/bsRimht/OLeV7s//LPgAkRdiOd5bLF/RKWOKT/2D8sTjDdXTD4c/PKlGQuoKN +zA/0gqpkzP81X52Xe/RTA/EFXLcR4C1AUR+KqY+Af0mwqN4H5tVIS0/Ka90rTl10 +5lzj4C9k92PPxVv/aOmSeyTaEQ4kq3OQRRCFC1OPELphOs/3RjdOKBZnnAkl2ryC +pg2EquKfA4W1LGqI+MbNhKlppnyBef5FNOHK9PsH6luF/KASTtLvc5/Xu/d0Lza5 +flS9ah/srA4ejwDsUnREjajwfroGxpl7Nem9NCneETqOc0yBRsJalDhbsxTbotQ+ +tHq2CqMNtuxXRDk59QHDSszzjUMKnDqkADdKjHy2cWkKkjgBnk4iqL+BKN7pUU50 +R7t0Fh3HNa6EGW8UQwPQFAEE7C9AhhI+keT5zyQZ3F+Dppx+qDbUv3xKwti/9Y53 +IttHyi+N3SBWNTiJZmJ1X1tY5KGXIWvbotuU8jSxXvzebn1nOjQtxcEuNdgJv5Bk +m7mRe5VjtaFtj0qM0yJRAoIBAQDZWanHESJ/IU1BrYx10tp92CYbgZiV8g+LJB1j +EdkaMg6ak0mzWPWmeKPKalMEcF6/RwBcicBZYZaOLGVfl3wVd9Qk+O7k5sc7HaV3 +9hIdAlpLgbl3Owf7IcW+D7A48+Cd6dHDx0pWijf17OYaPis2+2m1Kdx+VC4QA1Jb +w/h8dctUlqrkAFBnrAxHG3RPtE4fk8SknS8MWYwNTqPaVEhHpbS7PRvSX8nAk0EP +aLlNV+G+twqng4aZWTN/usPYW05eh4kmhnSaSNe93EQIkwcyqk1hASxgFhFxid1c +QkiwSoJl06ilbNietbEBcdepmJKEHJyzUPFuCBe1bTdRukBbAoIBAQDH+wFG3ADb +S8CHXVgN+YuOYgKihkPqJxWYwZJaRDg/8Brp3+U4gWy8crwAr3yyu1ZxloRjUoxw +31Jc0ec6lGLMYWqSVjAOFWs0OL2IG27qVxZ4qiAjO+Y88KFj4b9ZJnZBGBt0bjhk +ZTDnEJlK1F27IIFiFU1Z/lG9gjEisFf4OFDbCLzgy39IampF6FvteEx9lTcWjFSC +dQJwGRDwvm5jWF0BYyf6yCrnkQUk80Fc6DXm5gUhFyA6qu0cbm5Z+BpGC9J2+QlE +vANLTGeol8f3iDv264U6iQ5S6pdzcg+BHcG8F3uXvMmnEKBTKxyJeACAJzlmL/Oc +VqCdbN5v3mvzAoIBAQDVtJmAR9K5WU8TAscWmmmGTt65MOWMmWK7FplmbYgff5Ro +W+WdWBzAv+GcBor11F70h6VNV4wu1gsoY3KRWOsCWL3YVILfwiGmeHHXz7TjnQqX +L0fiecJRJFW/mMFWXkQ+QEalzu/Cw0hen71nlDT9bJn1LOHFvJNF3149KCTMiy2P +UE1avQxRwxKXX+Eu9UPTPIGesYYvCGTyOJ5W74PaHo3jhCQ050YB+UeBFSENcRlf +Ya4yItpXMSO3tTUXKD+YJn+tx4oioPivj0G9hIMRR+2pMXQmTcx87GcgbXP3EmvA +Hyq07J7Y/iC6IOtBr+hvyYoxraaU35QgKPC5hP39AoIBAQCjg1bt62E/7daEWAxx +kMNNLlJdNU8+m6qK9muGJxWfIeG/rPQtmZWhGGckYFijg44Q3jNtSsfOWqtrfa2F +NmL6HgUXliVAvr6jOmmuak/siDy1eNVCOe3tkgtEMgdVC5/RZba9Ioo1fI/Zvra4 +eqARK2jfG+/dT5biTxuB85JaQSHLln9phrqSKYCvnGfd6WkRnfonE6Ld8HKH2dcC +IZL84/lX8w1zfkumf+sm5UdigfPg0d8LyW7uyWeKwbi1E6nX8D6sTMAJVXmUDesL +7N7yRJBTOwv6aqotnecr2+1Vc1E/TCwgS5rOYUfV+QAiXt556piCN18HS8WUMrpF +2iWFAoIBAD2Dn6bz86duyuuQ4CPAnawONcEVmUpajbrIKi0hqYEVIN5IF/LshvNY +Lqtf/PWWWocF9b1K71wDuMs499Tf6Kr0b+AuBRZs9WbMthJhY5+xzU9IqwbRzgFJ +81BGu796PezbBOS7vVqrGkpi3CBG0nDg3gQ3ZbBLVtEcx0WfX8QMXw9Ib9UxfOOX +jKVEvNoy1R0p2C21xan5/fUyR5K/Dq5DIylUrpxWMUgC8lIktDulItGKh/3llCq+ +uu+wN91SkXC1pxTG3yDKP49PrcTV6M7G1JYUXkSQaiWgwNEz59f/7pMH7xxFsaHI +nC68md8aa7+0IQEQqbKOdr+LhyMXCFA= -----END PRIVATE KEY----- diff --git a/lib/hx509/data/test.p12 b/lib/hx509/data/test.p12 Binary files differindex c644bb46d983..2184547cdc77 100644 --- a/lib/hx509/data/test.p12 +++ b/lib/hx509/data/test.p12 diff --git a/lib/hx509/hx509-protos.h b/lib/hx509/hx509-protos.h index 8de7a67ab7df..ed9bfb552db3 100644 --- a/lib/hx509/hx509-protos.h +++ b/lib/hx509/hx509-protos.h @@ -1353,7 +1353,7 @@ hx509_cms_decrypt_encrypted ( * * @param context A hx509 context. * @param flags flags to control the behavior. - * - HX509_CMS_EV_NO_KU_CHECK - Dont check KU on certificate + * - HX509_CMS_EV_NO_KU_CHECK - Don't check KU on certificate * - HX509_CMS_EV_ALLOW_WEAK - Allow weak crytpo * - HX509_CMS_EV_ID_NAME - prefer issuer name and serial number * @param cert Certificate to encrypt the EnvelopedData encryption key diff --git a/lib/hx509/ks_file.c b/lib/hx509/ks_file.c index 642dd173b53c..d7726f084ad7 100644 --- a/lib/hx509/ks_file.c +++ b/lib/hx509/ks_file.c @@ -126,10 +126,10 @@ try_decrypt(hx509_context context, &clear, NULL); - memset(clear.data, 0, clear.length); + memset_s(clear.data, clear.length, 0, clear.length); free(clear.data); out: - memset(key, 0, keylen); + memset_s(key, keylen, 0, keylen); free(key); return ret; } @@ -292,7 +292,7 @@ parse_pem_private_key(hx509_context context, const char *fn, ret = try_decrypt(context, c, ai, cipher, ivdata, password, strlen(password), data, len); /* XXX add password to lock password collection ? */ - memset(password, 0, sizeof(password)); + memset_s(password, sizeof(password), 0, sizeof(password)); } free(ivdata); diff --git a/lib/hx509/print.c b/lib/hx509/print.c index 4d2c3e2a421d..01c275455a54 100644 --- a/lib/hx509/print.c +++ b/lib/hx509/print.c @@ -234,7 +234,7 @@ validate_print(hx509_validate_ctx ctx, int flags, const char *fmt, ...) } /* - * Dont Care, SHOULD critical, SHOULD NOT critical, MUST critical, + * Don't Care, SHOULD critical, SHOULD NOT critical, MUST critical, * MUST NOT critical */ enum critical_flag { D_C = 0, S_C, S_N_C, M_C, M_N_C }; diff --git a/lib/kadm5/check-cracklib.pl b/lib/kadm5/check-cracklib.pl index a6fbd4c82d49..a6fbd4c82d49 100755..100644 --- a/lib/kadm5/check-cracklib.pl +++ b/lib/kadm5/check-cracklib.pl diff --git a/lib/kadm5/init_s.c b/lib/kadm5/init_s.c index ada584825ba9..926c23510e9e 100644 --- a/lib/kadm5/init_s.c +++ b/lib/kadm5/init_s.c @@ -103,7 +103,7 @@ kadm5_s_init_with_context(krb5_context context, kadm5_s_destroy(ctx); else *server_handle = ctx; - return 0; + return ret; } kadm5_ret_t diff --git a/lib/kadm5/ipropd_slave.c b/lib/kadm5/ipropd_slave.c index 868dc35cbb28..0ec529ccf1d4 100644 --- a/lib/kadm5/ipropd_slave.c +++ b/lib/kadm5/ipropd_slave.c @@ -512,6 +512,8 @@ receive_everything(krb5_context context, int fd, if (ret) krb5_err(context, IPROPD_RESTART, ret, "db->open"); + (void) mydb->hdb_set_sync(context, mydb, 0); + sp = NULL; krb5_data_zero(&data); do { @@ -563,6 +565,9 @@ receive_everything(krb5_context context, int fd, reinit_log(context, server_context, vno); + ret = mydb->hdb_set_sync(context, mydb, 1); + if (ret) + krb5_err(context, IPROPD_RESTART_SLOW, ret, "failed to sync the received HDB"); ret = mydb->hdb_close(context, mydb); if (ret) krb5_err(context, IPROPD_RESTART_SLOW, ret, "db->close"); diff --git a/lib/kdfs/k5dfspag.c b/lib/kdfs/k5dfspag.c index 66d291a07cf1..9db2555d051d 100644 --- a/lib/kdfs/k5dfspag.c +++ b/lib/kdfs/k5dfspag.c @@ -274,7 +274,7 @@ int krb5_dfs_pag(context, flag, principal, luser) /* test if DFS is running or installed */ if (krb5_dfs_getpag() == -2) - return(0); /* DFS not running, dont try */ + return(0); /* DFS not running, don't try */ if (pipe(fd) == -1) return(0); @@ -305,7 +305,7 @@ int krb5_dfs_pag(context, flag, principal, luser) /* parent, wait for child to finish */ - close(fd[1]); /* dont need this end of pipe */ + close(fd[1]); /* don't need this end of pipe */ /* #if defined(sgi) || defined(_sgi) */ /* wait_status.w_status = 0; */ diff --git a/lib/krb5/build_auth.c b/lib/krb5/build_auth.c index 003ccae8cc87..cbc67744a4e1 100644 --- a/lib/krb5/build_auth.c +++ b/lib/krb5/build_auth.c @@ -117,8 +117,12 @@ _krb5_build_authenticator (krb5_context context, memset(&auth, 0, sizeof(auth)); auth.authenticator_vno = 5; - copy_Realm(&cred->client->realm, &auth.crealm); - copy_PrincipalName(&cred->client->name, &auth.cname); + ret = copy_Realm(&cred->client->realm, &auth.crealm); + if (ret) + goto fail; + ret = copy_PrincipalName(&cred->client->name, &auth.cname); + if (ret) + goto fail; krb5_us_timeofday (context, &auth.ctime, &auth.cusec); diff --git a/lib/krb5/crypto-arcfour.c b/lib/krb5/crypto-arcfour.c index e195bd3a0d7b..ae576eccfea5 100644 --- a/lib/krb5/crypto-arcfour.c +++ b/lib/krb5/crypto-arcfour.c @@ -180,9 +180,9 @@ ARCFOUR_subencrypt(krb5_context context, EVP_Cipher(&ctx, cdata + 16, cdata + 16, len - 16); EVP_CIPHER_CTX_cleanup(&ctx); - memset (k1_c_data, 0, sizeof(k1_c_data)); - memset (k2_c_data, 0, sizeof(k2_c_data)); - memset (k3_c_data, 0, sizeof(k3_c_data)); + memset_s(k1_c_data, sizeof(k1_c_data), 0, sizeof(k1_c_data)); + memset_s(k2_c_data, sizeof(k2_c_data), 0, sizeof(k2_c_data)); + memset_s(k3_c_data, sizeof(k3_c_data), 0, sizeof(k3_c_data)); return 0; } @@ -247,9 +247,9 @@ ARCFOUR_subdecrypt(krb5_context context, if (ret) krb5_abortx(context, "hmac failed"); - memset (k1_c_data, 0, sizeof(k1_c_data)); - memset (k2_c_data, 0, sizeof(k2_c_data)); - memset (k3_c_data, 0, sizeof(k3_c_data)); + memset_s(k1_c_data, sizeof(k1_c_data), 0, sizeof(k1_c_data)); + memset_s(k2_c_data, sizeof(k2_c_data), 0, sizeof(k2_c_data)); + memset_s(k3_c_data, sizeof(k3_c_data), 0, sizeof(k3_c_data)); if (ct_memcmp (cksum.checksum.data, data, 16) != 0) { krb5_clear_error_message (context); diff --git a/lib/krb5/crypto-des-common.c b/lib/krb5/crypto-des-common.c index 2565914de830..95f6389d1e84 100644 --- a/lib/krb5/crypto-des-common.c +++ b/lib/krb5/crypto-des-common.c @@ -77,7 +77,7 @@ _krb5_des_checksum(krb5_context context, EVP_DigestUpdate(m, data, len); EVP_DigestFinal_ex (m, p + 8, NULL); EVP_MD_CTX_destroy(m); - memset (&ivec, 0, sizeof(ivec)); + memset_s(&ivec, sizeof(ivec), 0, sizeof(ivec)); EVP_CipherInit_ex(&ctx->ectx, NULL, NULL, NULL, (void *)&ivec, -1); EVP_Cipher(&ctx->ectx, p, p, 24); @@ -103,7 +103,7 @@ _krb5_des_verify(krb5_context context, if (m == NULL) return krb5_enomem(context); - memset(&ivec, 0, sizeof(ivec)); + memset_s(&ivec, sizeof(ivec), 0, sizeof(ivec)); EVP_CipherInit_ex(&ctx->dctx, NULL, NULL, NULL, (void *)&ivec, -1); EVP_Cipher(&ctx->dctx, tmp, C->checksum.data, 24); @@ -116,8 +116,8 @@ _krb5_des_verify(krb5_context context, krb5_clear_error_message (context); ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; } - memset(tmp, 0, sizeof(tmp)); - memset(res, 0, sizeof(res)); + memset_s(tmp, sizeof(tmp), 0, sizeof(tmp)); + memset_s(res, sizeof(res), 0, sizeof(res)); return ret; } diff --git a/lib/krb5/crypto-pk.c b/lib/krb5/crypto-pk.c index c5d87a1b566e..24a07cdbdfc7 100644 --- a/lib/krb5/crypto-pk.c +++ b/lib/krb5/crypto-pk.c @@ -92,12 +92,12 @@ _krb5_pk_octetstring2key(krb5_context context, offset += sizeof(shaoutput); counter++; } while(offset < keylen); - memset(shaoutput, 0, sizeof(shaoutput)); + memset_s(shaoutput, sizeof(shaoutput), 0, sizeof(shaoutput)); EVP_MD_CTX_destroy(m); ret = krb5_random_to_key(context, type, keydata, keylen, key); - memset(keydata, 0, sizeof(keylen)); + memset_s(keydata, sizeof(keylen), 0, sizeof(keylen)); free(keydata); return ret; } @@ -282,13 +282,13 @@ _krb5_pk_kdf(krb5_context context, offset += EVP_MD_CTX_size(m); counter++; } while(offset < keylen); - memset(shaoutput, 0, sizeof(shaoutput)); + memset_s(shaoutput, sizeof(shaoutput), 0, sizeof(shaoutput)); EVP_MD_CTX_destroy(m); free(other.data); ret = krb5_random_to_key(context, enctype, keydata, keylen, key); - memset(keydata, 0, sizeof(keylen)); + memset_s(keydata, sizeof(keylen), 0, sizeof(keylen)); free(keydata); return ret; diff --git a/lib/krb5/deprecated.c b/lib/krb5/deprecated.c index e3c142d889df..5530e841b3b9 100644 --- a/lib/krb5/deprecated.c +++ b/lib/krb5/deprecated.c @@ -207,7 +207,7 @@ krb5_password_key_proc (krb5_context context, password = buf; } ret = krb5_string_to_key_salt (context, type, password, salt, *key); - memset (buf, 0, sizeof(buf)); + memset_s(buf, sizeof(buf), 0, sizeof(buf)); return ret; } diff --git a/lib/krb5/get_cred.c b/lib/krb5/get_cred.c index f7318eeb2488..b5dae62b0210 100644 --- a/lib/krb5/get_cred.c +++ b/lib/krb5/get_cred.c @@ -558,8 +558,10 @@ get_cred_kdc(krb5_context context, out_creds->times.endtime = in_creds->times.endtime; /* XXX should do better testing */ - if (flags.b.constrained_delegation || impersonate_principal) + if (flags.b.cname_in_addl_tkt || impersonate_principal) eflags |= EXTRACT_TICKET_ALLOW_CNAME_MISMATCH; + if (flags.b.request_anonymous) + eflags |= EXTRACT_TICKET_MATCH_ANON; ret = _krb5_extract_ticket(context, &rep, @@ -1033,7 +1035,7 @@ get_cred_kdc_referral(krb5_context context, char *referral_realm; /* Use cache if we are not doing impersonation or contrained deleg */ - if (impersonate_principal == NULL || flags.b.constrained_delegation) { + if (impersonate_principal == NULL || flags.b.cname_in_addl_tkt) { krb5_cc_clear_mcred(&mcreds); mcreds.server = referral.server; krb5_timeofday(context, &mcreds.times.endtime); @@ -1185,21 +1187,31 @@ check_cc(krb5_context context, krb5_flags options, krb5_ccache ccache, { krb5_error_code ret; krb5_timestamp now; - krb5_times save_times = in_creds->times; - NAME_TYPE save_type = in_creds->server->name.name_type; + krb5_creds mcreds = *in_creds; krb5_timeofday(context, &now); if (!(options & KRB5_GC_EXPIRED_OK) && - in_creds->times.endtime < now) { - in_creds->times.renew_till = 0; - krb5_timeofday(context, &in_creds->times.endtime); + mcreds.times.endtime < now) { + mcreds.times.renew_till = 0; + krb5_timeofday(context, &mcreds.times.endtime); options |= KRB5_TC_MATCH_TIMES; } - if (save_type == KRB5_NT_SRV_HST_NEEDS_CANON) { + if (mcreds.server->name.name_type == KRB5_NT_SRV_HST_NEEDS_CANON) { /* Avoid name canonicalization in krb5_cc_retrieve_cred() */ - krb5_principal_set_type(context, in_creds->server, KRB5_NT_SRV_HST); + krb5_principal_set_type(context, mcreds.server, KRB5_NT_SRV_HST); + } + + if (options & KRB5_GC_ANONYMOUS) { + ret = krb5_make_principal(context, + &mcreds.client, + krb5_principal_get_realm(context, mcreds.client), + KRB5_WELLKNOWN_NAME, + KRB5_ANON_NAME, + NULL); + if (ret) + return ret; } ret = krb5_cc_retrieve_cred(context, ccache, @@ -1207,10 +1219,11 @@ check_cc(krb5_context context, krb5_flags options, krb5_ccache ccache, (KRB5_TC_DONT_MATCH_REALM | KRB5_TC_MATCH_KEYTYPE | KRB5_TC_MATCH_TIMES)), - in_creds, out_creds); + &mcreds, out_creds); + + if (options & KRB5_GC_ANONYMOUS) + krb5_free_principal(context, mcreds.client); - in_creds->server->name.name_type = save_type; - in_creds->times = save_times; return ret; } @@ -1574,10 +1587,10 @@ next_rule: flags.b.forwardable = 1; if (options & KRB5_GC_NO_TRANSIT_CHECK) flags.b.disable_transited_check = 1; - if (options & KRB5_GC_CONSTRAINED_DELEGATION) { - flags.b.request_anonymous = 1; /* XXX ARGH confusion */ - flags.b.constrained_delegation = 1; - } + if (options & KRB5_GC_CONSTRAINED_DELEGATION) + flags.b.cname_in_addl_tkt = 1; + if (options & KRB5_GC_ANONYMOUS) + flags.b.request_anonymous = 1; tgts = NULL; ret = _krb5_get_cred_kdc_any(context, flags, ccache, diff --git a/lib/krb5/get_for_creds.c b/lib/krb5/get_for_creds.c index 8a00ccec8133..43265d827fe5 100644 --- a/lib/krb5/get_for_creds.c +++ b/lib/krb5/get_for_creds.c @@ -355,11 +355,17 @@ krb5_get_forwarded_creds (krb5_context context, krb_cred_info = enc_krb_cred_part.ticket_info.val; - copy_EncryptionKey (&out_creds->session, &krb_cred_info->key); + ret = copy_EncryptionKey (&out_creds->session, &krb_cred_info->key); + if (ret) + goto out4; ALLOC(krb_cred_info->prealm, 1); - copy_Realm (&out_creds->client->realm, krb_cred_info->prealm); + ret = copy_Realm (&out_creds->client->realm, krb_cred_info->prealm); + if (ret) + goto out4; ALLOC(krb_cred_info->pname, 1); - copy_PrincipalName(&out_creds->client->name, krb_cred_info->pname); + ret = copy_PrincipalName(&out_creds->client->name, krb_cred_info->pname); + if (ret) + goto out4; ALLOC(krb_cred_info->flags, 1); *krb_cred_info->flags = out_creds->flags.b; ALLOC(krb_cred_info->authtime, 1); @@ -371,11 +377,17 @@ krb5_get_forwarded_creds (krb5_context context, ALLOC(krb_cred_info->renew_till, 1); *krb_cred_info->renew_till = out_creds->times.renew_till; ALLOC(krb_cred_info->srealm, 1); - copy_Realm (&out_creds->server->realm, krb_cred_info->srealm); + ret = copy_Realm (&out_creds->server->realm, krb_cred_info->srealm); + if (ret) + goto out4; ALLOC(krb_cred_info->sname, 1); - copy_PrincipalName (&out_creds->server->name, krb_cred_info->sname); + ret = copy_PrincipalName (&out_creds->server->name, krb_cred_info->sname); + if (ret) + goto out4; ALLOC(krb_cred_info->caddr, 1); - copy_HostAddresses (&out_creds->addresses, krb_cred_info->caddr); + ret = copy_HostAddresses (&out_creds->addresses, krb_cred_info->caddr); + if (ret) + goto out4; krb5_free_creds (context, out_creds); diff --git a/lib/krb5/get_in_tkt.c b/lib/krb5/get_in_tkt.c index 471b900a0b97..19a638fb3bf3 100644 --- a/lib/krb5/get_in_tkt.c +++ b/lib/krb5/get_in_tkt.c @@ -492,7 +492,7 @@ krb5_get_in_cred(krb5_context context, { unsigned flags = EXTRACT_TICKET_TIMESYNC; if (opts.request_anonymous) - flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH; + flags |= EXTRACT_TICKET_ALLOW_SERVER_MISMATCH | EXTRACT_TICKET_MATCH_ANON; ret = _krb5_extract_ticket(context, &rep, diff --git a/lib/krb5/init_creds.c b/lib/krb5/init_creds.c index 58734c43f976..b34e3eb325c8 100644 --- a/lib/krb5/init_creds.c +++ b/lib/krb5/init_creds.c @@ -366,9 +366,11 @@ krb5_get_init_creds_opt_set_win2k(krb5_context context, if (req) { opt->opt_private->flags |= KRB5_INIT_CREDS_NO_C_CANON_CHECK; opt->opt_private->flags |= KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK; + opt->opt_private->flags |= KRB5_INIT_CREDS_PKINIT_NO_KRBTGT_OTHERNAME_CHECK; } else { opt->opt_private->flags &= ~KRB5_INIT_CREDS_NO_C_CANON_CHECK; opt->opt_private->flags &= ~KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK; + opt->opt_private->flags &= ~KRB5_INIT_CREDS_PKINIT_NO_KRBTGT_OTHERNAME_CHECK; } return 0; } diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c index 1eece1760daa..a225a5f44280 100644 --- a/lib/krb5/init_creds_pw.c +++ b/lib/krb5/init_creds_pw.c @@ -162,7 +162,9 @@ free_init_creds_ctx(krb5_context context, krb5_init_creds_context ctx) if (ctx->keytab_data) free(ctx->keytab_data); if (ctx->password) { - memset(ctx->password, 0, strlen(ctx->password)); + size_t len; + len = strlen(ctx->password); + memset_s(ctx->password, len, 0, len); free(ctx->password); } /* @@ -189,7 +191,7 @@ free_init_creds_ctx(krb5_context context, krb5_init_creds_context ctx) free_paid(context, ctx->ppaid); free(ctx->ppaid); } - memset(ctx, 0, sizeof(*ctx)); + memset_s(ctx, sizeof(*ctx), 0, sizeof(*ctx)); } static int @@ -629,8 +631,8 @@ change_password (krb5_context context, } out: - memset (buf1, 0, sizeof(buf1)); - memset (buf2, 0, sizeof(buf2)); + memset_s(buf1, sizeof(buf1), 0, sizeof(buf1)); + memset_s(buf2, sizeof(buf2), 0, sizeof(buf2)); krb5_data_free (&result_string); krb5_data_free (&result_code_string); krb5_free_cred_contents (context, &cpw_cred); @@ -756,7 +758,7 @@ init_as_req (krb5_context context, return 0; fail: free_AS_REQ(a); - memset(a, 0, sizeof(*a)); + memset_s(a, sizeof(*a), 0, sizeof(*a)); return ret; } @@ -1501,7 +1503,9 @@ krb5_init_creds_set_password(krb5_context context, const char *password) { if (ctx->password) { - memset(ctx->password, 0, strlen(ctx->password)); + size_t len; + len = strlen(ctx->password); + memset_s(ctx->password, len, 0, len); free(ctx->password); } if (password) { @@ -2244,6 +2248,8 @@ krb5_init_creds_step(krb5_context context, } if (ctx->ic_flags & KRB5_INIT_CREDS_NO_C_CANON_CHECK) eflags |= EXTRACT_TICKET_ALLOW_CNAME_MISMATCH; + if (ctx->flags.request_anonymous) + eflags |= EXTRACT_TICKET_MATCH_ANON; ret = process_pa_data_to_key(context, ctx, &ctx->cred, &ctx->as_req, &rep.kdc_rep, @@ -2267,6 +2273,26 @@ krb5_init_creds_step(krb5_context context, &ctx->req_buffer, NULL, NULL); + if (ret == 0 && ctx->pk_init_ctx) { + PA_DATA *pa_pkinit_kx; + int idx = 0; + + pa_pkinit_kx = + krb5_find_padata(rep.kdc_rep.padata->val, + rep.kdc_rep.padata->len, + KRB5_PADATA_PKINIT_KX, + &idx); + + ret = _krb5_pk_kx_confirm(context, ctx->pk_init_ctx, + ctx->fast_state.reply_key, + &ctx->cred.session, + pa_pkinit_kx); + if (ret) + krb5_set_error_message(context, ret, + N_("Failed to confirm PA-PKINIT-KX", "")); + else if (pa_pkinit_kx != NULL) + ctx->ic_flags |= KRB5_INIT_CREDS_PKINIT_KX_VALID; + } if (ret == 0) ret = copy_EncKDCRepPart(&rep.enc_part, &ctx->enc_part); @@ -2317,7 +2343,7 @@ krb5_init_creds_step(krb5_context context, if (ret == KRB5KDC_ERR_PREAUTH_REQUIRED) { free_METHOD_DATA(&ctx->md); - memset(&ctx->md, 0, sizeof(ctx->md)); + memset_s(&ctx->md, sizeof(ctx->md), 0, sizeof(ctx->md)); if (ctx->error.e_data) { ret = decode_METHOD_DATA(ctx->error.e_data->data, @@ -2371,7 +2397,7 @@ krb5_init_creds_step(krb5_context context, } free_AS_REQ(&ctx->as_req); - memset(&ctx->as_req, 0, sizeof(ctx->as_req)); + memset_s(&ctx->as_req, sizeof(ctx->as_req), 0, sizeof(ctx->as_req)); ctx->used_pa_types = 0; } else if (ret == KRB5KDC_ERR_KEY_EXP && ctx->runflags.change_password == 0 && ctx->prompter) { @@ -2685,7 +2711,7 @@ krb5_get_init_creds_password(krb5_context context, ret = (*prompter) (context, data, NULL, NULL, 1, &prompt); free (q); if (ret) { - memset (buf, 0, sizeof(buf)); + memset_s(buf, sizeof(buf), 0, sizeof(buf)); ret = KRB5_LIBOS_PWDINTR; krb5_clear_error_message (context); goto out; @@ -2741,8 +2767,8 @@ krb5_get_init_creds_password(krb5_context context, if (ctx) krb5_init_creds_free(context, ctx); - memset(buf, 0, sizeof(buf)); - memset(buf2, 0, sizeof(buf2)); + memset_s(buf, sizeof(buf), 0, sizeof(buf)); + memset_s(buf2, sizeof(buf), 0, sizeof(buf2)); return ret; } diff --git a/lib/krb5/kcm.c b/lib/krb5/kcm.c index 557dc5fe419c..8e1dfff2d0ca 100644 --- a/lib/krb5/kcm.c +++ b/lib/krb5/kcm.c @@ -224,7 +224,7 @@ kcm_free(krb5_context context, krb5_ccache *id) if (k != NULL) { if (k->name != NULL) free(k->name); - memset(k, 0, sizeof(*k)); + memset_s(k, sizeof(*k), 0, sizeof(*k)); krb5_data_free(&(*id)->data); } } diff --git a/lib/krb5/krb5-private.h b/lib/krb5/krb5-private.h index b511590ccfd4..79bd27e9397f 100644 --- a/lib/krb5/krb5-private.h +++ b/lib/krb5/krb5-private.h @@ -566,6 +566,14 @@ _krb5_pk_kdf ( krb5_keyblock */*key*/); KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_pk_kx_confirm ( + krb5_context /*context*/, + krb5_pk_init_ctx /*ctx*/, + krb5_keyblock */*reply_key*/, + krb5_keyblock */*session_key*/, + PA_DATA */*pa_pkinit_kx*/); + +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL _krb5_pk_load_id ( krb5_context /*context*/, struct krb5_pk_identity **/*ret_id*/, diff --git a/lib/krb5/krb5-protos.h b/lib/krb5/krb5-protos.h index a312e070fefb..fb2e0eabe140 100644 --- a/lib/krb5/krb5-protos.h +++ b/lib/krb5/krb5-protos.h @@ -6483,6 +6483,18 @@ krb5_principal_get_type ( krb5_const_principal /*principal*/); /** + * Returns true iff name is WELLKNOWN/ANONYMOUS + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_principal_is_anonymous ( + krb5_context /*context*/, + krb5_const_principal /*p*/, + unsigned int /*flags*/); + +/** * Returns true iff name is an WELLKNOWN:ORG.H5L.HOSTBASED-SERVICE * * @ingroup krb5_principal diff --git a/lib/krb5/krb5.h b/lib/krb5/krb5.h index 19c89f21ae84..b6745a5b7758 100644 --- a/lib/krb5/krb5.h +++ b/lib/krb5/krb5.h @@ -448,6 +448,7 @@ typedef union { #define KRB5_GC_NO_TRANSIT_CHECK (1U << 5) #define KRB5_GC_CONSTRAINED_DELEGATION (1U << 6) #define KRB5_GC_CANONICALIZE (1U << 7) +#define KRB5_GC_ANONYMOUS (1U << 8) /* constants for compare_creds (and cc_retrieve_cred) */ #define KRB5_TC_DONT_MATCH_REALM (1U << 31) @@ -941,6 +942,23 @@ typedef const struct krb5_name_canon_rule_data *krb5_const_name_canon_rule; typedef struct krb5_name_canon_iterator_data *krb5_name_canon_iterator; /* + * krb5_get_init_creds_opt_set_pkinit flags + */ + +#define KRB5_GIC_OPT_PKINIT_USE_ENCKEY 2 /* use RSA, not DH */ +#define KRB5_GIC_OPT_PKINIT_ANONYMOUS 4 /* anonymous PKINIT */ +#define KRB5_GIC_OPT_PKINIT_BTMM 8 /* reserved by Apple */ +#define KRB5_GIC_OPT_PKINIT_NO_KDC_ANCHOR 16 /* do not authenticate KDC */ + +/* + * _krb5_principal_is_anonymous() flags + */ +#define KRB5_ANON_MATCH_AUTHENTICATED 1 /* authenticated with anon flag */ +#define KRB5_ANON_MATCH_UNAUTHENTICATED 2 /* anonymous PKINIT */ +#define KRB5_ANON_MATCH_ANY ( KRB5_ANON_MATCH_AUTHENTICATED | KRB5_ANON_MATCH_UNAUTHENTICATED ) + + +/* * */ diff --git a/lib/krb5/krb5_locl.h b/lib/krb5/krb5_locl.h index 4d524ce1bb98..b64f3a9fbd49 100644 --- a/lib/krb5/krb5_locl.h +++ b/lib/krb5/krb5_locl.h @@ -208,6 +208,8 @@ struct _krb5_get_init_creds_opt_private { #define KRB5_INIT_CREDS_CANONICALIZE 1 #define KRB5_INIT_CREDS_NO_C_CANON_CHECK 2 #define KRB5_INIT_CREDS_NO_C_NO_EKU_CHECK 4 +#define KRB5_INIT_CREDS_PKINIT_KX_VALID 32 +#define KRB5_INIT_CREDS_PKINIT_NO_KRBTGT_OTHERNAME_CHECK 64 struct { krb5_gic_process_last_req func; void *ctx; @@ -292,6 +294,7 @@ typedef struct krb5_context_data { #define EXTRACT_TICKET_MATCH_REALM 4 #define EXTRACT_TICKET_AS_REQ 8 #define EXTRACT_TICKET_TIMESYNC 16 +#define EXTRACT_TICKET_MATCH_ANON 32 /* * Configurable options diff --git a/lib/krb5/libkrb5-exports.def.in b/lib/krb5/libkrb5-exports.def.in index 01f9f78c3b7c..47aaa8fe4f37 100644 --- a/lib/krb5/libkrb5-exports.def.in +++ b/lib/krb5/libkrb5-exports.def.in @@ -497,6 +497,7 @@ EXPORTS krb5_principal_get_num_comp krb5_principal_get_realm krb5_principal_get_type + krb5_principal_is_anonymous krb5_principal_is_krbtgt krb5_principal_match krb5_principal_set_comp_string @@ -766,6 +767,7 @@ EXPORTS _krb5_principalname2krb5_principal _krb5_put_int _krb5_s4u2self_to_checksumdata + _krb5_HMAC_MD5_checksum _krb5_expand_path_tokens ;! ; kinit helper diff --git a/lib/krb5/pkinit.c b/lib/krb5/pkinit.c index 0adb65e7afa1..7ede91c3fa9a 100644 --- a/lib/krb5/pkinit.c +++ b/lib/krb5/pkinit.c @@ -784,6 +784,8 @@ _krb5_pk_mk_padata(krb5_context context, req_body->realm, "pkinit_require_krbtgt_otherName", NULL); + if (ic_flags & KRB5_INIT_CREDS_PKINIT_NO_KRBTGT_OTHERNAME_CHECK) + ctx->require_krbtgt_otherName = FALSE; ctx->require_hostname_match = krb5_config_get_bool_default(context, NULL, @@ -1220,6 +1222,98 @@ pk_rd_pa_reply_enckey(krb5_context context, return ret; } +/* + * RFC 8062 section 7: + * + * The client then decrypts the KDC contribution key and verifies that + * the ticket session key in the returned ticket is the combined key of + * the KDC contribution key and the reply key. + */ +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_pk_kx_confirm(krb5_context context, + krb5_pk_init_ctx ctx, + krb5_keyblock *reply_key, + krb5_keyblock *session_key, + PA_DATA *pa_pkinit_kx) +{ + krb5_error_code ret; + EncryptedData ed; + krb5_keyblock ck, sk_verify; + krb5_crypto ck_crypto = NULL; + krb5_crypto rk_crypto = NULL; + size_t len; + krb5_data data; + krb5_data p1 = { sizeof("PKINIT") - 1, "PKINIT" }; + krb5_data p2 = { sizeof("KEYEXCHANGE") - 1, "KEYEXCHANGE" }; + + heim_assert(ctx != NULL, "PKINIT context is non-NULL"); + heim_assert(reply_key != NULL, "reply key is non-NULL"); + heim_assert(session_key != NULL, "session key is non-NULL"); + + /* PA-PKINIT-KX is optional unless anonymous */ + if (pa_pkinit_kx == NULL) + return ctx->anonymous ? KRB5_KDCREP_MODIFIED : 0; + + memset(&ed, 0, sizeof(ed)); + krb5_keyblock_zero(&ck); + krb5_keyblock_zero(&sk_verify); + krb5_data_zero(&data); + + ret = decode_EncryptedData(pa_pkinit_kx->padata_value.data, + pa_pkinit_kx->padata_value.length, + &ed, &len); + if (ret) + goto out; + + if (len != pa_pkinit_kx->padata_value.length) { + ret = KRB5_KDCREP_MODIFIED; + goto out; + } + + ret = krb5_crypto_init(context, reply_key, 0, &rk_crypto); + if (ret) + goto out; + + ret = krb5_decrypt_EncryptedData(context, rk_crypto, + KRB5_KU_PA_PKINIT_KX, + &ed, &data); + if (ret) + goto out; + + ret = decode_EncryptionKey(data.data, data.length, + &ck, &len); + if (ret) + goto out; + + ret = krb5_crypto_init(context, &ck, 0, &ck_crypto); + if (ret) + goto out; + + ret = krb5_crypto_fx_cf2(context, ck_crypto, rk_crypto, + &p1, &p2, session_key->keytype, + &sk_verify); + if (ret) + goto out; + + if (sk_verify.keytype != session_key->keytype || + krb5_data_ct_cmp(&sk_verify.keyvalue, &session_key->keyvalue) != 0) { + ret = KRB5_KDCREP_MODIFIED; + goto out; + } + +out: + free_EncryptedData(&ed); + krb5_free_keyblock_contents(context, &ck); + krb5_free_keyblock_contents(context, &sk_verify); + if (ck_crypto) + krb5_crypto_destroy(context, ck_crypto); + if (rk_crypto) + krb5_crypto_destroy(context, rk_crypto); + krb5_data_free(&data); + + return ret; +} + static krb5_error_code pk_rd_pa_reply_dh(krb5_context context, const heim_octet_string *indata, @@ -2269,7 +2363,7 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, x509_anchors = anchors; } - if (flags & 4) + if (flags & KRB5_GIC_OPT_PKINIT_ANONYMOUS) opt->opt_private->pk_init_ctx->anonymous = 1; ret = _krb5_pk_load_id(context, @@ -2286,6 +2380,11 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, opt->opt_private->pk_init_ctx = NULL; return ret; } + if (flags & KRB5_GIC_OPT_PKINIT_BTMM) + opt->opt_private->pk_init_ctx->id->flags |= PKINIT_BTMM; + + if (principal && krb5_principal_is_lkdc(context, principal)) + opt->opt_private->pk_init_ctx->id->flags |= PKINIT_BTMM; if (opt->opt_private->pk_init_ctx->id->certs) { _krb5_pk_set_user_id(context, @@ -2295,7 +2394,7 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, } else opt->opt_private->pk_init_ctx->id->cert = NULL; - if ((flags & 2) == 0) { + if ((flags & KRB5_GIC_OPT_PKINIT_USE_ENCKEY) == 0) { hx509_context hx509ctx = context->hx509ctx; hx509_cert cert = opt->opt_private->pk_init_ctx->id->cert; diff --git a/lib/krb5/principal.c b/lib/krb5/principal.c index 143dd6414b1e..23c459281e5e 100644 --- a/lib/krb5/principal.c +++ b/lib/krb5/principal.c @@ -1247,6 +1247,32 @@ krb5_principal_is_root_krbtgt(krb5_context context, krb5_const_principal p) strcmp(p->name.name_string.val[1], p->realm) == 0; } +/** + * Returns true iff name is WELLKNOWN/ANONYMOUS + * + * @ingroup krb5_principal + */ + +KRB5_LIB_FUNCTION krb5_boolean KRB5_LIB_CALL +krb5_principal_is_anonymous(krb5_context context, + krb5_const_principal p, + unsigned int flags) +{ + int anon_realm; + + if ((p->name.name_type != KRB5_NT_WELLKNOWN && + p->name.name_type != KRB5_NT_UNKNOWN) || + p->name.name_string.len != 2 || + strcmp(p->name.name_string.val[0], KRB5_WELLKNOWN_NAME) != 0 || + strcmp(p->name.name_string.val[1], KRB5_ANON_NAME) != 0) + return FALSE; + + anon_realm = strcmp(p->realm, KRB5_ANON_REALM) == 0; + + return ((flags & KRB5_ANON_MATCH_AUTHENTICATED) && !anon_realm) || + ((flags & KRB5_ANON_MATCH_UNAUTHENTICATED) && anon_realm); +} + static int tolower_ascii(int c) { diff --git a/lib/krb5/rd_cred.c b/lib/krb5/rd_cred.c index b9b18ee99846..e38882525ab4 100644 --- a/lib/krb5/rd_cred.c +++ b/lib/krb5/rd_cred.c @@ -271,7 +271,11 @@ krb5_rd_cred(krb5_context context, } if(creds->ticket.length != len) krb5_abortx(context, "internal error in ASN.1 encoder"); - copy_EncryptionKey (&kci->key, &creds->session); + ret = copy_EncryptionKey (&kci->key, &creds->session); + if (ret) { + krb5_free_creds(context, creds); + goto out; + } if (kci->prealm && kci->pname) _krb5_principalname2krb5_principal (context, &creds->client, diff --git a/lib/krb5/salt-des.c b/lib/krb5/salt-des.c index afcff675b24f..d898d6c20574 100644 --- a/lib/krb5/salt-des.c +++ b/lib/krb5/salt-des.c @@ -109,7 +109,7 @@ krb5_DES_AFS3_Transarc_string_to_key (krb5_data pw, memset(&schedule, 0, sizeof(schedule)); memset(&temp_key, 0, sizeof(temp_key)); memset(&ivec, 0, sizeof(ivec)); - memset(password, 0, sizeof(password)); + memset_s(password, sizeof(password), 0, sizeof(password)); DES_set_odd_parity (key); } diff --git a/lib/krb5/salt-des3.c b/lib/krb5/salt-des3.c index 342bba0d0f6b..8cb73cf465a6 100644 --- a/lib/krb5/salt-des3.c +++ b/lib/krb5/salt-des3.c @@ -61,7 +61,7 @@ DES3_string_to_key(krb5_context context, ret = _krb5_n_fold(str, len, tmp, 24); if (ret) { - memset(str, 0, len); + memset_s(str, len, 0, len); free(str); krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); return ret; @@ -74,24 +74,24 @@ DES3_string_to_key(krb5_context context, _krb5_xor8(*(keys + i), (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); DES_set_key_unchecked(keys + i, &s[i]); } - memset(&ivec, 0, sizeof(ivec)); + memset_s(&ivec, sizeof(ivec), 0, sizeof(ivec)); DES_ede3_cbc_encrypt(tmp, tmp, sizeof(tmp), &s[0], &s[1], &s[2], &ivec, DES_ENCRYPT); - memset(s, 0, sizeof(s)); - memset(&ivec, 0, sizeof(ivec)); + memset_s(s, sizeof(s), 0, sizeof(s)); + memset_s(&ivec, sizeof(ivec), 0, sizeof(ivec)); for(i = 0; i < 3; i++){ memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); DES_set_odd_parity(keys + i); if(DES_is_weak_key(keys + i)) _krb5_xor8(*(keys + i), (const unsigned char*)"\0\0\0\0\0\0\0\xf0"); } - memset(tmp, 0, sizeof(tmp)); + memset_s(tmp, sizeof(tmp), 0, sizeof(tmp)); } key->keytype = enctype; krb5_data_copy(&key->keyvalue, keys, sizeof(keys)); - memset(keys, 0, sizeof(keys)); - memset(str, 0, len); + memset_s(keys, sizeof(keys), 0, sizeof(keys)); + memset_s(str, len, 0, len); free(str); return 0; } @@ -119,7 +119,7 @@ DES3_string_to_key_derived(krb5_context context, len, enctype, key); - memset(s, 0, len); + memset_s(s, len, 0, len); free(s); return ret; } diff --git a/lib/krb5/send_to_kdc.c b/lib/krb5/send_to_kdc.c index 066b849a7576..a920db78b649 100644 --- a/lib/krb5/send_to_kdc.c +++ b/lib/krb5/send_to_kdc.c @@ -314,6 +314,7 @@ static void debug_host(krb5_context context, int level, struct host *host, const char *fmt, ...) { const char *proto = "unknown"; + const char *state; char name[NI_MAXHOST], port[NI_MAXSERV]; char *text = NULL; va_list ap; @@ -339,8 +340,17 @@ debug_host(krb5_context context, int level, struct host *host, const char *fmt, name, sizeof(name), port, sizeof(port), NI_NUMERICHOST) != 0) name[0] = '\0'; - _krb5_debug(context, level, "%s: %s %s:%s (%s) tid: %08x", text, - proto, name, port, host->hi->hostname, host->tid); + switch (host->state) { + case CONNECT: state = "CONNECT"; break; + case CONNECTING: state = "CONNECTING"; break; + case CONNECTED: state = "CONNECTED"; break; + case WAITING_REPLY: state = "WAITING_REPLY"; break; + case DEAD: state = "DEAD"; break; + default: state = "unknown"; break; + } + + _krb5_debug(context, level, "%s: %s %s:%s (%s) state=%s tid: %08x", text, + proto, name, port, host->hi->hostname, state, host->tid); free(text); } @@ -881,11 +891,18 @@ submit_request(krb5_context context, krb5_sendto_ctx ctx, krb5_krbhst_info *hi) host->tries = host->fun->ntries; /* - * Connect directly next host, wait a host_timeout for each next address + * Connect directly next host, wait a host_timeout for each next address. + * We try host_connect() here, checking the return code because as we do + * non-blocking connects, any error here indicates that the address is just + * offline. That is, it's something like "No route to host" which is not + * worth retrying. And so, we fail directly and immediately to the next + * address for this host without enqueueing the address for retries. */ - if (submitted_host == 0) + if (submitted_host == 0) { host_connect(context, ctx, host); - else { + if (host->state == DEAD) + continue; + } else { debug_host(context, 5, host, "Queuing host in future (in %ds), its the %lu address on the same name", (int)(context->host_timeout * submitted_host), submitted_host + 1); @@ -893,16 +910,14 @@ submit_request(krb5_context context, krb5_sendto_ctx ctx, krb5_krbhst_info *hi) } heim_array_append_value(ctx->hosts, host); - heim_release(host); - submitted_host++; } if (freeai) freeaddrinfo(ai); - if (!submitted_host) + if (submitted_host == 0) return KRB5_KDC_UNREACH; return 0; @@ -913,7 +928,7 @@ struct wait_ctx { krb5_sendto_ctx ctx; fd_set rfds; fd_set wfds; - unsigned max_fd; + rk_socket_t max_fd; int got_reply; time_t timenow; }; @@ -924,16 +939,16 @@ wait_setup(heim_object_t obj, void *iter_ctx, int *stop) struct wait_ctx *wait_ctx = iter_ctx; struct host *h = (struct host *)obj; + if (h->state == CONNECT) { + if (h->timeout >= wait_ctx->timenow) + return; + host_connect(wait_ctx->context, wait_ctx->ctx, h); + } + /* skip dead hosts */ if (h->state == DEAD) return; - if (h->state == CONNECT) { - if (h->timeout < wait_ctx->timenow) - host_connect(wait_ctx->context, wait_ctx->ctx, h); - return; - } - /* if host timed out, dec tries and (retry or kill host) */ if (h->timeout < wait_ctx->timenow) { heim_assert(h->tries != 0, "tries should not reach 0"); @@ -961,9 +976,10 @@ wait_setup(heim_object_t obj, void *iter_ctx, int *stop) FD_SET(h->fd, &wait_ctx->wfds); break; default: + debug_host(wait_ctx->context, 5, h, "invalid sendto host state"); heim_abort("invalid sendto host state"); } - if (h->fd > wait_ctx->max_fd) + if (h->fd > wait_ctx->max_fd || wait_ctx->max_fd == rk_INVALID_SOCKET) wait_ctx->max_fd = h->fd; } @@ -975,6 +991,15 @@ wait_filter_dead(heim_object_t obj, void *ctx) } static void +wait_accelerate(heim_object_t obj, void *ctx, int *stop) +{ + struct host *h = (struct host *)obj; + + if (h->state == CONNECT && h->timeout > 0) + h->timeout--; +} + +static void wait_process(heim_object_t obj, void *ctx, int *stop) { struct wait_ctx *wait_ctx = ctx; @@ -1007,7 +1032,7 @@ wait_response(krb5_context context, int *action, krb5_sendto_ctx ctx) wait_ctx.ctx = ctx; FD_ZERO(&wait_ctx.rfds); FD_ZERO(&wait_ctx.wfds); - wait_ctx.max_fd = 0; + wait_ctx.max_fd = rk_INVALID_SOCKET; /* oh, we have a reply, it must be a plugin that got it for us */ if (ctx->response.length) { @@ -1033,6 +1058,17 @@ wait_response(krb5_context context, int *action, krb5_sendto_ctx ctx) return 0; } + if (wait_ctx.max_fd == rk_INVALID_SOCKET) { + /* + * If we don't find a host which can make progress, then + * we accelerate the process by moving all of the contestants + * up by 1s. + */ + _krb5_debug(context, 5, "wait_response: moving the contestants forward"); + heim_array_iterate_f(ctx->hosts, &wait_ctx, wait_accelerate); + return 0; + } + tv.tv_sec = 1; tv.tv_usec = 0; @@ -1173,7 +1209,7 @@ krb5_sendto_context(krb5_context context, action = KRB5_SENDTO_CONTINUE; if (ret == 0) { - _krb5_debug(context, 5, "submissing new requests to new host"); + _krb5_debug(context, 5, "submitting new requests to new host"); if (submit_request(context, ctx, hi) != 0) action = KRB5_SENDTO_TIMEOUT; } else { diff --git a/lib/krb5/ticket.c b/lib/krb5/ticket.c index b8d81c6ad53a..8961c394a492 100644 --- a/lib/krb5/ticket.c +++ b/lib/krb5/ticket.c @@ -526,27 +526,62 @@ noreferral: return 0; } - /* - * Verify referral data + * Verify KDC supported anonymous if requested */ +static krb5_error_code +check_client_anonymous(krb5_context context, + krb5_kdc_rep *rep, + krb5_const_principal requested, + krb5_const_principal mapped, + krb5_boolean is_tgs_rep) +{ + int flags; + + if (!rep->enc_part.flags.anonymous) + return KRB5KDC_ERR_BADOPTION; + + if (is_tgs_rep) + flags = KRB5_ANON_MATCH_ANY; + else if (krb5_principal_is_anonymous(context, requested, KRB5_ANON_MATCH_ANY)) + flags = KRB5_ANON_MATCH_UNAUTHENTICATED; + else + flags = KRB5_ANON_MATCH_AUTHENTICATED; + + if (!krb5_principal_is_anonymous(context, mapped, flags)) + return KRB5KRB_AP_ERR_MODIFIED; + return 0; +} + +/* + * Verify returned client principal name in anonymous/referral case + */ static krb5_error_code -check_client_referral(krb5_context context, +check_client_mismatch(krb5_context context, krb5_kdc_rep *rep, krb5_const_principal requested, krb5_const_principal mapped, krb5_keyblock const * key) { - if (krb5_principal_compare(context, requested, mapped) == FALSE && - !rep->enc_part.flags.enc_pa_rep) - { - krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, - N_("Not same client principal returned " - "as requested", "")); - return KRB5KRB_AP_ERR_MODIFIED; + if (rep->enc_part.flags.anonymous) { + if (!krb5_principal_is_anonymous(context, mapped, KRB5_ANON_MATCH_ANY)) { + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, + N_("Anonymous ticket does not contain anonymous " + "principal", "")); + return KRB5KRB_AP_ERR_MODIFIED; + } + } else { + if (krb5_principal_compare(context, requested, mapped) == FALSE && + !rep->enc_part.flags.enc_pa_rep) { + krb5_set_error_message(context, KRB5KRB_AP_ERR_MODIFIED, + N_("Not same client principal returned " + "as requested", "")); + return KRB5KRB_AP_ERR_MODIFIED; + } } + return 0; } @@ -687,10 +722,21 @@ _krb5_extract_ticket(krb5_context context, if (ret) goto out; + /* check KDC supported anonymous if it was requested */ + if (flags & EXTRACT_TICKET_MATCH_ANON) { + ret = check_client_anonymous(context,rep, + creds->client, + tmp_principal, + request == NULL); /* is TGS */ + if (ret) { + krb5_free_principal(context, tmp_principal); + goto out; + } + } + /* check client referral and save principal */ - /* anonymous here ? */ if((flags & EXTRACT_TICKET_ALLOW_CNAME_MISMATCH) == 0) { - ret = check_client_referral(context, rep, + ret = check_client_mismatch(context, rep, creds->client, tmp_principal, &creds->session); diff --git a/lib/krb5/version-script.map b/lib/krb5/version-script.map index 6c49368a8a14..4e7225612a7a 100644 --- a/lib/krb5/version-script.map +++ b/lib/krb5/version-script.map @@ -494,6 +494,7 @@ HEIMDAL_KRB5_2.0 { krb5_principal_set_comp_string; krb5_principal_set_realm; krb5_principal_set_type; + krb5_principal_is_anonymous; krb5_principal_is_krbtgt; krb5_print_address; krb5_program_setup; @@ -761,6 +762,7 @@ HEIMDAL_KRB5_2.0 { _krb5_principalname2krb5_principal; _krb5_put_int; _krb5_s4u2self_to_checksumdata; + _krb5_HMAC_MD5_checksum; # kinit helper krb5_get_init_creds_opt_set_pkinit_user_certs; diff --git a/lib/libedit/configure b/lib/libedit/configure index 4bc18e334016..68a69d141b8e 100755 --- a/lib/libedit/configure +++ b/lib/libedit/configure @@ -586,7 +586,7 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='libedit' -PACKAGE_TARNAME='libedit-20171208' +PACKAGE_TARNAME='libedit-20190607' PACKAGE_VERSION='3.1' PACKAGE_STRING='libedit 3.1' PACKAGE_BUGREPORT='' @@ -1362,7 +1362,7 @@ Fine tuning of the installation directories: --localedir=DIR locale-dependent data [DATAROOTDIR/locale] --mandir=DIR man documentation [DATAROOTDIR/man] --docdir=DIR documentation root - [DATAROOTDIR/doc/libedit-20171208] + [DATAROOTDIR/doc/libedit-20190607] --htmldir=DIR html documentation [DOCDIR] --dvidir=DIR dvi documentation [DOCDIR] --pdfdir=DIR pdf documentation [DOCDIR] @@ -4208,7 +4208,7 @@ fi # Define the identity of the package. - PACKAGE='libedit-20171208' + PACKAGE='libedit-20190607' VERSION='3.1' diff --git a/lib/libedit/ltmain.sh b/lib/libedit/ltmain.sh index 0f0a2da3f9dd..0f0a2da3f9dd 100755..100644 --- a/lib/libedit/ltmain.sh +++ b/lib/libedit/ltmain.sh diff --git a/lib/libedit/src/makelist b/lib/libedit/src/makelist index c8f927651ab3..315d91e2adee 100644 --- a/lib/libedit/src/makelist +++ b/lib/libedit/src/makelist @@ -35,7 +35,10 @@ # makelist.sh: Automatically generate header files... -AWK=awk +if [ "x$AWK" = "x" ] +then + AWK=awk +fi USAGE="Usage: $0 -h|-fc|-fh|-bh <filenames>" if [ "x$1" = "x" ] diff --git a/lib/libedit/src/vis.h b/lib/libedit/src/vis.h index a1b23c920ec0..ddd597b4b173 100644 --- a/lib/libedit/src/vis.h +++ b/lib/libedit/src/vis.h @@ -81,7 +81,9 @@ */ #define UNVIS_END _VIS_END /* no more characters */ +#ifdef HAVE_SYS_CDEFS_H #include <sys/cdefs.h> +#endif __BEGIN_DECLS char *vis(char *, int, int, int); diff --git a/lib/ntlm/ntlm.c b/lib/ntlm/ntlm.c index 7ec0181ff419..42dd09bed5bf 100644 --- a/lib/ntlm/ntlm.c +++ b/lib/ntlm/ntlm.c @@ -1192,7 +1192,7 @@ splitandenc(unsigned char *hash, EVP_CipherInit_ex(&ctx, EVP_des_cbc(), NULL, key, NULL, 1); EVP_Cipher(&ctx, answer, challenge, 8); EVP_CIPHER_CTX_cleanup(&ctx); - memset(key, 0, sizeof(key)); + memset_s(key, sizeof(key), 0, sizeof(key)); } /** diff --git a/lib/roken/install-sh b/lib/roken/install-sh index e9de23842dcd..e9de23842dcd 100755..100644 --- a/lib/roken/install-sh +++ b/lib/roken/install-sh diff --git a/lib/roken/missing b/lib/roken/missing index 7789652e877f..7789652e877f 100755..100644 --- a/lib/roken/missing +++ b/lib/roken/missing diff --git a/lib/roken/mkinstalldirs b/lib/roken/mkinstalldirs index 6b3b5fc5d4d3..6b3b5fc5d4d3 100755..100644 --- a/lib/roken/mkinstalldirs +++ b/lib/roken/mkinstalldirs diff --git a/lib/roken/rand.c b/lib/roken/rand.c index 03239d7dc244..f2617d8ab2bc 100644 --- a/lib/roken/rand.c +++ b/lib/roken/rand.c @@ -42,7 +42,7 @@ void ROKEN_LIB_FUNCTION rk_random_init(void) { #if defined(HAVE_ARC4RANDOM) - arc4random_stir(); + /* nothing to do */; #elif defined(HAVE_SRANDOMDEV) srandomdev(); #elif defined(HAVE_RANDOM) diff --git a/lib/wind/UnicodeData.py b/lib/wind/UnicodeData.py index dd6dfa745d9f..8ce3bcade279 100644 --- a/lib/wind/UnicodeData.py +++ b/lib/wind/UnicodeData.py @@ -50,7 +50,7 @@ def read(filename): continue f = l.split(';') key = int(f[0], 0x10) - if key in ret: + if key in ret: raise Exception('Duplicate key in UnicodeData') ret[key] = f[1:] ud.close() diff --git a/lib/wind/bidi_table.c b/lib/wind/bidi_table.c index 916805fdc614..5628c3bd1c73 100644 --- a/lib/wind/bidi_table.c +++ b/lib/wind/bidi_table.c @@ -1,5 +1,5 @@ /* ./bidi_table.c */ -/* Automatically generated at 2017-12-08T03:21:13.199657 */ +/* Automatically generated at 2019-06-07T02:26:41.397837 */ #include "bidi_table.h" diff --git a/lib/wind/bidi_table.h b/lib/wind/bidi_table.h index 3fc83d2e4e7b..f00ddb1b6763 100644 --- a/lib/wind/bidi_table.h +++ b/lib/wind/bidi_table.h @@ -1,5 +1,5 @@ /* ./bidi_table.h */ -/* Automatically generated at 2017-12-08T03:21:13.199278 */ +/* Automatically generated at 2019-06-07T02:26:41.396770 */ #ifndef BIDI_TABLE_H #define BIDI_TABLE_H 1 diff --git a/lib/wind/combining_table.c b/lib/wind/combining_table.c index a69ef4127693..71218362fc35 100644 --- a/lib/wind/combining_table.c +++ b/lib/wind/combining_table.c @@ -1,5 +1,5 @@ /* ./combining_table.c */ -/* Automatically generated at 2017-12-08T03:21:13.302135 */ +/* Automatically generated at 2019-06-07T02:26:41.530824 */ #include "combining_table.h" diff --git a/lib/wind/combining_table.h b/lib/wind/combining_table.h index cd2c03264de0..023857adda64 100644 --- a/lib/wind/combining_table.h +++ b/lib/wind/combining_table.h @@ -1,5 +1,5 @@ /* ./combining_table.h */ -/* Automatically generated at 2017-12-08T03:21:13.301786 */ +/* Automatically generated at 2019-06-07T02:26:41.530328 */ #ifndef COMBINING_TABLE_H #define COMBINING_TABLE_H 1 diff --git a/lib/wind/errorlist_table.c b/lib/wind/errorlist_table.c index be0bfce26245..241e39bb05f3 100644 --- a/lib/wind/errorlist_table.c +++ b/lib/wind/errorlist_table.c @@ -1,5 +1,5 @@ /* ./errorlist_table.c */ -/* Automatically generated at 2017-12-08T03:21:13.365706 */ +/* Automatically generated at 2019-06-07T02:26:41.399027 */ #include "errorlist_table.h" diff --git a/lib/wind/errorlist_table.h b/lib/wind/errorlist_table.h index beebfb55aa82..546048fae751 100644 --- a/lib/wind/errorlist_table.h +++ b/lib/wind/errorlist_table.h @@ -1,5 +1,5 @@ /* ./errorlist_table.h */ -/* Automatically generated at 2017-12-08T03:21:13.365395 */ +/* Automatically generated at 2019-06-07T02:26:41.398369 */ #ifndef ERRORLIST_TABLE_H #define ERRORLIST_TABLE_H 1 diff --git a/lib/wind/gen-bidi.py b/lib/wind/gen-bidi.py index 21839c2550b2..e2efcbb555a2 100644 --- a/lib/wind/gen-bidi.py +++ b/lib/wind/gen-bidi.py @@ -42,7 +42,7 @@ import generate import rfc3454 if len(sys.argv) != 3: - print "usage: %s rfc3454.txt outdir" % sys.argv[0] + print("usage: %s rfc3454.txt outdir" % sys.argv[0]) sys.exit(1) tables = rfc3454.read(sys.argv[1]) diff --git a/lib/wind/gen-combining.py b/lib/wind/gen-combining.py index 86cbc6d50f0c..43e0d52eb3cf 100644 --- a/lib/wind/gen-combining.py +++ b/lib/wind/gen-combining.py @@ -42,7 +42,7 @@ import generate import UnicodeData if len(sys.argv) != 3: - print "usage: %s UnicodeData.txt out-dir" % sys.argv[0] + print("usage: %s UnicodeData.txt out-dir" % sys.argv[0]) sys.exit(1) ud = UnicodeData.read(sys.argv[1]) @@ -79,8 +79,7 @@ combining_c.file.write( const struct translation _wind_combining_table[] = { ''') -s = trans.keys() -s.sort() +s = sorted(trans) for k in s: v = trans[k] combining_c.file.write("{0x%x, %u}, /* %s */\n" diff --git a/lib/wind/gen-errorlist.py b/lib/wind/gen-errorlist.py index f0b9524783b4..97646cf5aed6 100644 --- a/lib/wind/gen-errorlist.py +++ b/lib/wind/gen-errorlist.py @@ -44,13 +44,13 @@ import rfc4518 import stringprep if len(sys.argv) != 3: - print "usage: %s rfc3454.txt out-dir" % sys.argv[0] + print("usage: %s rfc3454.txt out-dir" % sys.argv[0]) sys.exit(1) tables = rfc3454.read(sys.argv[1]) t2 = rfc4518.read() -for x in t2.iterkeys(): +for x in t2.keys(): tables[x] = t2[x] error_list = stringprep.get_errorlist() @@ -85,7 +85,7 @@ const struct error_entry _wind_errorlist_table[] = { trans=[] -for t in error_list.iterkeys(): +for t in error_list.keys(): for l in tables[t]: m = re.search('^ *([0-9A-F]+)-([0-9A-F]+); *(.*) *$', l) if m: @@ -104,7 +104,7 @@ for x in trans: (start, length, description, tables) = x symbols = stringprep.symbols(error_list, tables) if len(symbols) == 0: - print "no symbol for %s" % description + print("no symbol for %s" % description) sys.exit(1) errorlist_c.file.write(" {0x%x, 0x%x, %s}, /* %s: %s */\n" % (start, length, symbols, ",".join(tables), description)) diff --git a/lib/wind/gen-map.py b/lib/wind/gen-map.py index d4f02af1f29d..dc10d6fae7f6 100644 --- a/lib/wind/gen-map.py +++ b/lib/wind/gen-map.py @@ -45,13 +45,13 @@ import stringprep import util if len(sys.argv) != 3: - print "usage: %s rfc3454.txt out-dir" % sys.argv[0] + print("usage: %s rfc3454.txt out-dir" % sys.argv[0]) sys.exit(1) tables = rfc3454.read(sys.argv[1]) t2 = rfc4518.read() -for x in t2.iterkeys(): +for x in t2: tables[x] = t2[x] map_list = stringprep.get_maplist() @@ -88,7 +88,7 @@ const struct translation _wind_map_table[] = { trans=[] -for t in map_list.iterkeys(): +for t in map_list: for l in tables[t]: m = re.search('^ *([0-9A-F]+)-([0-9A-F]+); *([^;]+); *(.*) *$', l) if m: @@ -96,7 +96,7 @@ for t in map_list.iterkeys(): end = int(m.group(2), 0x10) value = m.group(3) desc = m.group(4) - for key in xrange(start,end,1): + for key in range(start,end,1): trans.append((key, value, desc, [t])) continue m = re.search('^ *([^;]+); *([^;]+); *(.*) *$', l) @@ -114,7 +114,7 @@ trans = stringprep.sort_merge_trans(trans) for x in trans: if x[0] == 0xad: - print "fooresult %s" % ",".join(x[3]) + print("fooresult %s" % ",".join(x[3])) for x in trans: (key, value, description, table) = x @@ -130,7 +130,7 @@ for x in trans: (key, value, description, tables) = x symbols = stringprep.symbols(map_list, tables) if len(symbols) == 0: - print "no symbol for %s %s (%s)" % (key, description, tables) + print("no symbol for %s %s (%s)" % (key, description, tables)) sys.exit(1) v = value.split() map_c.file.write(" {0x%x, %u, %u, %s}, /* %s: %s */\n" diff --git a/lib/wind/gen-normalize.py b/lib/wind/gen-normalize.py index 9b3553c46d0d..daf3c3dc42f1 100644 --- a/lib/wind/gen-normalize.py +++ b/lib/wind/gen-normalize.py @@ -43,15 +43,15 @@ import UnicodeData import util if len(sys.argv) != 4: - print "usage: %s UnicodeData.txt" - " CompositionExclusions-3.2.0.txt out-dir" % sys.argv[0] + print("usage: %s UnicodeData.txt" + " CompositionExclusions-3.2.0.txt out-dir" % sys.argv[0]) sys.exit(1) ud = UnicodeData.read(sys.argv[1]) def sortedKeys(d): """Return a sorted list of the keys of a dict""" - keys = d.keys() + keys = list(d.keys()) keys.sort() return keys @@ -136,7 +136,7 @@ exclusions = UnicodeData.read(sys.argv[2]) inv = dict([(''.join(["%05x" % int(x, 0x10) for x in v[4].split(' ')]), [k, v[0]]) for k,v in ud.items() - if v[4] and not re.search('<[a-zA-Z]+> *', v[4]) and not exclusions.has_key(k)]) + if v[4] and not re.search('<[a-zA-Z]+> *', v[4]) and not k in exclusions]) table = 0 diff --git a/lib/wind/gen-punycode-examples.py b/lib/wind/gen-punycode-examples.py index 44f5dafe508c..f2eddbb37386 100644 --- a/lib/wind/gen-punycode-examples.py +++ b/lib/wind/gen-punycode-examples.py @@ -35,13 +35,12 @@ # SUCH DAMAGE. import re -import string import sys import generate if len(sys.argv) != 3: - print "usage: %s rfc3492.txt" % sys.argv[0] + print("usage: %s rfc3492.txt" % sys.argv[0]) sys.exit(1) f = open(sys.argv[1], 'r') @@ -72,7 +71,7 @@ while True: else: m = re.search('^ *([uU]+.*) *$', l) if m: - codes.extend(string.split(m.group(1), ' ')) + codes.extend(m.group(1).split(' ')) else: m = re.search('^ *Punycode: (.*) *$', l) if m: @@ -81,7 +80,7 @@ while True: if re.match('^7\.1', l): start = True cases = [] - + f.close() examples_h.file.write( @@ -115,7 +114,7 @@ for x in cases: examples_c.file.write( " {%u, {%s}, \"%s\", \"%s\"},\n" % (len(cp), - string.join([re.sub('[uU]\+', '0x', x) for x in cp], ', '), + ",".join([re.sub('[uU]\+', '0x', x) for x in cp]), pc, desc)) diff --git a/lib/wind/generate.py b/lib/wind/generate.py index 1d708c6a3c47..0a32fcd4d4d8 100644 --- a/lib/wind/generate.py +++ b/lib/wind/generate.py @@ -37,6 +37,7 @@ import datetime import string import os +import sys class GeneratedFile : "Represents a generated file" @@ -56,10 +57,14 @@ class GeneratedFile : class Header(GeneratedFile) : "Represents a generated header file" - guardTrans = string.maketrans('-.', '__') + if sys.hexversion>0x300000f: + guardTrans = bytes.maketrans(b'-.', b'__') + else: + import string + guardTrans = string.maketrans('-.', '__') def makeGuard(self) : """Return a name to be used as ifdef guard""" - return string.upper(string.translate(self.name, self.guardTrans)) + return self.name.translate(self.guardTrans).upper() def __init__(self, name) : "Create a new Header with name" diff --git a/lib/wind/map_table.c b/lib/wind/map_table.c index 9be8c9241f24..abce7bef5fb6 100644 --- a/lib/wind/map_table.c +++ b/lib/wind/map_table.c @@ -1,5 +1,5 @@ /* ./map_table.c */ -/* Automatically generated at 2017-12-08T03:21:13.416181 */ +/* Automatically generated at 2019-06-07T02:26:41.398537 */ #include "map_table.h" diff --git a/lib/wind/map_table.h b/lib/wind/map_table.h index fb6c773d99c9..ae8e90356825 100644 --- a/lib/wind/map_table.h +++ b/lib/wind/map_table.h @@ -1,5 +1,5 @@ /* ./map_table.h */ -/* Automatically generated at 2017-12-08T03:21:13.415873 */ +/* Automatically generated at 2019-06-07T02:26:41.397498 */ #ifndef MAP_TABLE_H #define MAP_TABLE_H 1 diff --git a/lib/wind/normalize_table.c b/lib/wind/normalize_table.c index 2f9a690e3f2c..0a11b0d29dd1 100644 --- a/lib/wind/normalize_table.c +++ b/lib/wind/normalize_table.c @@ -1,5 +1,5 @@ /* ./normalize_table.c */ -/* Automatically generated at 2017-12-08T03:21:13.608557 */ +/* Automatically generated at 2019-06-07T02:26:41.707824 */ #include "normalize_table.h" diff --git a/lib/wind/normalize_table.h b/lib/wind/normalize_table.h index 52b1f5292d6e..d82cc26d4c03 100644 --- a/lib/wind/normalize_table.h +++ b/lib/wind/normalize_table.h @@ -1,5 +1,5 @@ /* ./normalize_table.h */ -/* Automatically generated at 2017-12-08T03:21:13.608247 */ +/* Automatically generated at 2019-06-07T02:26:41.685585 */ #ifndef NORMALIZE_TABLE_H #define NORMALIZE_TABLE_H 1 diff --git a/lib/wind/punycode_examples.c b/lib/wind/punycode_examples.c index 6252952e6e45..7336f3eacfea 100644 --- a/lib/wind/punycode_examples.c +++ b/lib/wind/punycode_examples.c @@ -1,5 +1,5 @@ /* ./punycode_examples.c */ -/* Automatically generated at 2017-12-08T03:21:15.326628 */ +/* Automatically generated at 2019-06-07T02:40:18.438604 */ #ifndef PUNYCODE_EXAMPLES_C #define PUNYCODE_EXAMPLES_C 1 @@ -8,25 +8,25 @@ #include "punycode_examples.h" const struct punycode_example punycode_examples[] = { - {17, {0x0644, 0x064A, 0x0647, 0x0645, 0x0627, 0x0628, 0x062A, 0x0643, 0x0644, 0x0645, 0x0648, 0x0634, 0x0639, 0x0631, 0x0628, 0x064A, 0x061F}, "egbpdaj6bu4bxfgehfvwxn", "Arabic (Egyptian):"}, - {9, {0x4ED6, 0x4EEC, 0x4E3A, 0x4EC0, 0x4E48, 0x4E0D, 0x8BF4, 0x4E2D, 0x6587}, "ihqwcrb4cv8a8dqg056pqjye", "Chinese (simplified):"}, - {9, {0x4ED6, 0x5011, 0x7232, 0x4EC0, 0x9EBD, 0x4E0D, 0x8AAA, 0x4E2D, 0x6587}, "ihqwctvzc91f659drss3x8bo0yb", "Chinese (traditional):"}, - {22, {0x0050, 0x0072, 0x006F, 0x010D, 0x0070, 0x0072, 0x006F, 0x0073, 0x0074, 0x011B, 0x006E, 0x0065, 0x006D, 0x006C, 0x0075, 0x0076, 0x00ED, 0x010D, 0x0065, 0x0073, 0x006B, 0x0079}, "Proprostnemluvesky-uyb24dma41a", "Czech: Pro<ccaron>prost<ecaron>nemluv<iacute><ccaron>esky"}, - {22, {0x05DC, 0x05DE, 0x05D4, 0x05D4, 0x05DD, 0x05E4, 0x05E9, 0x05D5, 0x05D8, 0x05DC, 0x05D0, 0x05DE, 0x05D3, 0x05D1, 0x05E8, 0x05D9, 0x05DD, 0x05E2, 0x05D1, 0x05E8, 0x05D9, 0x05EA}, "4dbcagdahymbxekheh6e0a7fei0b", "Hebrew:"}, - {30, {0x092F, 0x0939, 0x0932, 0x094B, 0x0917, 0x0939, 0x093F, 0x0928, 0x094D, 0x0926, 0x0940, 0x0915, 0x094D, 0x092F, 0x094B, 0x0902, 0x0928, 0x0939, 0x0940, 0x0902, 0x092C, 0x094B, 0x0932, 0x0938, 0x0915, 0x0924, 0x0947, 0x0939, 0x0948, 0x0902}, "i1baa7eci9glrd9b2ae1bj0hfcgg6iyaf8o0a1dig0cd", "Hindi (Devanagari):"}, - {18, {0x306A, 0x305C, 0x307F, 0x3093, 0x306A, 0x65E5, 0x672C, 0x8A9E, 0x3092, 0x8A71, 0x3057, 0x3066, 0x304F, 0x308C, 0x306A, 0x3044, 0x306E, 0x304B}, "n8jok5ay5dzabd5bym9f0cm5685rrjetr6pdxa", "Japanese (kanji and hiragana):"}, - {24, {0xC138, 0xACC4, 0xC758, 0xBAA8, 0xB4E0, 0xC0AC, 0xB78C, 0xB4E4, 0xC774, 0xD55C, 0xAD6D, 0xC5B4, 0xB97C, 0xC774, 0xD574, 0xD55C, 0xB2E4, 0xBA74, 0xC5BC, 0xB9C8, 0xB098, 0xC88B, 0xC744, 0xAE4C}, "989aomsvi5e83db1d2a355cv1e0vak1dwrv93d5xbh15a0dt30a5jpsd879ccm6fea98c", "Korean (Hangul syllables):"}, - {28, {0x043F, 0x043E, 0x0447, 0x0435, 0x043C, 0x0443, 0x0436, 0x0435, 0x043E, 0x043D, 0x0438, 0x043D, 0x0435, 0x0433, 0x043E, 0x0432, 0x043E, 0x0440, 0x044F, 0x0442, 0x043F, 0x043E, 0x0440, 0x0443, 0x0441, 0x0441, 0x043A, 0x0438}, "b1abfaaepdrnnbgefbaDotcwatmq2g4l", "Russian (Cyrillic):"}, - {40, {0x0050, 0x006F, 0x0072, 0x0071, 0x0075, 0x00E9, 0x006E, 0x006F, 0x0070, 0x0075, 0x0065, 0x0064, 0x0065, 0x006E, 0x0073, 0x0069, 0x006D, 0x0070, 0x006C, 0x0065, 0x006D, 0x0065, 0x006E, 0x0074, 0x0065, 0x0068, 0x0061, 0x0062, 0x006C, 0x0061, 0x0072, 0x0065, 0x006E, 0x0045, 0x0073, 0x0070, 0x0061, 0x00F1, 0x006F, 0x006C}, "PorqunopuedensimplementehablarenEspaol-fmd56a", "Spanish: Porqu<eacute>nopuedensimplementehablarenEspa<ntilde>ol"}, - {31, {0x0054, 0x1EA1, 0x0069, 0x0073, 0x0061, 0x006F, 0x0068, 0x1ECD, 0x006B, 0x0068, 0x00F4, 0x006E, 0x0067, 0x0074, 0x0068, 0x1EC3, 0x0063, 0x0068, 0x1EC9, 0x006E, 0x00F3, 0x0069, 0x0074, 0x0069, 0x1EBF, 0x006E, 0x0067, 0x0056, 0x0069, 0x1EC7, 0x0074}, "TisaohkhngthchnitingVit-kjcr8268qyxafd2f1b9g", "Vietnamese:"}, - {8, {0x0033, 0x5E74, 0x0042, 0x7D44, 0x91D1, 0x516B, 0x5148, 0x751F}, "3B-ww4c5e180e575a65lsy2b", "3<nen>B<gumi><kinpachi><sensei>"}, - {24, {0x5B89, 0x5BA4, 0x5948, 0x7F8E, 0x6075, 0x002D, 0x0077, 0x0069, 0x0074, 0x0068, 0x002D, 0x0053, 0x0055, 0x0050, 0x0045, 0x0052, 0x002D, 0x004D, 0x004F, 0x004E, 0x004B, 0x0045, 0x0059, 0x0053}, "-with-SUPER-MONKEYS-pc58ag80a8qai00g7n9n", "<amuro><namie>-with-SUPER-MONKEYS"}, - {25, {0x0048, 0x0065, 0x006C, 0x006C, 0x006F, 0x002D, 0x0041, 0x006E, 0x006F, 0x0074, 0x0068, 0x0065, 0x0072, 0x002D, 0x0057, 0x0061, 0x0079, 0x002D, 0x305D, 0x308C, 0x305E, 0x308C, 0x306E, 0x5834, 0x6240}, "Hello-Another-Way--fc4qua05auwb3674vfr0b", "Hello-Another-Way-<sorezore><no><basho>"}, - {8, {0x3072, 0x3068, 0x3064, 0x5C4B, 0x6839, 0x306E, 0x4E0B, 0x0032}, "2-u9tlzr9756bt3uc0v", "<hitotsu><yane><no><shita>2"}, - {13, {0x004D, 0x0061, 0x006A, 0x0069, 0x3067, 0x004B, 0x006F, 0x0069, 0x3059, 0x308B, 0x0035, 0x79D2, 0x524D}, "MajiKoi5-783gue6qz075azm5e", "Maji<de>Koi<suru>5<byou><mae>"}, - {9, {0x30D1, 0x30D5, 0x30A3, 0x30FC, 0x0064, 0x0065, 0x30EB, 0x30F3, 0x30D0}, "de-jg4avhby1noc0d", "<pafii>de<runba>"}, - {7, {0x305D, 0x306E, 0x30B9, 0x30D4, 0x30FC, 0x30C9, 0x3067}, "d9juau41awczczp", "<sono><supiido><de>"}, - {11, {0x002D, 0x003E, 0x0020, 0x0024, 0x0031, 0x002E, 0x0030, 0x0030, 0x0020, 0x003C, 0x002D}, "-> $1.00 <--", "-> $1.00 <-"}, + {17, {0x0644,0x064A,0x0647,0x0645,0x0627,0x0628,0x062A,0x0643,0x0644,0x0645,0x0648,0x0634,0x0639,0x0631,0x0628,0x064A,0x061F}, "egbpdaj6bu4bxfgehfvwxn", "Arabic (Egyptian):"}, + {9, {0x4ED6,0x4EEC,0x4E3A,0x4EC0,0x4E48,0x4E0D,0x8BF4,0x4E2D,0x6587}, "ihqwcrb4cv8a8dqg056pqjye", "Chinese (simplified):"}, + {9, {0x4ED6,0x5011,0x7232,0x4EC0,0x9EBD,0x4E0D,0x8AAA,0x4E2D,0x6587}, "ihqwctvzc91f659drss3x8bo0yb", "Chinese (traditional):"}, + {22, {0x0050,0x0072,0x006F,0x010D,0x0070,0x0072,0x006F,0x0073,0x0074,0x011B,0x006E,0x0065,0x006D,0x006C,0x0075,0x0076,0x00ED,0x010D,0x0065,0x0073,0x006B,0x0079}, "Proprostnemluvesky-uyb24dma41a", "Czech: Pro<ccaron>prost<ecaron>nemluv<iacute><ccaron>esky"}, + {22, {0x05DC,0x05DE,0x05D4,0x05D4,0x05DD,0x05E4,0x05E9,0x05D5,0x05D8,0x05DC,0x05D0,0x05DE,0x05D3,0x05D1,0x05E8,0x05D9,0x05DD,0x05E2,0x05D1,0x05E8,0x05D9,0x05EA}, "4dbcagdahymbxekheh6e0a7fei0b", "Hebrew:"}, + {30, {0x092F,0x0939,0x0932,0x094B,0x0917,0x0939,0x093F,0x0928,0x094D,0x0926,0x0940,0x0915,0x094D,0x092F,0x094B,0x0902,0x0928,0x0939,0x0940,0x0902,0x092C,0x094B,0x0932,0x0938,0x0915,0x0924,0x0947,0x0939,0x0948,0x0902}, "i1baa7eci9glrd9b2ae1bj0hfcgg6iyaf8o0a1dig0cd", "Hindi (Devanagari):"}, + {18, {0x306A,0x305C,0x307F,0x3093,0x306A,0x65E5,0x672C,0x8A9E,0x3092,0x8A71,0x3057,0x3066,0x304F,0x308C,0x306A,0x3044,0x306E,0x304B}, "n8jok5ay5dzabd5bym9f0cm5685rrjetr6pdxa", "Japanese (kanji and hiragana):"}, + {24, {0xC138,0xACC4,0xC758,0xBAA8,0xB4E0,0xC0AC,0xB78C,0xB4E4,0xC774,0xD55C,0xAD6D,0xC5B4,0xB97C,0xC774,0xD574,0xD55C,0xB2E4,0xBA74,0xC5BC,0xB9C8,0xB098,0xC88B,0xC744,0xAE4C}, "989aomsvi5e83db1d2a355cv1e0vak1dwrv93d5xbh15a0dt30a5jpsd879ccm6fea98c", "Korean (Hangul syllables):"}, + {28, {0x043F,0x043E,0x0447,0x0435,0x043C,0x0443,0x0436,0x0435,0x043E,0x043D,0x0438,0x043D,0x0435,0x0433,0x043E,0x0432,0x043E,0x0440,0x044F,0x0442,0x043F,0x043E,0x0440,0x0443,0x0441,0x0441,0x043A,0x0438}, "b1abfaaepdrnnbgefbaDotcwatmq2g4l", "Russian (Cyrillic):"}, + {40, {0x0050,0x006F,0x0072,0x0071,0x0075,0x00E9,0x006E,0x006F,0x0070,0x0075,0x0065,0x0064,0x0065,0x006E,0x0073,0x0069,0x006D,0x0070,0x006C,0x0065,0x006D,0x0065,0x006E,0x0074,0x0065,0x0068,0x0061,0x0062,0x006C,0x0061,0x0072,0x0065,0x006E,0x0045,0x0073,0x0070,0x0061,0x00F1,0x006F,0x006C}, "PorqunopuedensimplementehablarenEspaol-fmd56a", "Spanish: Porqu<eacute>nopuedensimplementehablarenEspa<ntilde>ol"}, + {31, {0x0054,0x1EA1,0x0069,0x0073,0x0061,0x006F,0x0068,0x1ECD,0x006B,0x0068,0x00F4,0x006E,0x0067,0x0074,0x0068,0x1EC3,0x0063,0x0068,0x1EC9,0x006E,0x00F3,0x0069,0x0074,0x0069,0x1EBF,0x006E,0x0067,0x0056,0x0069,0x1EC7,0x0074}, "TisaohkhngthchnitingVit-kjcr8268qyxafd2f1b9g", "Vietnamese:"}, + {8, {0x0033,0x5E74,0x0042,0x7D44,0x91D1,0x516B,0x5148,0x751F}, "3B-ww4c5e180e575a65lsy2b", "3<nen>B<gumi><kinpachi><sensei>"}, + {24, {0x5B89,0x5BA4,0x5948,0x7F8E,0x6075,0x002D,0x0077,0x0069,0x0074,0x0068,0x002D,0x0053,0x0055,0x0050,0x0045,0x0052,0x002D,0x004D,0x004F,0x004E,0x004B,0x0045,0x0059,0x0053}, "-with-SUPER-MONKEYS-pc58ag80a8qai00g7n9n", "<amuro><namie>-with-SUPER-MONKEYS"}, + {25, {0x0048,0x0065,0x006C,0x006C,0x006F,0x002D,0x0041,0x006E,0x006F,0x0074,0x0068,0x0065,0x0072,0x002D,0x0057,0x0061,0x0079,0x002D,0x305D,0x308C,0x305E,0x308C,0x306E,0x5834,0x6240}, "Hello-Another-Way--fc4qua05auwb3674vfr0b", "Hello-Another-Way-<sorezore><no><basho>"}, + {8, {0x3072,0x3068,0x3064,0x5C4B,0x6839,0x306E,0x4E0B,0x0032}, "2-u9tlzr9756bt3uc0v", "<hitotsu><yane><no><shita>2"}, + {13, {0x004D,0x0061,0x006A,0x0069,0x3067,0x004B,0x006F,0x0069,0x3059,0x308B,0x0035,0x79D2,0x524D}, "MajiKoi5-783gue6qz075azm5e", "Maji<de>Koi<suru>5<byou><mae>"}, + {9, {0x30D1,0x30D5,0x30A3,0x30FC,0x0064,0x0065,0x30EB,0x30F3,0x30D0}, "de-jg4avhby1noc0d", "<pafii>de<runba>"}, + {7, {0x305D,0x306E,0x30B9,0x30D4,0x30FC,0x30C9,0x3067}, "d9juau41awczczp", "<sono><supiido><de>"}, + {11, {0x002D,0x003E,0x0020,0x0024,0x0031,0x002E,0x0030,0x0030,0x0020,0x003C,0x002D}, "-> $1.00 <--", "-> $1.00 <-"}, }; const size_t punycode_examples_size = 19; diff --git a/lib/wind/punycode_examples.h b/lib/wind/punycode_examples.h index a9e527b0e803..3f4ced096b9e 100644 --- a/lib/wind/punycode_examples.h +++ b/lib/wind/punycode_examples.h @@ -1,5 +1,5 @@ /* ./punycode_examples.h */ -/* Automatically generated at 2017-12-08T03:21:15.326321 */ +/* Automatically generated at 2019-06-07T02:40:18.438347 */ #ifndef PUNYCODE_EXAMPLES_H #define PUNYCODE_EXAMPLES_H 1 diff --git a/lib/wind/stringprep.py b/lib/wind/stringprep.py index 249b1dc2a1ca..cff4d02a7b6d 100644 --- a/lib/wind/stringprep.py +++ b/lib/wind/stringprep.py @@ -57,7 +57,7 @@ def symbols(tabledict, tables): list = list + tabledict.get(x, []) if len(list) == 0: return "" - return "|".join(map(lambda x: "WIND_PROFILE_%s" % (string.upper(x)), list)) + return "|".join(map(lambda x: "WIND_PROFILE_%s" % (x.upper()), list)) def get_errorlist(): d = dict() |