10 changes: 6 additions & 4 deletions kdc/pkinit.c
Original file line number Diff line number Diff line change
Expand Up @@ -477,7 +477,7 @@ _kdc_pk_rd_padata(krb5_context context,

type = "PK-INIT-Win2k";

if (_kdc_is_anon_request(&req->req_body)) {
if (_kdc_is_anonymous(context, client->entry.principal)) {
ret = KRB5_KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED;
krb5_set_error_message(context, ret,
"Anon not supported in RSA mode");
Expand Down Expand Up @@ -623,7 +623,7 @@ _kdc_pk_rd_padata(krb5_context context,
hx509_certs signer_certs;
int flags = HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH; /* BTMM */

if (_kdc_is_anon_request(&req->req_body))
if (_kdc_is_anonymous(context, client->entry.principal))
flags |= HX509_CMS_VS_ALLOW_ZERO_SIGNER;

ret = hx509_cms_verify_signed(context->hx509ctx,
Expand Down Expand Up @@ -708,7 +708,7 @@ _kdc_pk_rd_padata(krb5_context context,
goto out;
}

if (_kdc_is_anon_request(&req->req_body) &&
if (_kdc_is_anonymous(context, client->entry.principal) &&
ap.clientPublicValue == NULL) {
free_AuthPack(&ap);
ret = KRB5_KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED;
Expand Down Expand Up @@ -1676,8 +1676,10 @@ _kdc_pk_check_client(krb5_context context,
size_t i;

if (cp->cert == NULL) {
if (!_kdc_is_anonymous(context, client->entry.principal))
return KRB5KDC_ERR_BADOPTION;

*subject_name = strdup("anonymous client client");
*subject_name = strdup("<unauthenticated anonymous client>");
if (*subject_name == NULL)
return ENOMEM;
return 0;
Expand Down
3 changes: 3 additions & 0 deletions kuser/kgetcred.1
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@
.Op Fl Fl no-transit-check
.Op Fl Fl no-store
.Op Fl Fl cached-only
.Op Fl n \*(Ba Fl Fl anonymous
.Op Fl Fl version
.Op Fl Fl help
.Ar principal
Expand Down Expand Up @@ -135,6 +136,8 @@ requests that the KDC doesn't do transit checking.
do not store tickets in the ccache.
.It Fl Fl cached-only
do not talk the TGS, search only the ccache.
.It Fl Fl anonymous
obtain an anonymous service ticket.
.It Fl Fl forwardable
.It Fl Fl debug
enables debug output to stderr.
Expand Down
5 changes: 5 additions & 0 deletions kuser/kgetcred.c
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ static char *impersonate_str;
static char *nametype_str;
static int store_flag = 1;
static int cached_only_flag;
static int anonymous_flag;
static int debug_flag;
static int version_flag;
static int help_flag;
Expand Down Expand Up @@ -76,6 +77,8 @@ struct getargs args[] = {
NP_("don't store the tickets obtained in the cache", ""), NULL },
{ "cached-only", 0, arg_flag, &cached_only_flag,
NP_("don't talk to the KDC, just search the cache", ""), NULL },
{ "anonymous", 'n', arg_flag, &anonymous_flag,
NP_("request an anonymous ticket", ""), NULL },
{ "debug", 0, arg_flag, &debug_flag, NULL, NULL },
{ "version", 0, arg_flag, &version_flag, NULL, NULL },
{ "help", 0, arg_flag, &help_flag, NULL, NULL }
Expand Down Expand Up @@ -176,6 +179,8 @@ main(int argc, char **argv)
krb5_get_creds_opt_add_options(context, opt, KRB5_GC_NO_STORE);
if (cached_only_flag)
krb5_get_creds_opt_add_options(context, opt, KRB5_GC_CACHED);
if (anonymous_flag)
krb5_get_creds_opt_add_options(context, opt, KRB5_GC_ANONYMOUS);

if (delegation_cred_str) {
krb5_ccache id;
Expand Down
8 changes: 6 additions & 2 deletions kuser/kimpersonate.c
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,9 @@ encode_ticket(krb5_context context,
et.flags = cred->flags.b;
et.key = cred->session;
et.crealm = cred->client->realm;
copy_PrincipalName(&cred->client->name, &et.cname);
ret = copy_PrincipalName(&cred->client->name, &et.cname);
if (ret)
krb5_err(context, 1, ret, "copy_PrincipalName");
{
krb5_data empty_string;

Expand Down Expand Up @@ -127,7 +129,9 @@ encode_ticket(krb5_context context,

ticket.tkt_vno = 5;
ticket.realm = cred->server->realm;
copy_PrincipalName(&cred->server->name, &ticket.sname);
ret = copy_PrincipalName(&cred->server->name, &ticket.sname);
if (ret)
krb5_err(context, 1, ret, "copy_PrincipalName");

ASN1_MALLOC_ENCODE(Ticket, buf, len, &ticket, &size, ret);
if(ret)
Expand Down
12 changes: 7 additions & 5 deletions kuser/kinit.1
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@
.Op Fl Fl password-file= Ns Ar filename
.Op Fl Fl fcache-version= Ns Ar version-number
.Op Fl A | Fl Fl no-addresses
.Op Fl Fl anonymous
.Op Fl n | Fl Fl anonymous
.Op Fl Fl enterprise
.Op Fl Fl version
.Op Fl Fl help
Expand Down Expand Up @@ -165,10 +165,12 @@ in
.Xr krb5.conf 5 .
.It Fl A , Fl Fl no-addresses
Request a ticket with no addresses.
.It Fl Fl anonymous
Request an anonymous ticket (which means that the ticket will be
issued to an anonymous principal, typically
.Dq anonymous@REALM ) .
.It Fl n , Fl Fl anonymous
Request an anonymous ticket. If the principal is specified as @REALM, then
anonymous PKINIT will be used to acquire an unauthenticated anonymous ticket
and both the client name and realm in the returned ticket will be anonymized.
Otherwise, authentication proceeds as normal and the anonymous ticket will have
only the client name anonymized.
.It Fl Fl enterprise
Parse principal as a enterprise (KRB5-NT-ENTERPRISE) name. Enterprise
names are email like principals that are stored in the name part of
Expand Down
42 changes: 28 additions & 14 deletions kuser/kinit.c
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,7 @@ static struct getargs args[] = {
{ "extra-addresses",'a', arg_strings, &extra_addresses,
NP_("include these extra addresses", ""), "addresses" },

{ "anonymous", 0, arg_flag, &anonymous_flag,
{ "anonymous", 'n', arg_flag, &anonymous_flag,
NP_("request an anonymous ticket", ""), NULL },

{ "request-pac", 0, arg_flag, &pac_flag,
Expand Down Expand Up @@ -383,7 +383,7 @@ renew_validate(krb5_context context,

out:
if (tempccache)
krb5_cc_close(context, tempccache);
krb5_cc_destroy(context, tempccache);
if (out)
krb5_free_creds(context, out);
krb5_free_cred_contents(context, &in);
Expand Down Expand Up @@ -430,7 +430,8 @@ get_new_tickets(krb5_context context,
krb5_principal principal,
krb5_ccache ccache,
krb5_deltat ticket_life,
int interactive)
int interactive,
int anonymous_pkinit)
{
krb5_error_code ret;
krb5_creds cred;
Expand Down Expand Up @@ -528,15 +529,15 @@ get_new_tickets(krb5_context context,
krb5_get_init_creds_opt_set_canonicalize(context, opt, TRUE);
if (pk_enterprise_flag || enterprise_flag || canonicalize_flag || windows_flag)
krb5_get_init_creds_opt_set_win2k(context, opt, TRUE);
if (pk_user_id || ent_user_id || anonymous_flag) {
if (pk_user_id || ent_user_id || anonymous_pkinit) {
ret = krb5_get_init_creds_opt_set_pkinit(context, opt,
principal,
pk_user_id,
pk_x509_anchors,
NULL,
NULL,
pk_use_enckey ? 2 : 0 |
anonymous_flag ? 4 : 0,
pk_use_enckey ? KRB5_GIC_OPT_PKINIT_USE_ENCKEY : 0 |
anonymous_pkinit ? KRB5_GIC_OPT_PKINIT_ANONYMOUS : 0,
prompter,
NULL,
passwd);
Expand Down Expand Up @@ -628,7 +629,8 @@ get_new_tickets(krb5_context context,
krb5_warn(context, ret, "krb5_init_creds_set_keytab");
goto out;
}
} else if (pk_user_id || ent_user_id || anonymous_flag) {
} else if (pk_user_id || ent_user_id ||
_krb5_principal_is_anonymous(context, principal, KRB5_ANON_MATCH_ANY)) {

} else if (!interactive && passwd[0] == '\0') {
static int already_warned = 0;
Expand Down Expand Up @@ -779,7 +781,7 @@ get_new_tickets(krb5_context context,
if (ctx)
krb5_init_creds_free(context, ctx);
if (tempccache)
krb5_cc_close(context, tempccache);
krb5_cc_destroy(context, tempccache);

if (enctype)
free(enctype);
Expand Down Expand Up @@ -923,7 +925,7 @@ renew_func(void *ptr)
server_str, ctx->ticket_life);
} else {
ret = get_new_tickets(ctx->context, ctx->principal, ctx->ccache,
ctx->ticket_life, 0);
ctx->ticket_life, 0, 0);
}
expire = ticket_lifetime(ctx->context, ctx->ccache, ctx->principal,
server_str, &renew_expire);
Expand Down Expand Up @@ -1222,6 +1224,8 @@ main(int argc, char **argv)
#ifdef HAVE_SIGACTION
struct sigaction sa;
#endif
krb5_boolean unique_ccache = FALSE;
int anonymous_pkinit = FALSE;

setprogname(argv[0]);

Expand Down Expand Up @@ -1271,15 +1275,16 @@ main(int argc, char **argv)

pk_user_id = NULL;

} else if (anonymous_flag) {
} else if (anonymous_flag && argc && argv[0][0] == '@') {
/* If principal argument as @REALM, try anonymous PKINIT */

ret = krb5_make_principal(context, &principal, argv[0],
ret = krb5_make_principal(context, &principal, &argv[0][1],
KRB5_WELLKNOWN_NAME, KRB5_ANON_NAME,
NULL);
if (ret)
krb5_err(context, 1, ret, "krb5_make_principal");
krb5_principal_set_type(context, principal, KRB5_NT_WELLKNOWN);

anonymous_pkinit = TRUE;
} else if (use_keytab || keytab_str) {
get_princ_kt(context, &principal, argv[0]);
} else {
Expand Down Expand Up @@ -1311,6 +1316,7 @@ main(int argc, char **argv)
krb5_cc_get_type(context, ccache),
krb5_cc_get_name(context, ccache));
setenv("KRB5CCNAME", s, 1);
unique_ccache = TRUE;
} else {
ret = krb5_cc_cache_match(context, principal, &ccache);
if (ret) {
Expand All @@ -1330,6 +1336,8 @@ main(int argc, char **argv)
krb5_cc_close(context, ccache);
ret = get_switched_ccache(context, type, principal,
&ccache);
if (ret == 0)
unique_ccache = TRUE;
}
}
}
Expand Down Expand Up @@ -1378,12 +1386,18 @@ main(int argc, char **argv)
krb5_afslog(context, ccache, NULL, NULL);
#endif

if (unique_ccache)
krb5_cc_destroy(context, ccache);
exit(ret != 0);
}

ret = get_new_tickets(context, principal, ccache, ticket_life, 1);
if (ret)
ret = get_new_tickets(context, principal, ccache, ticket_life,
1, anonymous_pkinit);
if (ret) {
if (unique_ccache)
krb5_cc_destroy(context, ccache);
exit(1);
}

#ifndef NO_AFS
if (ret == 0 && server_str == NULL && do_afslog && k_hasafs())
Expand Down
4 changes: 2 additions & 2 deletions kuser/klist.c
Original file line number Diff line number Diff line change
Expand Up @@ -403,7 +403,7 @@ display_tokens(int do_verbose)
continue;
t[min(parms.out_size,sizeof(t)-1)] = 0;
memcpy(&size_secret_tok, r, sizeof(size_secret_tok));
/* dont bother about the secret token */
/* don't bother about the secret token */
r += size_secret_tok + sizeof(size_secret_tok);
if (parms.out_size < (r - t) + sizeof(size_public_tok))
continue;
Expand All @@ -413,7 +413,7 @@ display_tokens(int do_verbose)
continue;
memcpy(&ct, r, size_public_tok);
r += size_public_tok;
/* there is a int32_t with length of cellname, but we dont read it */
/* there is a int32_t with length of cellname, but we don't read it */
r += sizeof(int32_t);
cell = r;

Expand Down
1 change: 1 addition & 0 deletions kuser/kuser_locl.h
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@
#include <parse_time.h>
#include <err.h>
#include <krb5.h>
#include "krb5_locl.h"

#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
#include <sys/ioctl.h>
Expand Down
2 changes: 1 addition & 1 deletion lib/gssapi/krb5/test_sequence.c
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ OM_uint32 pattern6[] = {
50, 51, 52, 53, 54, 55, 56, 57, 58, 59
};

/* dont start at 0 */
/* don't start at 0 */
OM_uint32 pattern7[] = {
11, 12, 13
};
Expand Down
155 changes: 89 additions & 66 deletions lib/hcrypto/evp-pkcs11.c
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@
#include <ref/pkcs11.h>

#if __sun && !defined(PKCS11_MODULE_PATH)
# if _LP64
# ifdef _LP64
# define PKCS11_MODULE_PATH "/usr/lib/64/libpkcs11.so"
# else
# define PKCS11_MODULE_PATH "/usr/lib/libpkcs11.so"
Expand All @@ -87,19 +87,18 @@ p11_cleanup(EVP_CIPHER_CTX *ctx);
struct pkcs11_cipher_ctx {
CK_SESSION_HANDLE hSession;
CK_OBJECT_HANDLE hSecret;
int cipher_init_done;
};

struct pkcs11_md_ctx {
CK_SESSION_HANDLE hSession;
};

static void *pkcs11_module_handle;
static void
p11_module_init_once(void *context)

static CK_RV
p11_module_load(CK_FUNCTION_LIST_PTR_PTR ppFunctionList)
{
CK_RV rv;
CK_FUNCTION_LIST_PTR module;
CK_RV (*C_GetFunctionList_fn)(CK_FUNCTION_LIST_PTR_PTR);

if (!issuid()) {
Expand All @@ -109,7 +108,7 @@ p11_module_init_once(void *context)
dlopen(pkcs11ModulePath,
RTLD_LAZY | RTLD_LOCAL | RTLD_GROUP | RTLD_NODELETE);
if (pkcs11_module_handle == NULL)
fprintf(stderr, "p11_module_init(%s): %s\n", pkcs11ModulePath, dlerror());
fprintf(stderr, "p11_module_load(%s): %s\n", pkcs11ModulePath, dlerror());
}
}
#ifdef PKCS11_MODULE_PATH
Expand All @@ -118,43 +117,57 @@ p11_module_init_once(void *context)
dlopen(PKCS11_MODULE_PATH,
RTLD_LAZY | RTLD_LOCAL | RTLD_GROUP | RTLD_NODELETE);
if (pkcs11_module_handle == NULL)
fprintf(stderr, "p11_module_init(%s): %s\n", PKCS11_MODULE_PATH, dlerror());
fprintf(stderr, "p11_module_load(%s): %s\n", PKCS11_MODULE_PATH, dlerror());
}
#endif
if (pkcs11_module_handle == NULL)
goto cleanup;
return CKR_LIBRARY_LOAD_FAILED;

C_GetFunctionList_fn = (CK_RV (*)(CK_FUNCTION_LIST_PTR_PTR))
dlsym(pkcs11_module_handle, "C_GetFunctionList");
if (C_GetFunctionList_fn == NULL)
goto cleanup;
if (C_GetFunctionList_fn == NULL) {
dlclose(pkcs11_module_handle);
return CKR_LIBRARY_LOAD_FAILED;
}

rv = C_GetFunctionList_fn(&module);
if (rv != CKR_OK)
goto cleanup;
rv = C_GetFunctionList_fn(ppFunctionList);
if (rv != CKR_OK) {
dlclose(pkcs11_module_handle);
return rv;
}

rv = module->C_Initialize(NULL);
if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED)
rv = CKR_OK;
if (rv == CKR_OK)
*((CK_FUNCTION_LIST_PTR_PTR)context) = module;
return CKR_OK;
}

cleanup:
if (pkcs11_module_handle != NULL && p11_module == NULL) {
dlclose(pkcs11_module_handle);
pkcs11_module_handle = NULL;
}
/* else leak pkcs11_module_handle */
static void
p11_module_load_once(void *context)
{
p11_module_load((CK_FUNCTION_LIST_PTR_PTR)context);
}

static CK_RV
p11_module_init(void)
{
static heim_base_once_t init_module = HEIM_BASE_ONCE_INIT;
static heim_base_once_t once = HEIM_BASE_ONCE_INIT;
CK_RV rv;

heim_base_once_f(&init_module, &p11_module, p11_module_init_once);
heim_base_once_f(&once, &p11_module, p11_module_load_once);

return p11_module != NULL ? CKR_OK : CKR_LIBRARY_LOAD_FAILED;
if (p11_module == NULL)
return CKR_LIBRARY_LOAD_FAILED;

/*
* Call C_Initialize() on every call, because it will be invalid after fork().
* Caching the initialization status using a once control and invalidating it
* on fork provided no measurable performance benefit on Solaris 11. Other
* approaches would not be thread-safe or would involve more intrusive code
* changes, such as exposing heimbase's atomics.
*/
rv = p11_module->C_Initialize(NULL);
if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED)
rv = CKR_OK;

return rv;
}

static CK_RV
Expand Down Expand Up @@ -281,20 +294,43 @@ p11_key_init(EVP_CIPHER_CTX *ctx,
{ CKA_VALUE, (void *)key, ctx->key_len },
{ op, &bTrue, sizeof(bTrue) }
};
CK_MECHANISM mechanism = {
mechanismType,
ctx->cipher->iv_len ? ctx->iv : NULL,
ctx->cipher->iv_len
};
struct pkcs11_cipher_ctx *p11ctx = (struct pkcs11_cipher_ctx *)ctx->cipher_data;
p11ctx->cipher_init_done = 0;

rv = p11_session_init(mechanismType, &p11ctx->hSession);
if (rv != CKR_OK)
goto cleanup;
rv = CKR_OK;

assert(p11_module != NULL);
if (p11ctx->hSession != CK_INVALID_HANDLE && key != NULL)
p11_cleanup(ctx); /* refresh session with new key */

rv = p11_module->C_CreateObject(p11ctx->hSession, attributes,
sizeof(attributes) / sizeof(attributes[0]),
&p11ctx->hSecret);
if (rv != CKR_OK)
goto cleanup;
if (p11ctx->hSession == CK_INVALID_HANDLE) {
rv = p11_session_init(mechanismType, &p11ctx->hSession);
if (rv != CKR_OK)
goto cleanup;
}

if (key != NULL) {
assert(p11_module != NULL);
assert(p11ctx->hSecret == CK_INVALID_HANDLE);

rv = p11_module->C_CreateObject(p11ctx->hSession, attributes,
sizeof(attributes) / sizeof(attributes[0]),
&p11ctx->hSecret);
if (rv != CKR_OK)
goto cleanup;
}

if (p11ctx->hSecret != CK_INVALID_HANDLE) {
if (op == CKA_ENCRYPT)
rv = p11_module->C_EncryptInit(p11ctx->hSession, &mechanism, p11ctx->hSecret);
else
rv = p11_module->C_DecryptInit(p11ctx->hSession, &mechanism, p11ctx->hSecret);
if (rv != CKR_OK)
goto cleanup;
}

cleanup:
if (rv != CKR_OK)
Expand All @@ -310,37 +346,17 @@ p11_do_cipher(EVP_CIPHER_CTX *ctx,
unsigned int size)
{
struct pkcs11_cipher_ctx *p11ctx = (struct pkcs11_cipher_ctx *)ctx->cipher_data;
CK_RV rv = CKR_OK;
CK_RV rv;
CK_ULONG ulCipherTextLen = size;
CK_MECHANISM_TYPE mechanismType = (CK_MECHANISM_TYPE)ctx->cipher->app_data;
CK_MECHANISM mechanism = {
mechanismType,
ctx->cipher->iv_len ? ctx->iv : NULL,
ctx->cipher->iv_len
};

assert(p11_module != NULL);
/* The EVP layer only ever calls us with complete cipher blocks */
assert(EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_STREAM_CIPHER ||
(size % ctx->cipher->block_size) == 0);

if (ctx->encrypt) {
if (!p11ctx->cipher_init_done) {
rv = p11_module->C_EncryptInit(p11ctx->hSession, &mechanism, p11ctx->hSecret);
if (rv == CKR_OK)
p11ctx->cipher_init_done = 1;
}
if (rv == CKR_OK)
rv = p11_module->C_EncryptUpdate(p11ctx->hSession, (unsigned char *)in, size, out, &ulCipherTextLen);
} else {
if (!p11ctx->cipher_init_done) {
rv = p11_module->C_DecryptInit(p11ctx->hSession, &mechanism, p11ctx->hSecret);
if (rv == CKR_OK)
p11ctx->cipher_init_done = 1;
}
if (rv == CKR_OK)
rv = p11_module->C_DecryptUpdate(p11ctx->hSession, (unsigned char *)in, size, out, &ulCipherTextLen);
}
if (ctx->encrypt)
rv = p11_module->C_EncryptUpdate(p11ctx->hSession, (unsigned char *)in, size, out, &ulCipherTextLen);
else
rv = p11_module->C_DecryptUpdate(p11ctx->hSession, (unsigned char *)in, size, out, &ulCipherTextLen);

return rv == CKR_OK;
}
Expand All @@ -350,8 +366,6 @@ p11_cleanup(EVP_CIPHER_CTX *ctx)
{
struct pkcs11_cipher_ctx *p11ctx = (struct pkcs11_cipher_ctx *)ctx->cipher_data;

assert(p11_module != NULL);

if (p11ctx->hSecret != CK_INVALID_HANDLE) {
p11_module->C_DestroyObject(p11ctx->hSession, p11ctx->hSecret);
p11ctx->hSecret = CK_INVALID_HANDLE;
Expand All @@ -364,12 +378,18 @@ p11_cleanup(EVP_CIPHER_CTX *ctx)
return 1;
}

static int
p11_md_cleanup(EVP_MD_CTX *ctx);

static int
p11_md_hash_init(CK_MECHANISM_TYPE mechanismType, EVP_MD_CTX *ctx)
{
struct pkcs11_md_ctx *p11ctx = (struct pkcs11_md_ctx *)ctx;
CK_RV rv;

if (p11ctx->hSession != CK_INVALID_HANDLE)
p11_md_cleanup(ctx);

rv = p11_session_init(mechanismType, &p11ctx->hSession);
if (rv == CKR_OK) {
CK_MECHANISM mechanism = { mechanismType, NULL, 0 };
Expand All @@ -389,8 +409,11 @@ p11_md_update(EVP_MD_CTX *ctx, const void *data, size_t length)
CK_RV rv;

assert(p11_module != NULL);
assert(data != NULL || length == 0);

rv = p11_module->C_DigestUpdate(p11ctx->hSession, (unsigned char *)data, length);
rv = p11_module->C_DigestUpdate(p11ctx->hSession,
data ? (CK_BYTE_PTR)data : (CK_BYTE_PTR)"",
length);

return rv == CKR_OK;
}
Expand Down Expand Up @@ -435,7 +458,7 @@ p11_md_cleanup(EVP_MD_CTX *ctx)
block_size, \
key_len, \
iv_len, \
flags, \
(flags) | EVP_CIPH_ALWAYS_CALL_INIT, \
p11_key_init, \
p11_do_cipher, \
p11_cleanup, \
Expand Down
10 changes: 10 additions & 0 deletions lib/hcrypto/evp-wincng.c
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,11 @@ wincng_key_init(EVP_CIPHER_CTX *ctx,
if (ctx->cipher->app_data == NULL)
return 0;

if (cng->hKey) {
BCryptDestroyKey(cng->hKey); /* allow reinitialization */
cng->hKey = (BCRYPT_KEY_HANDLE)0;
}

/*
* Note: ctx->key_len not EVP_CIPHER_CTX_key_length() for
* variable length key support.
Expand Down Expand Up @@ -570,6 +575,11 @@ wincng_md_hash_init(BCRYPT_ALG_HANDLE hAlgorithm,
NTSTATUS status;
ULONG cbData;

if (cng->hHash) {
BCryptDestroyHash(cng->hHash); /* allow reinitialization */
cng->hHash = (BCRYPT_HASH_HANDLE)0;
}

status = BCryptGetProperty(hAlgorithm,
BCRYPT_OBJECT_LENGTH,
(PUCHAR)&cng->cbHashObject,
Expand Down
2 changes: 1 addition & 1 deletion lib/hcrypto/evp.h
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,7 @@ struct hc_CIPHER {
#define hc_EVP_CTRL_INIT 0x0

#define hc_EVP_CIPH_VARIABLE_LENGTH 0x008 /* variable key length */
#define hc_EVP_CIPH_ALWAYS_CALL_INIT 0x020
#define hc_EVP_CIPH_ALWAYS_CALL_INIT 0x020 /* backend maintains own cipherstate */
#define hc_EVP_CIPH_RAND_KEY 0x200

int (*init)(EVP_CIPHER_CTX*,const unsigned char*,const unsigned char*,int);
Expand Down
3 changes: 2 additions & 1 deletion lib/hx509/Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -392,7 +392,8 @@ EXTRA_DIST = \
data/ocsp-resp2.der \
data/ocsp-responder.crt \
data/ocsp-responder.key \
data/openssl.cnf \
data/openssl.1.0.cnf \
data/openssl.1.1.cnf \
data/pkinit-proxy-chain.crt \
data/pkinit-proxy.crt \
data/pkinit-proxy.key \
Expand Down
2 changes: 1 addition & 1 deletion lib/hx509/cms.c
Original file line number Diff line number Diff line change
Expand Up @@ -537,7 +537,7 @@ hx509_cms_unenvelope(hx509_context context,
*
* @param context A hx509 context.
* @param flags flags to control the behavior.
* - HX509_CMS_EV_NO_KU_CHECK - Dont check KU on certificate
* - HX509_CMS_EV_NO_KU_CHECK - Don't check KU on certificate
* - HX509_CMS_EV_ALLOW_WEAK - Allow weak crytpo
* - HX509_CMS_EV_ID_NAME - prefer issuer name and serial number
* @param cert Certificate to encrypt the EnvelopedData encryption key
Expand Down
43 changes: 30 additions & 13 deletions lib/hx509/data/ca.crt
Original file line number Diff line number Diff line change
@@ -1,15 +1,32 @@
-----BEGIN CERTIFICATE-----
MIICbDCCAdWgAwIBAgIJAJky3mEOQBmKMA0GCSqGSIb3DQEBBQUAMCoxGzAZBgNV
BAMMEmh4NTA5IFRlc3QgUm9vdCBDQTELMAkGA1UEBhMCU0UwHhcNMDkwNDI2MjAy
OTQwWhcNMTkwNDI0MjAyOTQwWjAqMRswGQYDVQQDDBJoeDUwOSBUZXN0IFJvb3Qg
Q0ExCzAJBgNVBAYTAlNFMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC50xtn
HPdeJoE7gv8DpEO1smMLiVhD/j3gOH2TdLutIaQp2TR58xyMWtaw1xnqzK/gqEAC
HZHxrDaw+wi9zJrht27uCmm/bSvuIIJhBvIYzIkRZH6y/0fRO1Jz61rAA6ZLx0B+
vOEOZUQ/QIsCglQE2cwsZwG2FoLYM1MX196NXQIDAQABo4GZMIGWMB0GA1UdDgQW
BBRuSBPcv4uVTBPzH5cw3SeWWZsOaDBaBgNVHSMEUzBRgBRuSBPcv4uVTBPzH5cw
3SeWWZsOaKEupCwwKjEbMBkGA1UEAwwSaHg1MDkgVGVzdCBSb290IENBMQswCQYD
VQQGEwJTRYIJAJky3mEOQBmKMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgHmMA0G
CSqGSIb3DQEBBQUAA4GBAFKb5A7uwl238bpH4/6vPVEQ/egNFFgFNqfr2AXlJ29R
uOyQ2QPhvJyTOCFcr05se2xlqZLNlO+orpASFHgtoxWqQvHZRGQsPMC9OkjYgEWL
0XmC4A/fCDxgIW8xR5iuL8uxobnBo3FeSsJn32YKUbWtYAXbAtQa0rlOAQgrw1ev
MIIFczCCA1ugAwIBAgIJAI34CtjBcJHEMA0GCSqGSIb3DQEBCwUAMCoxGzAZBgNV
BAMMEmh4NTA5IFRlc3QgUm9vdCBDQTELMAkGA1UEBhMCU0UwIBcNMTkwMzIyMjIy
NTAxWhgPMjUxODExMjEyMjI1MDFaMCoxGzAZBgNVBAMMEmh4NTA5IFRlc3QgUm9v
dCBDQTELMAkGA1UEBhMCU0UwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQDE4gbVQ/vlPFU2W62rukqiUkJ/EIDo1HE4r+xpxO12Ke45NtqSep0d2FfSvEu8
dhot1jWIkijF7B/bFuB0LyFryCAV/zlU9rLoadCmur5ONIgXRm7eW19wxo5YRD4C
A1IRwvT+Axz0TC3eyquUN1C0r7ZWbiOY8uQy3Sjfar16Z3TtqlKgo4R/yF7dIPJO
OVHaznC+xsfLsYE2r9PqbTjBF3O1pIhwV9oA3tfs23EtvcZBP3y3LSsjnKaF0b/N
XmjLNW9hbmAfN+16TEMOlVZvBjUPO3CC/GU0PJzm1/FqyzXWeRx5FZNi7fCPKg8J
9QDAgK5mMn+ZPazuUt70uxUFrnRLCjCia/TgC+t2d+3AqsnRlYnLYDv/MeP/QwqH
GK3+WuAS6uqXZMtilDhY+oiMTZ4vDHvwzJ5q3UhIpWXj5cSGWAxQurKgUsjT9sta
gGmXlBauMYSzFM5T+TXica1qE7dNXjXr2sTy9BHIp+aWJuGkX9rSx8tHwbkIkVTp
4UCZ+QoxBRaSmiuyFPM77yg6wZBuSuRRN/BNKvAhuJaE1MdA+vobbyyNbv56MU0+
WI4ucD+b08JmJp3k+fgM0fKXBQlEL4mp7zeUoLmC1yCy48Zk1foPZTRH9pIGB/zU
z4B8o20NmereB9bX0IjJ6eqMDqvAZWZ99Nf16Q3X88T88wIDAQABo4GZMIGWMB0G
A1UdDgQWBBRTuMwJxp9C6tXkdCC0Ze1o+J21BTBaBgNVHSMEUzBRgBRTuMwJxp9C
6tXkdCC0Ze1o+J21BaEupCwwKjEbMBkGA1UEAwwSaHg1MDkgVGVzdCBSb290IENB
MQswCQYDVQQGEwJTRYIJAI34CtjBcJHEMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQD
AgHmMA0GCSqGSIb3DQEBCwUAA4ICAQCdea8Tx/1vuQCqn2AOmIzEO9xgmaY3opl9
0Px82DafNuFFJu9WlPrsKeADtSqpA/MwBjL8K+T3dhL4Bxhq8jed0gGsS3C3xFTl
/RJbnFiLuveMErPTEtxaRYpa3oibQ15eJbDq533Is1x8oeK6NnHB6St3nboST0f3
6SeAsoeHrI16eUEJQ3UKJYJlxATEqOpeaWwdlT6jF9u0WyENz0ijD0b9FPY/zq6D
zx47Zd5F6aisrtKNXFjB9/oHV6jOh9OGxz6WfT1z2AZ+69jEm+xE8coq4nyWcJrS
cf7ENBIw1Rknpxk3/H1p0q+Zze5/JBYlKOtEML1dwRIRquVgfhcI/tOq7m5jUxTl
/6dW8FCnuEFBnUvUrZ0Hv3g2jvHElpPjYkLwZyKFYyvY/G+xCZAiqaYZ2kQqRmti
KvSfh8fJlV2Jj2aDI1I4JjACG7LYBe7WXCs7TccRrhnx/RUY7cpJwEQrIOKBq8wx
DD58oPgvkmNPP5lZcFARjnWcY8xS9KzT+KaZWM3ZPefg3Vk//3HfwZfDE3Y7IMgu
quuLcpeGtMDyurnm6piUdPITt8yW+MMJR8V+PeF0zLdN4dA0nuJpZWZ3fvnevmAL
jh/ia0LuzkhVSj1R1dXXopZevazh/tmAuKU9BbeYGvwI1RFXVvyzpGRfMbgaze3Q
tIrreKeFxg==
-----END CERTIFICATE-----
64 changes: 50 additions & 14 deletions lib/hx509/data/ca.key
Original file line number Diff line number Diff line change
@@ -1,16 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALnTG2cc914mgTuC
/wOkQ7WyYwuJWEP+PeA4fZN0u60hpCnZNHnzHIxa1rDXGerMr+CoQAIdkfGsNrD7
CL3MmuG3bu4Kab9tK+4ggmEG8hjMiRFkfrL/R9E7UnPrWsADpkvHQH684Q5lRD9A
iwKCVATZzCxnAbYWgtgzUxfX3o1dAgMBAAECgYAT8QS6zw/4yZcKxOcLBADEKe2Z
GlcfjNQlEMrhHSDa1oZge0+3WpCQu1rYxWyhlu+04zljQLsdvUZtPbNVcvSX36Br
RuP/6Z5UCn/9YYv69Hv006PoBUWkVLQ4LFZLX1QD1HcyPGdr7GyDweD6n/CgTkrW
nZVw8nVP/dStf1aeIQJBANr6LnKHr2Hd5p004XaHJcNjcFronW3QnLFozZH3WKWI
t1ug6McwBXuk0io+Zz9ituZ8NabV9AdQKTuVVWORPxUCQQDZPgGvIepGaMuthoE4
D+54BisUjWWkL/w3MTdh2jkwo1foCXvW1kKKBVbLzGNRYlp5lglx33HWekP7wdxe
0mcpAkEA2HD1PAtVlTyKV9UPDeMjtm8xfQnzobnTR6A5oQ+FNYlfA1iW/Vs/8CjH
+y1XTFW8RzF6rn9IB3p6ZwSCNDo6yQJAX6D0+tPyHdZpulQYM8aHkdwdQKnRkUny
O5V1rKR0Ql3VB3aNRhABMGKTR5kMKzohW55ZQAA9S018+ajnyfHSqQJBALSUXIk0
C+owiDiHu50Q6xFTJr3EmtudKplUCQTZ9xktNxAK08suxJd1UYeOFxkBuviRFvi8
BuD/JDKYITDMrZA=
MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDE4gbVQ/vlPFU2
W62rukqiUkJ/EIDo1HE4r+xpxO12Ke45NtqSep0d2FfSvEu8dhot1jWIkijF7B/b
FuB0LyFryCAV/zlU9rLoadCmur5ONIgXRm7eW19wxo5YRD4CA1IRwvT+Axz0TC3e
yquUN1C0r7ZWbiOY8uQy3Sjfar16Z3TtqlKgo4R/yF7dIPJOOVHaznC+xsfLsYE2
r9PqbTjBF3O1pIhwV9oA3tfs23EtvcZBP3y3LSsjnKaF0b/NXmjLNW9hbmAfN+16
TEMOlVZvBjUPO3CC/GU0PJzm1/FqyzXWeRx5FZNi7fCPKg8J9QDAgK5mMn+ZPazu
Ut70uxUFrnRLCjCia/TgC+t2d+3AqsnRlYnLYDv/MeP/QwqHGK3+WuAS6uqXZMti
lDhY+oiMTZ4vDHvwzJ5q3UhIpWXj5cSGWAxQurKgUsjT9stagGmXlBauMYSzFM5T
+TXica1qE7dNXjXr2sTy9BHIp+aWJuGkX9rSx8tHwbkIkVTp4UCZ+QoxBRaSmiuy
FPM77yg6wZBuSuRRN/BNKvAhuJaE1MdA+vobbyyNbv56MU0+WI4ucD+b08JmJp3k
+fgM0fKXBQlEL4mp7zeUoLmC1yCy48Zk1foPZTRH9pIGB/zUz4B8o20NmereB9bX
0IjJ6eqMDqvAZWZ99Nf16Q3X88T88wIDAQABAoICAQCD8TXDFpxpM9WnaCkrPN1n
itklbln1rulxo/Q7rc21ssQDc89m+uTwa1vvzmCzHDLPJQ8bR1gry+JNYTdqpWsw
YB2goDo7xlh/iOpb0ipXHr1VW85RFcsQOQCMBq/HiZImdRDaahutXKAg/pGd8rQT
Yu4/XfBdP+nObIhHsbDppwules+E+BCD0jRA3SOFaMSCbncAYxbiW0LM82iBYlD2
llDlGi6Vm0pt6umpwiZHETcb4wAhghO2+fRfGgIAD5ULGfRaxy2DvmdX3mPSEiKq
pO5KFvt/zMXGDBjaWz1e5HBgGyoJu3vagLsGNpl9gsPOPm6h7pW0jLCnxsHEINwk
lGbhCR9ubaZMCNuwEppPNeusURG35XiSEHC4fBPhlG6pB737a6ih/w9dwOkLuijJ
X3vOaVj2K5waExi72uij+GnZBylemOTAy9lE3xlUzhO74h9F8DuoJHMxXKU5a24L
/hmnnIYHOJpHQIfcfkMIx9VuG/qsug+DdOxlgByT6hbkRbX2gGSP3iqy7XUnb2g0
3QQdyQpz8wJ2x568EAAC0HKhQj2fcL1L5lpM5xpbg6s87o50reMhcAogb2mGjx3Q
r8u9PJeYgJ5FOqu0zLbenWkb4OLtLz6kHhOdimkCrybL+bLQFdl9lNAOqgVuJxyT
NaClP+v9lAACBkONihU8AQKCAQEA9hxExY0NXFDZHiLq4M4DG79BthLWLi4QFZI5
2vpzrS5kT90rptAzBenTBWdUifAI8JPkq2R8VKB8j7F5YELQ9UTmoT+qMGEslQ1p
RTE8fZln6UhLUIv5tTwhL6Afbs2Faz7Vd7rUq9eUkyxsjxtZe5cPH1dGplx0iPQI
QQ1OasSWc8TmZWXRvcRWe5vWiJLFZKt6fJZWYyBBvu8L7PZ6QR5Oa2EO1UTPPX+W
7+BwsoH9Bguv+hYliKEReN8SIfOF9E/OElrNooy7eANFTQ3pNEou68rqpzX4jgdW
G4Nnsu9rkO8K+bb+/MLBvdxrEiKrNb+xwcVOFaJNqz6aNMC14QKCAQEAzMtbIpig
dLUha3QXrXIsEjH/hlGx0c6Q9VH/toQbBNE4LOrS4QlurX3iRz79tNYLYdwLrZ2Q
+tK31/ilX/hGIiA1w6fHcrQokddMJhhGoR6nSUiybs+75Ac01xHDSYXCo/YOkr8m
HOtRWi+0qJqzU4sticPwi2YStM6L2gNpEDU9FQTG/wgLLHPxDEjRpkhmgQbt8nEQ
M+amXK1othrZVSTJl1hREF11DkzhkZYyGgY4ifAyAOPW7z5K0nS2drV8PExFSkr+
2eriVvavu/40WbvadhTy1cyVL7N3svzY34TgwqsXX1Stz8dQBa+uImt9gxmZIK9I
reONiErKBhClUwKCAQEAjY1IyM8OBjDCECFJMq+K/iSM6OoAomMAAUgvWpF+gvcR
3xV4i+Nn1VjddFgwOX4Dxktp1GJhWFNOEV+kTgdgJBHTDJ+PhW/+smQaTh+5iQv4
xiY8m0FHCERjWf8g1RwERuDG6qxcsdG2tMdyUQUL/JevrPkHu5ulszeYn8HFfoc/
eaqgUWW0sw8AJuxFAhxYyEQQmSPm3/Cnn+fh1hMV0epadExIucVv5RFDgQh4CVPW
cem6935RbDon0HuM9FYaj6BvCAOODpYfJTHMZDtCDD82qYv2VuIl6ZqynfSAalxm
Y9/5UhM8qahiwo7KTo3+J1XwKWEQPkUxovLIwtqsQQKCAQEAgMgwWyUXYcy1Y1jx
usRdKmP+h3zAEWuQhHQ4FZIlW3YlmTlhutmvm7HZpWvbJuii57r0LQ00qkXwDgPy
GtOJZtRSeuL67QqVqIB3Bk2lvJQGJnNsoXpIcTCG7efhok5XA7wrleRWF0FzOv9c
39nIgvS2gjeRAFgD02c/Uq1qWCLicmE6sg1g2WdfYZY5IBPPQbwVzauDwN9+JjF1
824W1Q/5JQ8Iiv36Ki/2eRK2Ft9qlnNRPnYIJxJJAucaBrRBl7luqTVX5blq87zU
7acBTJxw2Gh7/C5WclStJQUTbBunK0NjwzMAyfRQQgMjwclOeC6UuJUBYzgBPH+r
Yvz8uQKCAQA8WchJ0UQmOP98voo0cnIX0lcZcddwzdsZm78p1PrXqmsrxnlmRILA
wZ5okzIzEqu1Xltu5DS/CAAWdRkY/2LFGty1dW5UR47xsWE7fMf4dbPeOcBxgfh4
sQgG7KcWY9mw3PZ4PmPP63nRC/1Ws/+dlvpNA77BjyHH7laTVZbUadS/0bCzhJG0
RW27r5UcPV8IhKTNU8iOxvaN2U0N2RaaxZ8AaYj8UEeMlFp91DXYa5SCWY1yM0c7
QYpO3EtSLj+ECk09lDzQBPUo4jzb5CoTFYDEdXr8Rt4I/r03fkOwHslWUzXVyqRe
xC/DrYbFBHh4yQWuQPsmCbi6OkGKDvwA
-----END PRIVATE KEY-----
20 changes: 14 additions & 6 deletions lib/hx509/data/crl1.crl
Original file line number Diff line number Diff line change
@@ -1,8 +1,16 @@
-----BEGIN X509 CRL-----
MIIBBDBvMA0GCSqGSIb3DQEBBQUAMCoxGzAZBgNVBAMMEmh4NTA5IFRlc3QgUm9v
dCBDQTELMAkGA1UEBhMCU0UXDTA5MDQyNjIwMjk0MVoXDTE5MDMwNTIwMjk0MVow
FDASAgEDFw0wOTA0MjYyMDI5NDFaMA0GCSqGSIb3DQEBBQUAA4GBAGXXCNeUIctd
TfKIUIpMbtHnUXYLA8hcB+6Iyc24VR3m+HNYx9XT6Qp6hY4Wg8Qq4p+0KFTxz4JU
XLTZWduvgB9+AL+ECXIUmx4FHkgwwq5+AyYygDqzYOVJszJ9hNp7HHthobObrRm4
Q6hn748UG1nd4gp7zKB7ReLvLYff411G
MIIChTBvMA0GCSqGSIb3DQEBBQUAMCoxGzAZBgNVBAMMEmh4NTA5IFRlc3QgUm9v
dCBDQTELMAkGA1UEBhMCU0UXDTE5MDMyMjIyMjUxNloXDTI5MDEyODIyMjUxNlow
FDASAgEDFw0xOTAzMjIyMjI1MTZaMA0GCSqGSIb3DQEBBQUAA4ICAQBCM4u2dByD
hPsQUpPAPsZ/a7tPdvkgmcLtk2CFhtJqtDBT96SAr0tVpcpIbZoB0tH/MvJfhAaR
AOLrgdmrwlKaIbq3uyEDIghRlRiG2WXX+gsP9yK1xS6AuQnXS8Pnyng0xo2V8fMy
UCN+gKvO70O6dqcDApU1Tt5jxkPFACBYSSMsuunrjWGuttKGebJJGeBzU+PYt7bZ
7CT2BgsLgl5J2DL6KO9tGjDmlGKKC2joF1PDkjzbIfs389eyOZqJu/3Q4EtBFzad
Yz0DAEDzDrn7dj53NJp6dxbqOM86woak37dtDG5Mwu8KTQEGpfsqdofQf39nluJu
70NHJrXP+9IQ7Tvb3bakZbyigw7J9PBXaHyImXN/gejYD/FQjghnmS2QU72JsSKT
3nAN3I6MRAEIhoaxForCl3f+uHgtvQBBITSIUdnGaTZnI0mXrkHS9H4eWWJREZbc
wBqKGZxbfy8ZbPaKv75Zzj0ZMns7vNybUqLEE/OcwrEjd/pCLwWZ6KzgtS1t22TU
o3H26GNLzMQvg/1dVsRZWrkWxAjVNHtUIXXbmBOvSii3BX7jPIfH1bCZrfsl0xrS
BsqhtIZj74hyTV1FX79CdFu0Ag/ugtzY4K8rdIu9kaPe2Ju6ulQBtpmCK++H7szP
48fJOwV1aKzJGVCH61kSGc8ljyGjDEDn4Q==
-----END X509 CRL-----
Binary file modified lib/hx509/data/crl1.der
Binary file not shown.
27 changes: 17 additions & 10 deletions lib/hx509/data/gen-req.sh
100644 → 100755
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,20 @@

openssl=openssl

# workaround until openssl -objects lands
if ${openssl} version | grep '^OpenSSL 1\.[1-9]' >/dev/null ; then
config=openssl.1.1.cnf
else
config=openssl.1.0.cnf
fi

gen_cert()
{
keytype=${6:-rsa:1024}
keytype=${6:-rsa:4096}
${openssl} req \
-new \
-subj "$1" \
-config openssl.cnf \
-config ${config} \
-newkey $keytype \
-sha1 \
-nodes \
Expand All @@ -23,9 +30,9 @@ gen_cert()
if [ "$3" = "ca" ] ; then
${openssl} x509 \
-req \
-days 3650 \
-days 182500 \
-in cert.req \
-extfile openssl.cnf \
-extfile ${config} \
-extensions $4 \
-signkey out.key \
-out cert.crt
Expand All @@ -39,27 +46,27 @@ gen_cert()
${openssl} x509 \
-req \
-in cert.req \
-days 3650 \
-days 182500 \
-out cert.crt \
-CA $2.crt \
-CAkey $2.key \
-CAcreateserial \
-extfile openssl.cnf \
-extfile ${config} \
-extensions $4

name=$5
else

${openssl} ca \
-name $4 \
-days 3650 \
-days 182500 \
-cert $2.crt \
-keyfile $2.key \
-in cert.req \
-out cert.crt \
-outdir . \
-batch \
-config openssl.cnf
-config ${config}

name=$3
fi
Expand Down Expand Up @@ -109,7 +116,7 @@ ${openssl} ca \
-cert ca.crt \
-keyfile ca.key \
-revoke revoke.crt \
-config openssl.cnf
-config ${config}

${openssl} pkcs12 \
-export \
Expand Down Expand Up @@ -348,6 +355,6 @@ ${openssl} ca \
-cert ca.crt \
-crl_reason superseded \
-out crl1.crl \
-config openssl.cnf
-config ${config}

${openssl} crl -in crl1.crl -outform der -out crl1.der
129 changes: 96 additions & 33 deletions lib/hx509/data/https.crt
Original file line number Diff line number Diff line change
Expand Up @@ -2,52 +2,115 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9 (0x9)
Signature Algorithm: sha1WithRSAEncryption
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=hx509 Test Root CA, C=SE
Validity
Not Before: Apr 26 20:29:41 2009 GMT
Not After : Apr 24 20:29:41 2019 GMT
Not Before: Mar 22 22:25:10 2019 GMT
Not After : Nov 21 22:25:10 2518 GMT
Subject: C=SE, CN=www.test.h5l.se
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Public-Key: (4096 bit)
Modulus:
00:c6:f4:94:25:2b:d5:fa:e9:3d:00:a9:46:24:f1:
bf:fe:61:df:bd:cc:da:74:b7:f9:36:c1:ce:51:d2:
01:6f:79:ba:b3:4a:d5:a4:43:5a:c7:ad:e4:e0:50:
e2:a6:bf:54:73:ad:a5:86:0a:bd:56:c4:4f:b5:f5:
7f:7e:fe:10:78:17:e2:35:4c:bb:cc:4b:74:35:d0:
ab:63:b1:02:72:94:a7:9a:dc:10:ef:28:82:a9:6c:
dc:19:8d:b8:3e:5b:21:52:1f:88:51:a6:5a:f8:67:
cd:cb:48:6f:f5:8b:71:7c:4d:52:da:bb:f9:26:8a:
27:9c:7e:8a:d1:99:54:35:7f
00:bb:ca:85:9c:3d:6b:5a:21:1b:2c:84:35:48:37:
bc:13:62:93:ff:7b:be:49:40:e2:36:b5:7a:54:a4:
e3:0f:b1:87:29:de:6b:7d:86:ec:b6:25:c5:9c:dc:
13:06:57:4c:80:1b:86:f0:ac:e6:64:8f:aa:63:cc:
28:49:5c:84:09:b8:0f:31:99:dd:36:d2:42:b5:aa:
df:31:f6:27:ca:c2:4c:50:11:5b:01:94:17:da:2a:
5c:21:e5:b5:81:23:69:3e:4f:1d:08:48:95:57:30:
77:96:ae:9b:78:87:10:e4:6d:90:e8:78:ad:19:41:
3d:b8:91:1c:b6:04:78:52:e5:e4:3f:28:df:01:13:
da:aa:cb:24:cf:f5:93:f9:02:b8:c5:dc:47:fb:79:
e5:de:9e:19:b3:28:ab:2d:bd:73:48:0f:71:0a:b6:
81:5a:6d:02:6d:9c:c8:c3:14:d5:82:bf:19:b8:d0:
6f:58:32:6c:76:91:f3:07:6b:25:4a:59:f4:2d:c9:
8d:da:ee:cc:30:5b:5b:d8:f3:0d:63:28:8d:9c:df:
21:b5:3a:41:e0:55:d0:5f:f1:32:45:0b:6b:40:b6:
d8:43:0c:7b:28:3d:2d:7c:40:19:a2:e0:d6:a2:0b:
32:65:a3:81:e9:1c:e5:6a:f6:61:7c:66:fa:c6:10:
bf:5d:1d:d9:c1:1a:67:fb:a0:43:15:ff:f5:40:5a:
0c:8a:4b:48:38:d5:c7:77:48:19:f7:21:de:73:17:
97:cf:03:d7:c3:84:22:38:ae:f2:be:d2:61:af:37:
38:31:41:01:97:58:93:ba:80:da:bb:00:33:a8:2b:
98:34:80:8b:00:1e:83:02:c4:26:3f:5c:51:a9:29:
e3:ac:b1:36:31:57:87:43:94:57:3a:17:f4:6d:34:
bf:23:b6:a2:56:d2:b7:72:7e:35:34:d9:58:46:c1:
64:2d:3f:e7:ff:e4:fd:42:11:d9:04:98:ba:9d:88:
ec:e7:ae:bb:11:42:fd:00:cb:24:17:27:94:2c:a0:
34:df:18:8b:7a:bc:39:55:6c:02:3b:44:cf:a4:42:
f3:e3:81:5b:d6:90:8e:78:d7:3f:4c:ef:6c:de:4d:
7e:41:ce:87:8f:c0:38:a4:57:05:63:32:85:c3:de:
88:aa:8c:0b:04:df:c3:86:64:4c:19:91:e1:e4:b2:
f8:f6:f3:fe:93:c3:3e:c1:b1:74:b4:72:ff:88:94:
8d:34:a3:b0:9d:55:aa:fe:bc:bc:41:55:49:8a:f1:
ee:dd:fa:0e:a1:fa:b9:71:a7:d5:fc:b7:fc:ab:c2:
af:8f:bd:6e:48:ec:54:f0:f8:a8:b4:d7:6c:11:0e:
f9:16:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Subject Key Identifier:
8A:BB:2D:06:4B:BD:DE:9A:BA:7C:5A:35:D0:E2:19:37:48:29:0E:9C
AA:3C:0D:95:CD:14:0A:9C:A5:2D:09:6E:EE:5B:43:A9:AF:3F:6E:54
Signature Algorithm: sha1WithRSAEncryption
90:35:ec:8c:f2:62:14:76:8a:29:52:99:44:c1:d7:c8:9e:74:
ef:90:4f:e7:ea:4d:cf:8f:c1:73:0c:d9:49:06:93:30:b0:19:
5e:de:9c:11:93:66:02:4d:8f:e9:8c:52:fc:26:26:9e:09:69:
a5:a7:63:d2:2d:40:de:e5:d8:d5:51:c3:32:60:6a:2f:26:13:
91:69:36:f6:67:e4:b0:54:9e:77:68:22:5f:51:b8:3c:42:bd:
e3:09:dc:11:9b:ed:db:63:df:90:57:38:00:90:be:89:e7:ea:
8e:d8:21:cd:96:68:69:4b:a3:15:50:ce:63:80:2a:99:4b:ff:
dd:1c
a3:ec:06:1b:66:b3:cb:a3:12:38:ef:30:dc:a6:a1:fc:d3:52:
d0:73:c8:a9:4d:0b:8e:02:2a:08:a6:4f:55:41:2f:46:2b:cf:
e9:04:07:9d:42:47:0d:88:64:1f:39:ae:d7:9b:30:43:47:f9:
ba:96:a8:2f:7a:6e:4b:22:9c:65:c7:9c:8c:c6:d2:f2:5f:a9:
fd:de:eb:9e:7a:13:b8:22:0c:59:15:90:ba:65:b7:08:3d:dd:
2e:e2:09:be:47:53:25:0a:8c:d3:e0:78:e9:1a:15:8e:32:b2:
5f:76:e1:68:3c:2f:33:3f:38:17:ff:3b:ad:43:b7:0e:87:08:
97:6b:8d:a7:6c:3b:de:1a:18:3d:5b:74:0b:87:03:8a:49:b0:
22:84:2a:72:f1:01:c3:b5:55:9e:4a:56:c1:96:6c:ba:9c:eb:
58:ce:4e:53:fd:b8:99:02:c1:d5:62:ef:b5:44:73:1c:c6:4f:
26:f9:8d:6b:e9:58:be:3c:4a:56:ef:65:6a:f5:71:1c:3b:8e:
f4:ae:43:44:ab:26:80:41:da:a9:6b:9b:63:49:bc:39:76:3b:
1e:fe:a5:24:0e:4c:59:51:9d:47:c4:ce:2b:90:65:e8:f8:ae:
ab:aa:14:cc:d2:4a:cf:85:20:40:dd:80:49:ea:7c:98:04:ee:
57:41:e6:bc:13:fc:28:5e:08:5c:ee:fa:1b:72:ea:80:e8:ba:
7e:d6:34:eb:fc:88:f1:16:42:b2:bb:22:9c:e0:36:84:23:f5:
20:86:dc:38:55:89:dc:0e:67:7c:c7:bb:2f:36:25:bc:ca:be:
2b:1c:79:26:79:2b:49:17:3c:76:02:cf:f9:e3:8a:3f:15:69:
2c:12:5c:99:93:85:11:c8:90:68:d6:f1:8d:87:30:bf:0d:ec:
89:9a:f4:48:cc:26:95:c7:65:cd:30:cc:d0:93:c3:80:3f:ad:
a6:fa:7c:88:82:53:0e:9b:16:c3:dd:27:9a:d0:99:05:fb:2d:
d0:e6:fa:08:92:46:ee:dd:44:9d:56:b2:95:52:99:db:5a:20:
16:c9:a7:a3:0b:a3:c5:d8:0a:b7:c2:cf:f7:95:a4:df:4c:f9:
2f:69:a0:27:6e:0f:85:3e:76:b4:3d:6b:f7:4a:de:1a:de:a4:
d3:01:91:f1:44:59:44:2c:93:15:52:99:da:6e:93:b8:da:54:
b5:06:ff:82:9b:cf:57:0c:7d:06:6b:ff:ce:b9:c9:47:62:c9:
15:f4:67:4e:57:12:74:d7:b5:31:53:cc:eb:d7:05:4d:34:58:
a9:5d:33:85:2d:72:6f:12:99:7e:60:63:27:05:74:8b:85:0c:
0b:f9:b3:b4:e7:f6:4e:4b
-----BEGIN CERTIFICATE-----
MIICADCCAWmgAwIBAgIBCTANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA5MDQyNjIwMjk0MVoXDTE5
MDQyNDIwMjk0MVowJzELMAkGA1UEBhMCU0UxGDAWBgNVBAMMD3d3dy50ZXN0Lmg1
bC5zZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxvSUJSvV+uk9AKlGJPG/
/mHfvczadLf5NsHOUdIBb3m6s0rVpENax63k4FDipr9Uc62lhgq9VsRPtfV/fv4Q
eBfiNUy7zEt0NdCrY7ECcpSnmtwQ7yiCqWzcGY24PlshUh+IUaZa+GfNy0hv9Ytx
fE1S2rv5JoonnH6K0ZlUNX8CAwEAAaM5MDcwCQYDVR0TBAIwADALBgNVHQ8EBAMC
BeAwHQYDVR0OBBYEFIq7LQZLvd6aunxaNdDiGTdIKQ6cMA0GCSqGSIb3DQEBBQUA
A4GBAJA17IzyYhR2iilSmUTB18iedO+QT+fqTc+PwXMM2UkGkzCwGV7enBGTZgJN
j+mMUvwmJp4JaaWnY9ItQN7l2NVRwzJgai8mE5FpNvZn5LBUnndoIl9RuDxCveMJ
3BGb7dtj35BXOACQvonn6o7YIc2WaGlLoxVQzmOAKplL/90c
MIIFBzCCAu+gAwIBAgIBCTANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMCAXDTE5MDMyMjIyMjUxMFoYDzI1
MTgxMTIxMjIyNTEwWjAnMQswCQYDVQQGEwJTRTEYMBYGA1UEAwwPd3d3LnRlc3Qu
aDVsLnNlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAu8qFnD1rWiEb
LIQ1SDe8E2KT/3u+SUDiNrV6VKTjD7GHKd5rfYbstiXFnNwTBldMgBuG8KzmZI+q
Y8woSVyECbgPMZndNtJCtarfMfYnysJMUBFbAZQX2ipcIeW1gSNpPk8dCEiVVzB3
lq6beIcQ5G2Q6HitGUE9uJEctgR4UuXkPyjfARPaqsskz/WT+QK4xdxH+3nl3p4Z
syirLb1zSA9xCraBWm0CbZzIwxTVgr8ZuNBvWDJsdpHzB2slSln0LcmN2u7MMFtb
2PMNYyiNnN8htTpB4FXQX/EyRQtrQLbYQwx7KD0tfEAZouDWogsyZaOB6RzlavZh
fGb6xhC/XR3ZwRpn+6BDFf/1QFoMiktIONXHd0gZ9yHecxeXzwPXw4QiOK7yvtJh
rzc4MUEBl1iTuoDauwAzqCuYNICLAB6DAsQmP1xRqSnjrLE2MVeHQ5RXOhf0bTS/
I7aiVtK3cn41NNlYRsFkLT/n/+T9QhHZBJi6nYjs5667EUL9AMskFyeULKA03xiL
erw5VWwCO0TPpELz44Fb1pCOeNc/TO9s3k1+Qc6Hj8A4pFcFYzKFw96IqowLBN/D
hmRMGZHh5LL49vP+k8M+wbF0tHL/iJSNNKOwnVWq/ry8QVVJivHu3foOofq5cafV
/Lf8q8Kvj71uSOxU8PiotNdsEQ75FqsCAwEAAaM5MDcwCQYDVR0TBAIwADALBgNV
HQ8EBAMCBeAwHQYDVR0OBBYEFKo8DZXNFAqcpS0Jbu5bQ6mvP25UMA0GCSqGSIb3
DQEBBQUAA4ICAQCj7AYbZrPLoxI47zDcpqH801LQc8ipTQuOAioIpk9VQS9GK8/p
BAedQkcNiGQfOa7XmzBDR/m6lqgvem5LIpxlx5yMxtLyX6n93uueehO4IgxZFZC6
ZbcIPd0u4gm+R1MlCozT4HjpGhWOMrJfduFoPC8zPzgX/zutQ7cOhwiXa42nbDve
Ghg9W3QLhwOKSbAihCpy8QHDtVWeSlbBlmy6nOtYzk5T/biZAsHVYu+1RHMcxk8m
+Y1r6Vi+PEpW72Vq9XEcO470rkNEqyaAQdqpa5tjSbw5djse/qUkDkxZUZ1HxM4r
kGXo+K6rqhTM0krPhSBA3YBJ6nyYBO5XQea8E/woXghc7vobcuqA6Lp+1jTr/Ijx
FkKyuyKc4DaEI/Ughtw4VYncDmd8x7svNiW8yr4rHHkmeStJFzx2As/544o/FWks
ElyZk4URyJBo1vGNhzC/DeyJmvRIzCaVx2XNMMzQk8OAP62m+nyIglMOmxbD3Sea
0JkF+y3Q5voIkkbu3USdVrKVUpnbWiAWyaejC6PF2Aq3ws/3laTfTPkvaaAnbg+F
Pna0PWv3St4a3qTTAZHxRFlELJMVUpnabpO42lS1Bv+Cm89XDH0Ga//OuclHYskV
9GdOVxJ017UxU8zr1wVNNFipXTOFLXJvEpl+YGMnBXSLhQwL+bO05/ZOSw==
-----END CERTIFICATE-----
64 changes: 50 additions & 14 deletions lib/hx509/data/https.key
Original file line number Diff line number Diff line change
@@ -1,16 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMb0lCUr1frpPQCp
RiTxv/5h373M2nS3+TbBzlHSAW95urNK1aRDWset5OBQ4qa/VHOtpYYKvVbET7X1
f37+EHgX4jVMu8xLdDXQq2OxAnKUp5rcEO8ogqls3BmNuD5bIVIfiFGmWvhnzctI
b/WLcXxNUtq7+SaKJ5x+itGZVDV/AgMBAAECgYBfO282I7d3NPGYQW5r/LPUBfFd
HpNqzy0hQr+JdqZtP61YaPe+eucXMWue29jBzE+WV4YllTpwL+Ofy3VNyjsDCIva
acqVrimYl5EAT1yiqvC1DNC0SvAfEsBlpMJr7w8F4M7wbSxvGIWjRVeZtLd7H4pw
8ooDNZNlcXPyrBozQQJBAPGxPPiO66EpiN66ffRiqnof1lGUFaZPqBKYF/M3mybt
X7vMKQsrQpdNQTbtR2u42yBUJGw4trhIn1qDInkgXfECQQDSu61Z/m5xRVlBk3mj
QMqSVX+FoD3WtSry003lcxGfNsuguJtYHXHHhPbPNMUaDEtErkbUMQHNFX5mEjGp
0RpvAkEAwbDhhOy8pw5rMtvP3w9HQdHL5tq/MuY5cpVS9EaG335yL0VhSyMjHa/6
6HLlvs2JRnJIMjaNMEh69IWNFfc7cQJBAIOzIy3BI0jLLHMdNcHfdjpqEJ50fPE4
nDTR9jbV6Ud1uWEivoMdM8SbxpvMwPn8gPXVbRKj5hpDupEUAdG9iyUCQQCNSVcl
NREl42G5ZQ2Q+zYtYIJbe9SAxu7WcfzctFleRbmKPLqrcnCLWenWWHtrzZLRgFhw
rLiglEkVDRXivfhq
MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC7yoWcPWtaIRss
hDVIN7wTYpP/e75JQOI2tXpUpOMPsYcp3mt9huy2JcWc3BMGV0yAG4bwrOZkj6pj
zChJXIQJuA8xmd020kK1qt8x9ifKwkxQEVsBlBfaKlwh5bWBI2k+Tx0ISJVXMHeW
rpt4hxDkbZDoeK0ZQT24kRy2BHhS5eQ/KN8BE9qqyyTP9ZP5ArjF3Ef7eeXenhmz
KKstvXNID3EKtoFabQJtnMjDFNWCvxm40G9YMmx2kfMHayVKWfQtyY3a7swwW1vY
8w1jKI2c3yG1OkHgVdBf8TJFC2tAtthDDHsoPS18QBmi4NaiCzJlo4HpHOVq9mF8
ZvrGEL9dHdnBGmf7oEMV//VAWgyKS0g41cd3SBn3Id5zF5fPA9fDhCI4rvK+0mGv
NzgxQQGXWJO6gNq7ADOoK5g0gIsAHoMCxCY/XFGpKeOssTYxV4dDlFc6F/RtNL8j
tqJW0rdyfjU02VhGwWQtP+f/5P1CEdkEmLqdiOznrrsRQv0AyyQXJ5QsoDTfGIt6
vDlVbAI7RM+kQvPjgVvWkI541z9M72zeTX5BzoePwDikVwVjMoXD3oiqjAsE38OG
ZEwZkeHksvj28/6Twz7BsXS0cv+IlI00o7CdVar+vLxBVUmK8e7d+g6h+rlxp9X8
t/yrwq+PvW5I7FTw+Ki012wRDvkWqwIDAQABAoICAQCUxRFqQGIeieGsN6S6bKUL
umnC2XZbNBLCAq1CB0p2sU6CBdmkHVLDzlKqPNK5kEljp+sUGfV/ryzuWNuFmsxj
orQuuFU+y/3bS938B6VohNrOB6HQM1FeHXbVx9Qt1S7YFPbMDCx7YUMsVXGHX4Er
Zf2JnaiMPFo4MIXNUOc9zTAwNSHOCbuO2NZ2BXhPqi9VWHiSKfTIkvmLLGnIF7EP
YmRMd18skvV8ftuxaHzpUpl/B2leNrwkhuVAeEqXh4HhEC7YRZvvp0CxM4PkjUj7
AO4EU33CylkE2ODZP/2cy/2xyF5891Jkf6ePmI2Q3Ev1pz4QvjqlrUB3vGForfXa
4fLUY+UjmIUPrfF81qryfVbie96wcXIKLEa9osnd/vSJLvs5jrKtpuN1z2lsonz+
kwwV3lBVeL+DtBJnpGV0qHGaa0GFxjtQKtVPm2HMjPpk0oUh1lAnv4rfdxR0QQIP
JWhYTt6TfqvClmvKKNuu1O8WGw7ngpUniqenWvHXmgnZtfuVMUvjn55nPWSyV2gf
r1qRSYZQKlgzCOrCvX1+tXpRfsYqdQccxgBnxrnXTBknwvIEbFbK/QrLnfUnskuQ
GHbTJUsM3wXChFsx3l4HsxuJG8hbvk5ayX64R8WKzw4tcE78b+vII489GjjuSqdp
L5uniS8kOO99OqZydUiYeQKCAQEA+ALfEEa70OzH5rJxGEbQu34LB3rQTMGONKrc
dbdO2MWfsnIJsmybSYOH1YHT2DdUe9aQUNvlu8CVQKEElyG3YPHDR2a0/9roMmy+
89vw0OScpqjdhl6ULiyzJGM0f23HfbpugBNRhAdrSK02aPDQrenw8Yuk9abhFi+k
V3VOd+q3Vx9QZ+5BIugqBnWr+2P7tCUxr5sjp5Srj3iyEzH24Yt5OEGPq5GuM2T1
xYWmjJ5DkJEh5lG1/aeYjZAj4vHFkUZMnIH/A9EYcZG7cHXifwT1/o/SCRazLK1u
yTV5fJ2Cj5Fc4AtbNzR6nt8nQ3yYOpU/jiNRZZ3rz/PIMksTFwKCAQEAwdcRlA9u
mDkKQF2xcyFbdjE+FBz4ZdenpjBtoCOLlDJpOhC+rc7meCbnWfwV52dmMOEJVjj8
y/8Aa2+ZAIGm1GfFaYxR0kdqoiAmbNdUtqqIS0gqOngAZ3kgDBxWCW7vEtggE9wS
84Nb+2OrhuqxhEo4vJAtlqDLo8ajjgg1iwIrtjfuFGJsBfLiM/AR0E1ZUi6X+FDW
StGZfzwM9/3VNrJ2yzVXy1VKzS6nzX5OjzDlbdDXHl0XbEKXwkSMXrkfPCvqJmy1
R9Hiz4ajYnEBJ47SPuV6vfivV591HKEdVWGgS9ezh2wAG1yHUATlUHjFuaTjYJO1
efc5YXe3kFTljQKCAQEAz//4fHoWQp6S+NRnLWkW3mhTb658zCL41QsHYmKeagc0
bEBgCZg0lG8PmO0NcqTU4heNaYNDJTfa9R0V8HqChXe9w0BMRNifLMsvSu4HBer1
xoCRaYQg2qj6hWX+PXEggj29NwT8tLJUM9uxakmtem5dePcZHj0bQbQrLH5hlQjx
Qswsbz3OuyvjMw+1cVzlWKxpA1IlkQKK8ATVtGuPFpIW1CuIBuhjJQ9jYIk6qWyC
Vdiiibu12kqZEwD0V/1VKQXAcvJDojvXOEh031i+4LCUby7HhH/ZPXsnEvEaNn0T
Zr0PG4fqtF37CQs2rs7sDRXm+5p7RbIwd3OJT0TPeQKCAQBObUn7cdL5W/q92Cq3
vkNXKs1HLgGCkyKNpwJzzG3o5AyXJbdAc3nkGzl3uvrRyZAbLrGsZRpDH0V4Morh
HZP2VJYXAmMIhUSrm/5wAx+PWKgUbXpIdc0UEHna7IwS/QNVyIQSBPTV+cv5hnYb
/FEeiTkzcdJAI4bBGNmL2d5wA8zTyQVW0guKzJ6hDPzoHqOJELkECxDo7K0CQbWt
kNH3c3WE+mwvJK9DHSFfjz8RyGLLb7fZ3Shg8QCd5UY1/QiaO9pc+ZbPHCh8dqkc
Z0RkUPDX6dkji77F4QptLvLDXOCSTw+gNx5D88f7pD9zs6msVv54UMsYMeLRgLKQ
fwjxAoIBAQD3C6bhnfTvlphLX+Fq9ObNJNNIYm5+k5cWjgAYJG9ZbC/hbVE3ZUuL
kYynfu56rA73yb1TBJswpem1tEwDRCUfuEcgIWmjlKdQOMqVaW3EtZDDZpJyZJpQ
Vf4P46WCsM8pzDK2eYsy3IHRhJgrDMu+cLNOtq/7e1zeOtmPzutuZm5eo9KP7jJ2
bse1S5e5j2VwOeyHW5wUGer99JizbbcoSn4GkejRTj8I+SHsOu1kQzAV3pQCcvJe
4Kk7itN65RsZOxh5BShk+X3TIna8QholzxuqSi9aZdBUouUWXYHpM8ch8UDEXCy+
PJKGZjLpgXkldTcRw00N0NRePp73WR86
-----END PRIVATE KEY-----
135 changes: 99 additions & 36 deletions lib/hx509/data/kdc.crt
Original file line number Diff line number Diff line change
Expand Up @@ -2,58 +2,121 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8 (0x8)
Signature Algorithm: sha1WithRSAEncryption
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=hx509 Test Root CA, C=SE
Validity
Not Before: Apr 26 20:29:40 2009 GMT
Not After : Apr 24 20:29:40 2019 GMT
Not Before: Mar 22 22:25:09 2019 GMT
Not After : Nov 21 22:25:09 2518 GMT
Subject: C=SE, CN=kdc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Public-Key: (4096 bit)
Modulus:
00:d2:41:7a:f8:4b:55:b2:af:11:f9:43:9b:43:81:
09:3b:9a:94:cf:00:f4:85:75:92:d7:2a:a5:11:f1:
a8:50:6e:c6:84:74:24:17:da:84:c8:03:37:b2:20:
f3:ba:b5:59:36:21:4d:ab:70:e2:c3:09:93:68:14:
12:79:c5:bb:9e:1b:4a:f0:c6:24:59:25:c3:1c:a8:
70:66:5b:3e:41:8e:e3:25:71:9a:94:a0:5b:46:91:
6f:dd:58:14:ec:89:e5:8c:96:c5:38:60:e4:ab:f2:
75:ee:6e:62:fc:e1:bd:03:47:ff:c4:be:0f:ca:70:
73:e3:74:58:3a:2f:04:2d:39
00:d1:73:ec:58:67:7a:65:30:ab:19:15:a1:bf:1e:
de:db:e5:4a:92:f0:99:8a:eb:02:6d:e4:31:1a:c7:
4d:07:57:b1:82:9e:d2:d2:c7:f3:0b:b2:82:61:5c:
ba:38:c3:54:e9:e1:be:6b:5f:0d:22:62:2b:cb:d5:
34:0e:63:0b:50:8a:8b:b3:be:6a:e1:85:dc:b1:28:
13:ee:dd:6e:40:d5:48:1d:eb:aa:04:0b:e7:c8:1c:
6d:60:54:b6:cc:be:52:5a:88:22:ce:07:2d:3f:cb:
fc:00:ab:8b:a5:e7:32:8e:b1:8b:03:d8:81:a2:69:
d4:9f:3a:ff:da:b5:e3:0d:e3:21:54:29:cb:61:ba:
16:13:94:97:1b:72:24:6d:da:d7:d9:35:b1:57:f1:
3b:9d:ee:90:76:4e:58:1f:4e:76:12:c6:89:2a:54:
bf:e8:53:5a:de:05:79:93:0b:41:2c:03:c5:30:58:
a8:e6:57:08:f9:47:7c:c0:3a:5c:eb:1b:33:68:52:
02:19:08:e6:35:48:05:a7:51:22:89:1c:1e:c8:0b:
55:73:b2:c9:75:f9:74:aa:de:5e:3a:54:f8:96:47:
cf:25:2d:75:e7:71:74:31:91:17:85:44:89:8a:16:
88:ca:12:dd:0e:36:4d:e5:af:b3:db:d3:7c:53:8d:
7a:08:69:92:72:81:c8:13:c7:71:96:8f:2d:54:98:
c9:63:10:26:be:59:8f:db:82:47:c1:29:c6:28:7f:
a0:16:bf:85:a2:eb:2f:2f:46:86:6b:77:1f:31:30:
d4:52:35:32:09:16:cd:48:ec:3c:4c:2c:03:e5:b9:
90:e9:f7:b4:7d:97:91:31:27:4e:df:b6:bd:b6:ec:
ca:47:16:00:58:e9:87:4f:20:af:ef:4c:34:42:5b:
3e:28:aa:cd:39:75:3b:6f:7c:b9:7b:50:76:67:25:
31:46:f5:34:aa:c6:5a:22:77:b5:9d:6d:88:4d:f1:
e6:e7:ca:d2:d8:70:10:58:39:58:0f:ce:8d:b3:4d:
e4:f4:80:ca:31:75:3c:38:61:6c:d9:17:d2:aa:72:
f9:e0:ac:86:ab:33:16:84:e8:c8:de:58:9d:78:ac:
f1:2a:64:b8:e3:f2:cb:20:42:dd:f9:bd:2e:c2:84:
6e:11:34:76:a5:c5:54:c5:51:9b:cb:85:d1:05:82:
1c:33:d5:95:18:ad:4c:94:d2:7b:4f:72:23:ff:c1:
4b:a2:ea:1a:3a:18:c2:f5:c8:08:76:00:12:25:e5:
ee:30:b9:8d:2f:0f:95:3d:70:ac:6a:eb:d8:c5:71:
9a:cf:a9:a6:6a:ce:45:07:a4:41:de:85:fb:ad:e0:
39:0b:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage:
pkkdcekuoid
Signing KDC Response
X509v3 Subject Key Identifier:
3A:D3:73:FF:AB:DB:7D:8D:C6:3A:A2:26:3E:AE:78:95:80:C9:E6:31
62:AF:D5:17:E4:9F:2A:8D:8A:CA:2B:05:E1:25:66:BB:61:03:77:EA
X509v3 Subject Alternative Name:
othername:<unsupported>
Signature Algorithm: sha1WithRSAEncryption
83:f4:14:a7:6e:59:ff:80:64:e7:fa:cf:13:80:86:e1:ed:02:
38:ad:96:72:25:e5:06:7a:9a:bc:24:74:a9:75:55:b2:49:80:
69:45:95:4a:4c:76:a9:e3:4e:49:d3:c2:69:5a:95:03:eb:ba:
72:23:9c:fd:3d:8b:c6:07:82:3b:f4:f3:ef:6c:2e:9e:0b:ac:
9e:6c:bb:37:4a:a1:9e:73:d1:dc:97:61:ba:fc:d3:49:a6:c2:
4c:55:2e:06:37:76:b5:ef:57:e7:57:58:8a:71:63:f3:eb:e7:
55:68:0d:f6:46:4c:fb:f9:43:bb:0c:92:4f:4e:22:7b:63:e8:
4f:9c
41:29:9f:70:6b:36:28:cc:86:e1:4d:ae:25:34:b1:24:ab:f8:
03:de:28:da:d1:13:8e:03:d3:5a:57:72:69:f9:04:1c:e0:1d:
14:91:c7:a0:8b:ab:c7:61:6e:4e:86:2a:2a:40:22:10:10:58:
0c:18:95:eb:d2:15:18:35:3c:fc:42:25:1a:dc:03:cb:ba:f3:
81:80:d2:45:4e:c6:90:11:2f:e9:db:76:9a:e3:1d:0c:04:dc:
fb:d9:ec:bd:48:38:66:78:d6:52:c2:bc:ae:20:9b:1d:87:28:
9f:38:fa:db:8f:17:1f:3e:29:85:17:a0:95:bd:72:88:0c:93:
88:ba:8e:31:67:2b:03:b0:bf:3a:7e:e4:e2:82:f7:6c:36:1a:
d1:8e:7c:87:63:17:e4:68:7f:4b:e7:dc:40:b5:02:5a:62:be:
54:ee:11:30:39:80:2a:c0:3e:8f:3b:67:cb:9d:9f:ee:c1:ea:
f1:4c:e8:55:24:6a:73:84:ef:82:ca:99:ec:84:05:5e:82:a1:
52:40:5e:71:10:c9:c3:9b:18:ce:7f:50:db:8a:49:d4:b6:b9:
5e:ef:13:4c:e8:be:76:2b:cc:f9:eb:9e:9b:4b:29:8e:ee:1c:
e5:bd:08:f0:50:63:e2:c3:94:20:2f:fe:cb:6a:ed:2b:2a:e2:
51:44:3d:06:d1:b4:43:26:43:07:4d:c9:e1:4f:9d:3d:0f:a6:
74:93:ff:51:74:c8:aa:2d:76:ab:93:6f:84:47:2d:70:37:d2:
21:f0:cb:4d:a5:8b:df:91:4b:95:f0:ba:fe:d9:fc:f2:ed:b5:
e7:91:03:5a:ad:12:43:f3:ba:c8:a7:51:34:9b:40:bd:71:39:
af:b1:9f:e4:9f:3f:1b:27:a5:84:43:a2:c3:3f:52:63:a8:bf:
8b:59:82:53:b5:26:64:16:73:90:f8:7b:7d:ce:f6:41:b6:8b:
81:56:90:c2:ff:46:46:8f:63:3d:95:d9:f0:49:73:37:d9:14:
2b:26:95:ac:19:29:1d:cb:c2:03:d7:36:4e:4a:39:3e:51:02:
de:aa:dc:6b:77:a8:57:ba:50:21:0e:8e:b7:48:bc:44:fa:45:
db:c9:bb:72:ea:e4:2a:7a:35:75:3c:68:29:5d:b9:57:0b:d3:
2e:2c:4f:01:1b:f0:21:0c:fc:95:17:b7:40:be:aa:0c:f9:04:
60:6a:d1:54:0d:b9:68:d7:e9:7a:f4:96:ad:f1:a0:15:15:c2:
51:61:44:5f:0e:bb:98:d1:81:9f:c1:81:d6:e2:26:d5:11:56:
d2:cd:0f:9c:6b:69:f0:78:24:ff:bf:df:02:2b:0d:d1:83:5b:
14:4d:c0:e2:80:47:65:2b
-----BEGIN CERTIFICATE-----
MIICVDCCAb2gAwIBAgIBCDANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA5MDQyNjIwMjk0MFoXDTE5
MDQyNDIwMjk0MFowGzELMAkGA1UEBhMCU0UxDDAKBgNVBAMMA2tkYzCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEA0kF6+EtVsq8R+UObQ4EJO5qUzwD0hXWS1yql
EfGoUG7GhHQkF9qEyAM3siDzurVZNiFNq3DiwwmTaBQSecW7nhtK8MYkWSXDHKhw
Zls+QY7jJXGalKBbRpFv3VgU7InljJbFOGDkq/J17m5i/OG9A0f/xL4PynBz43RY
Oi8ELTkCAwEAAaOBmDCBlTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DASBgNVHSUE
CzAJBgcrBgEFAgMFMB0GA1UdDgQWBBQ603P/q9t9jcY6oiY+rniVgMnmMTBIBgNV
HREEQTA/oD0GBisGAQUCAqAzMDGgDRsLVEVTVC5INUwuU0WhIDAeoAMCAQGhFzAV
GwZrcmJ0Z3QbC1RFU1QuSDVMLlNFMA0GCSqGSIb3DQEBBQUAA4GBAIP0FKduWf+A
ZOf6zxOAhuHtAjitlnIl5QZ6mrwkdKl1VbJJgGlFlUpMdqnjTknTwmlalQPrunIj
nP09i8YHgjv08+9sLp4LrJ5suzdKoZ5z0dyXYbr800mmwkxVLgY3drXvV+dXWIpx
Y/Pr51VoDfZGTPv5Q7sMkk9OIntj6E+c
MIIFWzCCA0OgAwIBAgIBCDANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMCAXDTE5MDMyMjIyMjUwOVoYDzI1
MTgxMTIxMjIyNTA5WjAbMQswCQYDVQQGEwJTRTEMMAoGA1UEAwwDa2RjMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0XPsWGd6ZTCrGRWhvx7e2+VKkvCZ
iusCbeQxGsdNB1exgp7S0sfzC7KCYVy6OMNU6eG+a18NImIry9U0DmMLUIqLs75q
4YXcsSgT7t1uQNVIHeuqBAvnyBxtYFS2zL5SWogizgctP8v8AKuLpecyjrGLA9iB
omnUnzr/2rXjDeMhVCnLYboWE5SXG3IkbdrX2TWxV/E7ne6Qdk5YH052EsaJKlS/
6FNa3gV5kwtBLAPFMFio5lcI+Ud8wDpc6xszaFICGQjmNUgFp1EiiRweyAtVc7LJ
dfl0qt5eOlT4lkfPJS1153F0MZEXhUSJihaIyhLdDjZN5a+z29N8U416CGmScoHI
E8dxlo8tVJjJYxAmvlmP24JHwSnGKH+gFr+FousvL0aGa3cfMTDUUjUyCRbNSOw8
TCwD5bmQ6fe0fZeRMSdO37a9tuzKRxYAWOmHTyCv70w0Qls+KKrNOXU7b3y5e1B2
ZyUxRvU0qsZaIne1nW2ITfHm58rS2HAQWDlYD86Ns03k9IDKMXU8OGFs2RfSqnL5
4KyGqzMWhOjI3lideKzxKmS44/LLIELd+b0uwoRuETR2pcVUxVGby4XRBYIcM9WV
GK1MlNJ7T3Ij/8FLouoaOhjC9cgIdgASJeXuMLmNLw+VPXCsauvYxXGaz6mmas5F
B6RB3oX7reA5C28CAwEAAaOBmDCBlTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAS
BgNVHSUECzAJBgcrBgEFAgMFMB0GA1UdDgQWBBRir9UX5J8qjYrKKwXhJWa7YQN3
6jBIBgNVHREEQTA/oD0GBisGAQUCAqAzMDGgDRsLVEVTVC5INUwuU0WhIDAeoAMC
AQGhFzAVGwZrcmJ0Z3QbC1RFU1QuSDVMLlNFMA0GCSqGSIb3DQEBBQUAA4ICAQBB
KZ9wazYozIbhTa4lNLEkq/gD3ija0ROOA9NaV3Jp+QQc4B0Ukcegi6vHYW5Ohioq
QCIQEFgMGJXr0hUYNTz8QiUa3APLuvOBgNJFTsaQES/p23aa4x0MBNz72ey9SDhm
eNZSwryuIJsdhyifOPrbjxcfPimFF6CVvXKIDJOIuo4xZysDsL86fuTigvdsNhrR
jnyHYxfkaH9L59xAtQJaYr5U7hEwOYAqwD6PO2fLnZ/uwerxTOhVJGpzhO+Cypns
hAVegqFSQF5xEMnDmxjOf1DbiknUtrle7xNM6L52K8z5656bSymO7hzlvQjwUGPi
w5QgL/7Lau0rKuJRRD0G0bRDJkMHTcnhT509D6Z0k/9RdMiqLXark2+ERy1wN9Ih
8MtNpYvfkUuV8Lr+2fzy7bXnkQNarRJD87rIp1E0m0C9cTmvsZ/knz8bJ6WEQ6LD
P1JjqL+LWYJTtSZkFnOQ+Ht9zvZBtouBVpDC/0ZGj2M9ldnwSXM32RQrJpWsGSkd
y8ID1zZOSjk+UQLeqtxrd6hXulAhDo63SLxE+kXbybty6uQqejV1PGgpXblXC9Mu
LE8BG/AhDPyVF7dAvqoM+QRgatFUDblo1+l69Jat8aAVFcJRYURfDruY0YGfwYHW
4ibVEVbSzQ+ca2nweCT/v98CKw3Rg1sUTcDigEdlKw==
-----END CERTIFICATE-----
64 changes: 50 additions & 14 deletions lib/hx509/data/kdc.key
Original file line number Diff line number Diff line change
@@ -1,16 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANJBevhLVbKvEflD
m0OBCTualM8A9IV1ktcqpRHxqFBuxoR0JBfahMgDN7Ig87q1WTYhTatw4sMJk2gU
EnnFu54bSvDGJFklwxyocGZbPkGO4yVxmpSgW0aRb91YFOyJ5YyWxThg5Kvyde5u
YvzhvQNH/8S+D8pwc+N0WDovBC05AgMBAAECgYAw4vS6opmMcFRXhralHW2OJEUR
VIGGPm4kBVBYOb4O5ZLW3UI/IZnZ/5WFn0/MS7owcdHjWN4Ax0s02eXp1mXm0sua
gr6JuWTTv5y2Vjrq2AQ9RqNIaRp346gbtqt2/Nhoyl3BMcVPuq69WcbDVq+GPNE5
K5plwS32AQJsceitWQJBAP6M2xJ4cOh3keOOfYnVvoBRsS++ErViBOtHgjdriJXz
Hy9uNPp4HGpKExPWBVRozBQ5HMYUY2Wv+Zsku+mlgzsCQQDTdAqkOzzhJ2+uD2et
MyMDBm2oKiPUrpSBTFo1EiDH6ECrNAJd0FyYFwYvcI5b7BK06SFRmd80GSvBeOMI
TKIbAkB2zFIpqqA3PiaOJyAbxe+kf3vMJk8g6+AT1knFh6A1K0QwpKSBCLFqQavp
pAbUwBwOjCELqNRCzwAVEe3JO3+lAkEAhRhedl8/A62R8yqJJJCycf4C2b2kjgNR
QE1x3kPJ1GqRAfIbpzc2gRjE8OlVAfEHGU5AhZ9nyeAqFX5k0N2DjwJAZpJApfQo
VoCVZyPPASHV4B6k5b/DUcLo9XnNYkcm5EsdjJXR8TWCrkbBxPM3i1Nn/2Lpa0xp
FiD4cMhNHreApQ==
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDRc+xYZ3plMKsZ
FaG/Ht7b5UqS8JmK6wJt5DEax00HV7GCntLSx/MLsoJhXLo4w1Tp4b5rXw0iYivL
1TQOYwtQiouzvmrhhdyxKBPu3W5A1Ugd66oEC+fIHG1gVLbMvlJaiCLOBy0/y/wA
q4ul5zKOsYsD2IGiadSfOv/ateMN4yFUKcthuhYTlJcbciRt2tfZNbFX8Tud7pB2
TlgfTnYSxokqVL/oU1reBXmTC0EsA8UwWKjmVwj5R3zAOlzrGzNoUgIZCOY1SAWn
USKJHB7IC1Vzssl1+XSq3l46VPiWR88lLXXncXQxkReFRImKFojKEt0ONk3lr7Pb
03xTjXoIaZJygcgTx3GWjy1UmMljECa+WY/bgkfBKcYof6AWv4Wi6y8vRoZrdx8x
MNRSNTIJFs1I7DxMLAPluZDp97R9l5ExJ07ftr227MpHFgBY6YdPIK/vTDRCWz4o
qs05dTtvfLl7UHZnJTFG9TSqxloid7WdbYhN8ebnytLYcBBYOVgPzo2zTeT0gMox
dTw4YWzZF9KqcvngrIarMxaE6MjeWJ14rPEqZLjj8ssgQt35vS7ChG4RNHalxVTF
UZvLhdEFghwz1ZUYrUyU0ntPciP/wUui6ho6GML1yAh2ABIl5e4wuY0vD5U9cKxq
69jFcZrPqaZqzkUHpEHehfut4DkLbwIDAQABAoICAH37+GGEfH55M7E27b+D1hD2
blDMH88LZL6sz0yILLEJ8l/bIHxggLS8fugJWoniFCVJ/7udxMy1uBo298TflmKv
szA+jRNx7TkyHitDTZn5sBMvOWiNsLERSEj1K68jm22RDT5X2sPQ8peEl88GrcZe
zHtXs0H53kaYumTXmuczg0yYhxkVUUodynZbxcW+KK8iOLXpCC8K3CINJbxO+X55
pO+tYnFgEfwR1vq3fk/3RJi7+3vxRhiLA2KsuE9CYT2SdmiQjcfmtl/Z0agfHfS9
vHyHQd6QWbidYJg9m/jo4JRAL/cyqu1VlIw4mXJR8514kzaFO324nbrQDqxDIO7v
jvFL9SjnReVxUjfnQ7W5BackMn7rxaa4gGm3P1ZAYY0DrSBThlleKkuGhuOHaRFG
P3uPjfar4ybGnozqCrVpuFJLOtQocdJpPBdQtS0WuE3sMOUkOV9HfqxusnS074on
2qn3Yy7PhKBfqBYKVqd0l99QHjwr3/0VLjDpnVvvFZFDcH9uL9daD+JfZj3aaGdv
bmPGwO4svlVEDzfScoI3NnReGEH/bgmdbaPBcSiX42NX12XHWZ55d9grQlJWdSw5
W8+Dqy86/gCA0VJ4fKaJM5ZGbngOwjgCYZkNHyFo42/zTFSI1S9PiWTNAHPGqZyD
nOjpXLR1N+dk0yBwpOQhAoIBAQDy5BeFO+mqp3NWHZXVoy+THqumajCR5AjEsbFl
aWosL99Zk/avfA7G8orHXrAj1XEsGxkFtCnRUlg35LqMYK1tYYIk5NqdFCAeQUOe
7NgNlicjiKG+a69bQ5TOtgmtdhIh+Uu1yNgbNelWJFizyxoFFFX7jp52utNWix3r
x6LfTZmNUQqbFetuMKln0WzVwa0uqezzvxZ7oPLVeEc4LT7wtKTPDf6/VTfoeLoO
JvvMb5cnKZGQmpC8Jub5mRkEFcUIGmbKM2G9sRFPNt2Lh08xVCDXEJSFZPiBpLGP
6TvJ9DkKEd0Shj0VdnV9304XkcFdfjWIDHlfLJnzwn++Wx9rAoIBAQDcwdUVfsFE
kVJtdWjtAAj1uSEAPDiggfDhTlOsJMQ3U7PlmdgiafNMKpzmLwqH8Pe5IK4Z9KZ1
pT+d89udXGOUXhqU6kvxfVu3S7skE9r5DYS/kg7xXJerir+fGsZ5lGDqz90xYxhp
ect5jOtsRxDlI7Vg5guUp30h8FsAdrP42jiUZxy4AkBdVuyqKAbl5ZtnV4eCk3fV
iLyVmD27I6h8jnvGvPVODjpesuu7XzQe9ZhyAU/7JSsshLKoKIjwZSx77dhfqI9i
pm1cwhKbT7opZa2zuXd1h/nDo4SLOfBRTQ+424NPhfk754HKup+lskXuedlumqhj
z6V8QbfjVRkNAoIBAG+WxQuMC/1AMyfkLbtZ3niLxbaN4MSV7EVZkbOSq5mjYMyJ
wvK6XxudwI55/RhpbjYiOOu66t9lImyDZAUsQWEYRC9pCNrTrTHZMBTqoRQU4ORd
WFngpU6bjNkvHuEXdpsvKk5Y+Jf/u7S8vBfV/p1Iy3vn+Pt5N7Dx9wwkyromr54S
FnpLpr8YEixFNeg6s7LVlKwjJVQlDItwV+ACQYFarMEHn/sNTsM5+9iWpmY0+k+e
tGan7EjU4pbXdHvA+KWRY5oP4x7AI8Ct5zi8MHDsQq4ryuBCFD2TiZQhRjuxPSdY
L6XcEGI06yOqHPmNGDY4zqUzfetw1UX9HK06tgMCggEAF5UZRz+QM9v2Wz0UpWTA
kEdjkBvezL601czBQX13/JUTfa6OmTaKSBOxSSGzVUxXmk40aw9ojN7HSf9X8ZqC
BMJ8wnW5ASYsGwubBUKdvMdF7BUVRZFnnmqnB78bfrdsFwl3jqQQYowhQW3dZGa/
FktXP++zQwEVa/+6KPWFSks9ihTty3ZqG86CX7cA7aQ2kraWAkvwnD4ML0rhJVGs
2Ql7jYJ4DguVDrK8XfrQnZIM4/jh62lQEGRolXAnGM8mDmMdHzLphldTDXqp9C9z
KqLzCGUCruqEsvKP4TOiSX0a9dt1TpR4SH71rYt8LH473DrmEFuzK15uRjTbCQz5
LQKCAQEA0hy4cQ07D32jcaN0xQ40Av8fO3dDwgcrSrTfBIk2naa7w9ssshhIFCWT
pXC68HjbXJAm+FUmzp1wyj1ss+1CWSHD9sWPUwJj/T0fGSfpPKC5UpuvSMXRsych
DX2WwGIExAHDF1vHlhc9mn26IZo+oZPA1X2SqurKz7RYuDXpiAdMQx1azjMuzQF0
xBPoILyT4ZgDW1YCs87QF+Rk7x6S1HePF0dCDo6vke34ydZe+by/UnLhiGtbTtI7
uBLJkF39dTie3vP+2I6eQbV+RUhhf1MGHSf8tVw7sIdtTbB3b7pEemMQhpyGJ02P
RCBsiAswkZ1vTsDII1BKYPknuvgH9g==
-----END PRIVATE KEY-----
3 changes: 1 addition & 2 deletions lib/hx509/data/mkcert.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,7 @@

set -e

# For now, avoid going past the 2038 32-bit clock rollover
DAYS=$(( ( 0x7fffffff - $(date +%s) ) / 86400 - 1 ))
DAYS=182500

key() {
local key=$1; shift
Expand Down
39 changes: 28 additions & 11 deletions lib/hx509/data/no-proxy-test.crt
Original file line number Diff line number Diff line change
@@ -1,13 +1,30 @@
-----BEGIN CERTIFICATE-----
MIICDDCCAXWgAwIBAgIJAMJEvwnR1+3VMA0GCSqGSIb3DQEBBQUAMCExCzAJBgNV
BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQwHhcNMDkwNDI2MjAyOTQxWhcNMTkw
NDI0MjAyOTQxWjA0MQswCQYDVQQGEwJTRTESMBAGA1UEAwwJVGVzdCBjZXJ0MREw
DwYDVQQDDAhuby1wcm94eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoj9n
WflMrV4pTKogjZSsR0ayv0SnNJDalEKSvEge7NeWJm/qOl63ZFp/Fu76CX5sw0um
3y08szXc7PQ3bfeaOASI3DRjeq/Bdo91189IudKjRQGmpwvaLaB+geiJ0zxL8MbO
zYCKZR2HtwmnyAtuVxBzg/JkbRivZNY6eFujez0CAwEAAaM5MDcwCQYDVR0TBAIw
ADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFAsSc5J6beDqU81cycJGR+e284BXMA0G
CSqGSIb3DQEBBQUAA4GBANmfFhAMyYld728X7ne9GFLKKOSmWNUBlI7imwZcXo3P
QgCBmjhDiadCLdntQNCGAtBMUUM/jf3SCzWyEUtvCfqNCeFbYuS4CNStrACtDNjb
iw34aVAORleFr4hzAe9c61UH8nIkQbMYH264yUA/RJC1U01b/26YlKAVq75l3d36
MIIFEzCCAvugAwIBAgIJAKQmPUkmhyKiMA0GCSqGSIb3DQEBCwUAMCExCzAJBgNV
BAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQwIBcNMTkwMzIyMjIyNTEzWhgPMjUx
ODExMjEyMjI1MTNaMDQxCzAJBgNVBAYTAlNFMRIwEAYDVQQDDAlUZXN0IGNlcnQx
ETAPBgNVBAMMCG5vLXByb3h5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
AgEA1wY5NrUAYbdIiJyOwEG5zo6892LuPxYrJ39qy0868pQMPuViT3IjP8fOockf
IHFqM1M/rYEKBCaHm3W5d0+QET1T3pJq7eOTuG8Ep4BiMDm2mD0VeWOCeLJjfnuR
8WPG3Fz//55NBCByMc4as5+Gw9b6z6Mh8pFMyz4zyMQI420Gss9hHoTiD9o4fhM4
U5M+l+gvVYmvLhZ0Z8hIJAqnlRJoIKeEbcHS1qIqkN0vkdRZc5usJmxhpJi8SjTS
pGiP53QDmGDJMHd5Fsfyv98n6T6fIkf+O2sAVnxdgOBIyYibdMH021/UzbXZHoDK
Nx5HH9lr1R9vE5fy969yCQ10lgaNmlp68j8/5B8QPeRbe29DQ1rRBzheji1kkxbg
8FU7GKu92GHrDhK5dasl7tH3qx4WKOAD4ENJI4vSDWo/IxkKYLLuNIMcVhmGORGl
IvxaDVxr5wHdGgpBJwc2BxcHU6/8cuYGDewR2h/TWb6jTVmfq7lx+fefEkTDmOxI
WbXwGtbZqqX5EzWp3VTBakONdRjJwxg3MShWJ1ZhYawzeTwZg3FOIn9W2tLkPNU7
Ly/fZMBD6qJ5X/0gJGkx9QRlANMJnj0POaBvIyzkGz95QlyIoiAJyuzCKbX5WQdd
jy1drnB2VdAjWyAjUP+9JsMJJKyLYOWxvemE1yAIIL9yjVMCAwEAAaM5MDcwCQYD
VR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFN8mmgQlHmnWopRs35laOYZ9
/02LMA0GCSqGSIb3DQEBCwUAA4ICAQB6dmCcY2XRzeZz2CQ2DdGJRyBDdHFf7W3O
4Tk/w2ZQLFx6BwttOB94LcaVFRUHp9arkNDH6ne9ntQ1LZ3fPoRR4RXwQO8c+pIf
ZDWPEr7Exv1F1zrjAEHx2UcP1pu4PU9PDqmGs2BarnHgKotfY8AXdJkl1g128LIQ
WOmQFyI6Ny//4MT/5YB6OSr2zzrKz5FyGxKSG49xfPSSAf3mHAUxHzBJ1orpHIpo
zQcrt6oRbi9G9cKVYTEVRVM2CgqMJwBUH7d9BRIab4hp7lqynFJKg3uOH90cmms1
dY5NRmy+jmAqveEGvCw2+vmHtbj5NikwUBnRqZGW/XHLSj8niCtO2PT30xzpDiEa
iYBGyuETV5vwFIbucdbenaBrrbvumr4lWqhjadQVwjhNcqdmhIxuGGXF/XGG5+do
hFaYD5fguyfQDGaeFQIipPEyZcx0QcGA77g7eKYgPyBFZxGHS7P1x1GrchZIOH1q
W59AuSwxKWGEAM2tlp2+Esp3Zj8UBy2nL9fXRyDEMerCuJUcbCLODGYDc0/s/7Cs
G8ZNK+GXs68CgxJCbxY5uUcYQyVpRFi62jvghuPGQkxytQ/GWM+q94ncr8I2+lsO
kTcdzYbAapst+XoPL9enQwAkw4yksJ8Rx2P2TDRAZl58+utRrdQyL0oD9cJy57LE
cpMYhZWsyQ==
-----END CERTIFICATE-----
64 changes: 50 additions & 14 deletions lib/hx509/data/no-proxy-test.key
Original file line number Diff line number Diff line change
@@ -1,16 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAKI/Z1n5TK1eKUyq
II2UrEdGsr9EpzSQ2pRCkrxIHuzXliZv6jpet2Rafxbu+gl+bMNLpt8tPLM13Oz0
N233mjgEiNw0Y3qvwXaPddfPSLnSo0UBpqcL2i2gfoHoidM8S/DGzs2AimUdh7cJ
p8gLblcQc4PyZG0Yr2TWOnhbo3s9AgMBAAECgYBWdSjy1hkZDWM+mi3MpFwFg1P+
/muHZGVFuhANSvVHyj4V729GeXCKhnrQ0rnk0zzL+QVMSgPdj6dRkXX0IIxJ0iyI
k7ZVoaCuC8dmc/rF9pJ58saqKYCqQFtjdFO68E3aQbnk89ai69AzgdjegRSVmOQ8
yJ9ArHcggxbEqGq94QJBANOk9UWdI72KbIRElrTtWAvIrNaF4iixR+AdYuFL2+cJ
WaGApfFtcNppllmbWxh0IayIDzRpWzSpTILNLQdqF9UCQQDEQDzfZ04+x2RhX28o
O1Vzqkado6OvyhwVlzp19ZGstMWq6IVNZEJDBYCilk7dkIkjBHojaVEu/k9vMUZS
KzHJAkBk6xmRUjbCoIjSISqDp1D+fXf86uZGZRJSyXBm4Zc/+XNl0URPdNIFM6ff
nna3mFiePlqRsVMuLzQugstf57TpAkAYCvqqMADRBiKRH10B48sDQaAnHe4m0i8A
oidiXjR7oSX6W0RBh//qMBljUeDVmiiC5sCD6BovFK7so2/HD02pAkA9zFWyVTdq
Y3t01+ZG6TfcxwKGCgpwS3x9OQbMVb34JPQ65U0JzW7ubmYFMD5Fl1RPjDbLc+wm
uSnStI7RGOt+
MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDXBjk2tQBht0iI
nI7AQbnOjrz3Yu4/Fisnf2rLTzrylAw+5WJPciM/x86hyR8gcWozUz+tgQoEJoeb
dbl3T5ARPVPekmrt45O4bwSngGIwObaYPRV5Y4J4smN+e5HxY8bcXP//nk0EIHIx
zhqzn4bD1vrPoyHykUzLPjPIxAjjbQayz2EehOIP2jh+EzhTkz6X6C9Via8uFnRn
yEgkCqeVEmggp4RtwdLWoiqQ3S+R1Flzm6wmbGGkmLxKNNKkaI/ndAOYYMkwd3kW
x/K/3yfpPp8iR/47awBWfF2A4EjJiJt0wfTbX9TNtdkegMo3Hkcf2WvVH28Tl/L3
r3IJDXSWBo2aWnryPz/kHxA95Ft7b0NDWtEHOF6OLWSTFuDwVTsYq73YYesOErl1
qyXu0ferHhYo4APgQ0kji9INaj8jGQpgsu40gxxWGYY5EaUi/FoNXGvnAd0aCkEn
BzYHFwdTr/xy5gYN7BHaH9NZvqNNWZ+ruXH5958SRMOY7EhZtfAa1tmqpfkTNand
VMFqQ411GMnDGDcxKFYnVmFhrDN5PBmDcU4if1ba0uQ81TsvL99kwEPqonlf/SAk
aTH1BGUA0wmePQ85oG8jLOQbP3lCXIiiIAnK7MIptflZB12PLV2ucHZV0CNbICNQ
/70mwwkkrItg5bG96YTXIAggv3KNUwIDAQABAoICAQDKOoMyzZbXUC66tSuY6/fZ
qetVa8kQskPR+QcywYh6Pv0pZklI2NsIEF5pUKOiuqgcL26TOup1rtsZPeY5rS2c
2SX5DZHdvIzhCCDDfH5cRttRYRnCOfGqnHPwsD05XxLXi+wEuBhNCkr8RpBcYWu4
4oavJAk4fqlP+WdwqdaGNrL3Fw2LS4TlTeKVyHPQPoq/CdMCyuRkHyBJv1cB9rdX
/6DJHWPyajlmPcx0xGIJ8EJU9ZM56/MFf9SOohF+KQ02rKj49gYiPCs5XsIS7Mk3
l/rInhcgQOlnbb3vCIHMcVtru0MT05RsCFx0UMJehm50KOM+5TptnhoYEvzYQLxk
578RDQUNiQxdonmcF8QXvCBHArP20SLyfwavNsFtvfNe26i+9ti/+GaLsKHRC/ZI
NsaIsO3wGT2E2/qoyFt+aOxrlNeT4zq+tHX01U8UzK3qhp6/RuSrQeCdmE7e/Mjb
GVDpBYBbscfcApSCVyrpJ51Fs2VKt9QBliocrxG0Voa4xpdwC9XCI3AfTyzzG5le
fSqhl4kB0iDboWJQgiH7hJKhFtBnrBVhPQ+bcl/G4+OZYV9HNZ98gNurCW9qO7Bf
8jP3/A1YWYY4GI7LVqsjOZdFk3EXz1g0PR8UH4+4RRrmVAe6QD4zzQmk7ecGu5k7
nZXuAluURI6ExdBoGGxU8QKCAQEA8GYwOHkZjNNWVDBkhjVliUHtwHof+8MoJp/L
pHR2dwIH3UXU9RrFfzfz2sQ07Vi7aiyyebVXAA1q8ENHfeHvlWbT0SPBZOKbujVJ
S+cNYZJvlWrvS/1ZgNld5SDSaV6R5tMIdAOyWvYm3ijgVGOmEccZVdby0MagTvJx
fwxcNe5H86KGbZrEFieaCjz69Mg9jQh9QhfRxom1H38EcXd5O9wRSpLoXBH4c8Ha
WBiFGaNZJrvOtCZz5YYsWVoaW9GHa4fTs9aQEirDoIR1GD+b6srD/bWX+CfM/SwG
7bDNh2NZuH/24R+55/SUxBdhttImtiE1TmJ8XkhnocuZc03SuQKCAQEA5Pp55xqe
cAELtdHv6iyM25e8Iv9KVMJ9y9HGH9cLdk9OwOwWroIhdIYe/yvYmHSSSiCQI+JB
DC+2n9qxda1DHMpJWPIS4bEkKEPRsVmUyQp68OSxKcPh60m1lWk+UMhcPFWJEggz
XKDacyjC596r4FBMk6n84lhu3HII3Zfho25IeMOgOcGlFHn5TETaqUQG1D0dParO
rtP151TKFjyihOn8WibkcZ8uT0PXjREVCXgiha4Z/eNFeIknC007uus8bCWKUz0n
krNTz9hiGDJHRoyGdUS9PlusW1rA8kXMvQ+8SWzHCqgwfx6zB/Nzii+glFOzzIhG
Vydp/zFrLhJKawKCAQBAddY2PlqYhU6fsn4x8n1waYo700NiObk5ah2r0kK1tIix
T3lD49LTQwiTP4tFnUZbuPJ+ah6S+AYVuKSh34Rjljfz21ePGqhRLNqjjKfs4twi
v5K82Ik4YJCp0Lw63s3Wi/23Rgp8E4bmiSVl23Z7S9zCRKnFS41Ovfmq7ICJQYRv
ksPi/d3YZvQKDMHqAwtmFsGniEWKrAAyGtfxKO0MHP1R9sRxc6wgNfm7J5ABCOjt
1uwdKDZpdCnOJ7frqOpb7gbZMQ5eoLLmBr5zKxM+yPH2xMukEeAIfta4w3DI/d3f
+AgV43Dw/ocpcW+VGxKgQZVOmF/q1BVdr/9MiLCZAoIBAEEFZ2xawLbpdRvSW6BR
ukX5FnGRsNfUysf/75THCfg0mRZrdB1l0n42P8MR/lV8dLYb/RJTg0kkm2VVQqM5
6h7Yym85fmccWDoe2ALWf0t/cF3Lcwt7FkIsEiY1Vn62BosTdvLp5TveaWneH0qc
jo4J/1THJopXtlNfBml2YZp5DJdOZcdA19GyuToRK055hL7sA8upHzvB8MgZ6bDa
0wOPNhubg69IFmxnxWPHgAPKW3M+dx8DVIzf1Xh+HAH+HpBPMLJmYUBlL92Lgn+A
d4DvEpdmR57XhWADq1qgu3zMZRksjHDYRb0zSH9vgFWzJJQ6GIpyABdrl8vhip/w
jbUCggEBAMelGQB2zBBbo1F+InIPkCZH/r0Z/VrB6bQG2UY5c5Em5dTliKjE9r7U
EGJBgLxPiHQomxG6Z/AWVzbUiv650sjfTu/W9qZ4iCEAQvGtR5FxhgtBTspMURxR
W+QiMmkKrkkQgVBXslXgOGerj1RUe+gjaaO6qEdH5famYBXOYAG1gnq3hYa8DWMg
OOQPoWBv2bCrtFNmuMFuHI4dTACvzbEipBTsTs0AbAQbvcSuo+KQqCcXhFfENJ/d
7F9XN3fxSG7g4YAiIVOUjNZYz36bcpV0zpHUde+mbOvE9uXny5CFRkMHkio0Kj8h
vMvFV9XqcWhoGHKX/S/Hmjljr7ln1Dc=
-----END PRIVATE KEY-----
Binary file modified lib/hx509/data/ocsp-req1.der
Binary file not shown.
Binary file modified lib/hx509/data/ocsp-req2.der
Binary file not shown.
Binary file modified lib/hx509/data/ocsp-resp1-ca.der
Binary file not shown.
Binary file modified lib/hx509/data/ocsp-resp1-keyhash.der
Binary file not shown.
Binary file modified lib/hx509/data/ocsp-resp1-ocsp-no-cert.der
Binary file not shown.
Binary file modified lib/hx509/data/ocsp-resp1-ocsp.der
Binary file not shown.
Binary file modified lib/hx509/data/ocsp-resp2.der
Binary file not shown.
131 changes: 97 additions & 34 deletions lib/hx509/data/ocsp-responder.crt
Original file line number Diff line number Diff line change
Expand Up @@ -2,25 +2,51 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=hx509 Test Root CA, C=SE
Validity
Not Before: Apr 26 20:29:40 2009 GMT
Not After : Apr 24 20:29:40 2019 GMT
Not Before: Mar 22 22:25:01 2019 GMT
Not After : Nov 21 22:25:01 2518 GMT
Subject: C=SE, CN=OCSP responder
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Public-Key: (4096 bit)
Modulus:
00:f1:38:9c:a0:5e:b9:0e:73:19:b6:f5:57:2b:9c:
0c:ef:a6:c7:57:0f:8d:3c:05:03:8f:53:28:f0:b6:
f8:d1:0d:c9:dc:13:37:2d:f1:76:36:b7:5c:6b:5d:
a5:22:02:7c:86:84:9e:b5:e3:8b:e6:9e:82:d9:97:
96:02:9f:3c:7b:74:e6:1b:b6:c9:fa:b3:b7:8b:53:
6e:26:fb:b2:3f:ae:2a:7f:f9:67:df:1a:e1:de:87:
97:47:76:80:a3:c4:bf:5c:2c:0d:ab:36:97:13:2d:
b8:c2:65:41:47:e8:34:54:f8:45:fc:38:76:b8:99:
3f:ee:83:f6:49:40:96:16:71
00:b1:21:1d:c9:2b:44:9e:62:fe:13:94:ea:a1:e1:
cd:17:0e:bb:4d:1c:62:27:ee:d3:f7:61:c8:26:c1:
0f:45:fc:10:d8:39:c3:da:86:a0:00:30:d7:ad:86:
ff:c6:36:6c:f5:e2:26:8c:f6:76:1b:d0:09:b6:a5:
f8:cb:d5:88:fc:ca:ca:28:49:ed:64:2b:f3:88:4e:
8e:ec:7c:63:b8:75:6a:cc:73:b6:66:6c:c3:7c:e4:
d7:50:95:88:12:84:e7:5c:50:87:db:4c:bf:91:98:
b1:3a:44:57:0b:1a:7a:f1:93:e3:4c:69:8b:9f:d7:
b9:20:8d:0e:cb:ff:de:38:6f:6a:91:55:1a:6f:a6:
82:1d:05:f6:fc:46:8c:83:8b:ab:6e:3f:6a:6f:c5:
0c:cc:ff:3c:78:74:d4:f8:56:be:59:60:d5:3f:4d:
3e:e4:e1:4b:2d:c5:2a:d1:6a:7a:21:b9:6e:61:10:
03:79:88:5b:74:f4:29:0d:56:d3:6b:d5:7d:8c:59:
5d:4e:89:0d:a3:a6:8b:43:28:e8:e2:f1:bb:d5:eb:
65:9b:c2:d6:62:aa:df:66:d5:92:dd:84:6c:29:28:
1a:e8:29:b3:09:d1:45:14:44:cb:30:03:73:3a:94:
a3:a3:24:89:15:fb:ca:e0:a6:62:35:48:f8:92:50:
3a:ff:17:d8:4a:1e:a0:9c:d9:68:cc:21:e1:c9:36:
d1:47:bc:f1:56:3e:87:18:10:0d:f5:56:9a:c9:79:
16:c0:08:a0:59:65:b2:00:dd:9a:e9:97:e7:8f:85:
ee:cd:0d:20:5e:2d:58:ff:8e:e3:ce:4f:36:65:c3:
f1:88:39:dd:34:29:db:8c:ed:6e:c8:7b:30:ad:49:
58:e6:f9:5b:85:46:0a:04:0f:9e:ea:ca:a8:2a:35:
0d:66:f3:48:b6:e3:c7:e0:e8:a3:ed:6c:f3:e4:cd:
1d:45:f3:e2:2c:6c:5b:91:b8:26:dd:49:d4:78:d3:
4e:57:3a:b5:af:cd:3a:05:d5:89:63:f5:bc:73:1f:
26:cc:2c:4b:2d:81:b3:5d:49:28:04:46:f8:24:5a:
68:1d:06:1b:2d:be:56:f9:b3:f4:d1:50:2f:95:9b:
9f:45:c7:62:35:bc:46:a9:df:c6:45:21:e9:1c:7d:
a8:2e:b1:87:91:0b:7c:fb:97:52:31:f9:41:73:ba:
83:22:4a:80:f9:ff:f1:95:74:79:f7:20:95:f0:17:
20:7d:ac:55:e8:b0:c6:b2:a6:56:c6:c0:cf:3d:78:
d5:9e:37:41:b4:78:aa:30:f0:2d:59:7c:6a:c8:68:
cc:91:09:13:f8:9f:04:e3:a9:86:c2:74:ba:f6:32:
44:0d:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
Expand All @@ -30,27 +56,64 @@ Certificate:
X509v3 Extended Key Usage:
OCSP No Check, OCSP Signing
X509v3 Subject Key Identifier:
FD:2F:3F:35:BC:72:5C:51:52:4F:5F:D6:20:CB:D1:CB:56:2F:BC:0A
D0:3C:E8:05:07:BB:9A:96:36:88:44:AA:9A:4F:62:9E:9F:33:5B:03
Signature Algorithm: sha1WithRSAEncryption
24:95:11:a0:f2:10:58:4d:4e:20:e5:d3:4d:17:b5:4b:37:aa:
fe:c8:28:79:e4:ca:15:b1:9e:28:93:fc:45:99:d5:4a:8a:a0:
0a:e4:9e:75:64:f9:a4:63:96:dd:2a:9e:c7:0f:03:83:86:44:
c5:1c:a4:34:b6:b7:74:e3:ff:e3:97:0f:11:b5:00:bd:10:fd:
91:db:ec:2d:14:9b:16:c7:e5:48:b0:08:62:d1:58:be:92:69:
a6:5a:3d:7e:58:39:f0:bb:bc:71:08:b9:76:6c:9b:e6:57:1c:
25:1b:d6:7a:98:70:9f:95:50:09:17:d9:1a:d9:20:db:d6:8a:
be:9e
c0:72:d2:af:26:74:de:f8:7c:96:bf:ab:d2:ed:95:d9:bb:0b:
07:31:8a:4b:21:f0:b5:7e:ab:b4:50:b0:af:bf:96:64:ce:38:
99:3d:f3:26:02:4d:5a:da:71:ad:6d:a6:f7:fc:5e:46:16:3d:
9e:cf:95:a3:5d:0c:4a:64:a1:84:88:b0:31:0e:eb:54:cb:99:
42:45:09:92:ea:b7:74:f5:fb:ff:c6:91:31:27:bd:54:55:9f:
6c:bb:e2:45:4a:33:ed:00:a5:4e:e2:7b:2c:98:f1:3b:bc:f2:
87:33:e5:22:d8:fc:a8:4c:90:e2:df:ce:48:c8:3c:56:43:6c:
ac:f1:f6:e0:75:c2:a7:f9:33:87:4e:75:a6:22:17:78:32:88:
aa:f9:2a:40:4c:e0:25:6c:4c:0c:cb:6f:1a:7b:13:0d:35:a6:
23:86:42:75:3c:c1:69:c1:c5:79:77:51:4b:19:14:e7:4b:f9:
df:0b:30:aa:c4:97:84:6e:57:7b:00:b3:a5:31:c6:9f:17:f1:
b0:4c:81:f7:e6:df:e8:c0:d2:91:03:c2:e3:dd:94:c4:f0:ee:
1c:73:1c:33:ae:91:60:fe:cf:48:08:0a:95:c1:95:28:af:31:
23:a6:2a:1c:d1:6c:7f:68:e8:a9:a4:27:8f:6f:29:33:a9:48:
0c:03:8f:fa:b5:ef:2a:9a:ce:ed:ba:74:39:88:ef:3b:d9:93:
77:34:30:d1:a3:5c:9d:f1:3c:30:19:c2:ca:2e:41:5b:23:bb:
6a:67:35:e3:e2:c6:6e:a0:3e:76:50:db:6b:ee:02:98:81:bf:
75:ac:3a:78:4f:f4:fb:d1:7a:1f:85:1a:24:cd:b8:06:7e:95:
28:85:2a:c6:41:23:35:08:31:59:ce:ad:a3:23:1a:7a:11:26:
d9:45:57:bf:ea:e0:72:3a:f8:48:e0:c1:5c:b3:20:93:b5:1a:
93:75:ef:f3:19:9d:ed:5d:9f:81:73:21:02:96:fa:ee:c9:4c:
c7:95:1b:aa:65:b9:69:15:3c:ef:b3:f6:e1:f5:89:78:05:50:
d3:54:c4:c9:40:e5:5f:3e:bd:36:d2:0e:27:99:5e:83:e5:4b:
bf:72:84:13:64:8d:d9:db:69:8b:04:37:e8:db:22:46:29:84:
08:83:40:34:d8:e0:bf:cc:5c:7c:b2:bd:c5:38:7d:59:e6:9d:
8a:78:87:08:13:6f:a5:7d:2f:88:80:ce:e5:86:38:6f:53:b8:
99:ba:f5:21:9e:8f:5f:aa:3a:07:73:9b:02:f1:97:1f:8b:52:
53:5e:24:af:d7:b9:a4:3f:4e:64:c8:62:26:b3:c0:44:dd:bb:
29:8c:b5:66:05:5d:fd:f7
-----BEGIN CERTIFICATE-----
MIICHzCCAYigAwIBAgIBATANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA5MDQyNjIwMjk0MFoXDTE5
MDQyNDIwMjk0MFowJjELMAkGA1UEBhMCU0UxFzAVBgNVBAMMDk9DU1AgcmVzcG9u
ZGVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDxOJygXrkOcxm29VcrnAzv
psdXD408BQOPUyjwtvjRDcncEzct8XY2t1xrXaUiAnyGhJ6144vmnoLZl5YCnzx7
dOYbtsn6s7eLU24m+7I/rip/+WffGuHeh5dHdoCjxL9cLA2rNpcTLbjCZUFH6DRU
+EX8OHa4mT/ug/ZJQJYWcQIDAQABo1kwVzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF
4DAeBgNVHSUEFzAVBgkrBgEFBQcwAQUGCCsGAQUFBwMJMB0GA1UdDgQWBBT9Lz81
vHJcUVJPX9Ygy9HLVi+8CjANBgkqhkiG9w0BAQUFAAOBgQAklRGg8hBYTU4g5dNN
F7VLN6r+yCh55MoVsZ4ok/xFmdVKiqAK5J51ZPmkY5bdKp7HDwODhkTFHKQ0trd0
4//jlw8RtQC9EP2R2+wtFJsWx+VIsAhi0Vi+kmmmWj1+WDnwu7xxCLl2bJvmVxwl
G9Z6mHCflVAJF9ka2SDb1oq+ng==
MIIFJjCCAw6gAwIBAgIBATANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMCAXDTE5MDMyMjIyMjUwMVoYDzI1
MTgxMTIxMjIyNTAxWjAmMQswCQYDVQQGEwJTRTEXMBUGA1UEAwwOT0NTUCByZXNw
b25kZXIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCxIR3JK0SeYv4T
lOqh4c0XDrtNHGIn7tP3YcgmwQ9F/BDYOcPahqAAMNethv/GNmz14iaM9nYb0Am2
pfjL1Yj8ysooSe1kK/OITo7sfGO4dWrMc7ZmbMN85NdQlYgShOdcUIfbTL+RmLE6
RFcLGnrxk+NMaYuf17kgjQ7L/944b2qRVRpvpoIdBfb8RoyDi6tuP2pvxQzM/zx4
dNT4Vr5ZYNU/TT7k4UstxSrRanohuW5hEAN5iFt09CkNVtNr1X2MWV1OiQ2jpotD
KOji8bvV62WbwtZiqt9m1ZLdhGwpKBroKbMJ0UUURMswA3M6lKOjJIkV+8rgpmI1
SPiSUDr/F9hKHqCc2WjMIeHJNtFHvPFWPocYEA31VprJeRbACKBZZbIA3Zrpl+eP
he7NDSBeLVj/juPOTzZlw/GIOd00KduM7W7IezCtSVjm+VuFRgoED57qyqgqNQ1m
80i248fg6KPtbPPkzR1F8+IsbFuRuCbdSdR4005XOrWvzToF1Ylj9bxzHybMLEst
gbNdSSgERvgkWmgdBhstvlb5s/TRUC+Vm59Fx2I1vEap38ZFIekcfagusYeRC3z7
l1Ix+UFzuoMiSoD5//GVdHn3IJXwFyB9rFXosMayplbGwM89eNWeN0G0eKow8C1Z
fGrIaMyRCRP4nwTjqYbCdLr2MkQNvQIDAQABo1kwVzAJBgNVHRMEAjAAMAsGA1Ud
DwQEAwIF4DAeBgNVHSUEFzAVBgkrBgEFBQcwAQUGCCsGAQUFBwMJMB0GA1UdDgQW
BBTQPOgFB7ualjaIRKqaT2KenzNbAzANBgkqhkiG9w0BAQUFAAOCAgEAwHLSryZ0
3vh8lr+r0u2V2bsLBzGKSyHwtX6rtFCwr7+WZM44mT3zJgJNWtpxrW2m9/xeRhY9
ns+Vo10MSmShhIiwMQ7rVMuZQkUJkuq3dPX7/8aRMSe9VFWfbLviRUoz7QClTuJ7
LJjxO7zyhzPlItj8qEyQ4t/OSMg8VkNsrPH24HXCp/kzh051piIXeDKIqvkqQEzg
JWxMDMtvGnsTDTWmI4ZCdTzBacHFeXdRSxkU50v53wswqsSXhG5XewCzpTHGnxfx
sEyB9+bf6MDSkQPC492UxPDuHHMcM66RYP7PSAgKlcGVKK8xI6YqHNFsf2joqaQn
j28pM6lIDAOP+rXvKprO7bp0OYjvO9mTdzQw0aNcnfE8MBnCyi5BWyO7amc14+LG
bqA+dlDba+4CmIG/daw6eE/0+9F6H4UaJM24Bn6VKIUqxkEjNQgxWc6toyMaehEm
2UVXv+rgcjr4SODBXLMgk7Uak3Xv8xmd7V2fgXMhApb67slMx5UbqmW5aRU877P2
4fWJeAVQ01TEyUDlXz69NtIOJ5leg+VLv3KEE2SN2dtpiwQ36NsiRimECINANNjg
v8xcfLK9xTh9WeadiniHCBNvpX0viIDO5YY4b1O4mbr1IZ6PX6o6B3ObAvGXH4tS
U14kr9e5pD9OZMhiJrPARN27KYy1ZgVd/fc=
-----END CERTIFICATE-----
64 changes: 50 additions & 14 deletions lib/hx509/data/ocsp-responder.key
Original file line number Diff line number Diff line change
@@ -1,16 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAPE4nKBeuQ5zGbb1
VyucDO+mx1cPjTwFA49TKPC2+NENydwTNy3xdja3XGtdpSICfIaEnrXji+aegtmX
lgKfPHt05hu2yfqzt4tTbib7sj+uKn/5Z98a4d6Hl0d2gKPEv1wsDas2lxMtuMJl
QUfoNFT4Rfw4driZP+6D9klAlhZxAgMBAAECgYEA0hUg69azSu9ZhOtVeOiWp51T
3PHxakVfnVKqxEJGnyNoG6AsnXm/H9Y/yk4rhFwwAaO86eJ8NGT2xvTrM+tk6tua
iNokJ1uWzpt7XPTr5XvkYEYAx7Pf3VmAja2SQkD0m20AXM9QfXsRvyQVwB2RxIhl
pa45Gm+PjSNXRaTzs0ECQQD/L+doN/fBbooCRcRYM/vNnHq5Hh1IdHSp3hI9MMLb
yOU1x6iWfg43xPImODCSippAh74Ummo2SPxVDbuu0Mq5AkEA8f1Rsfh8hcd7RsUu
LKHl4wyVD9fzpjbsFjyuTOq/bDsXLtdktDr1pn37jker/DKm82wHfAELtij74piN
FYHteQJAET7eh6eIodTjlMW8QC27LakOjiYf2n6sR7KPTv1Vnd7Uxq6okQsR0OkJ
aFXRyoV9aTEDQocw+Fw0WVclQOoxWQJBAIUaoWUTGOs83kH/E3bZVmmc8iDU1+AF
NbbFidolBUWy+v143JuGEriRc1y/b4o5EjuyoCtFJ/v6bxIkdvXtkYECQQCxcBgn
ohgcWmple2sTMOEoWu2IvqmLwexvmVf1Z6R8Nhc2ayQTNwe0nCVaTtOY1NanQP/T
U/uo7ISsA/8luXu2
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCxIR3JK0SeYv4T
lOqh4c0XDrtNHGIn7tP3YcgmwQ9F/BDYOcPahqAAMNethv/GNmz14iaM9nYb0Am2
pfjL1Yj8ysooSe1kK/OITo7sfGO4dWrMc7ZmbMN85NdQlYgShOdcUIfbTL+RmLE6
RFcLGnrxk+NMaYuf17kgjQ7L/944b2qRVRpvpoIdBfb8RoyDi6tuP2pvxQzM/zx4
dNT4Vr5ZYNU/TT7k4UstxSrRanohuW5hEAN5iFt09CkNVtNr1X2MWV1OiQ2jpotD
KOji8bvV62WbwtZiqt9m1ZLdhGwpKBroKbMJ0UUURMswA3M6lKOjJIkV+8rgpmI1
SPiSUDr/F9hKHqCc2WjMIeHJNtFHvPFWPocYEA31VprJeRbACKBZZbIA3Zrpl+eP
he7NDSBeLVj/juPOTzZlw/GIOd00KduM7W7IezCtSVjm+VuFRgoED57qyqgqNQ1m
80i248fg6KPtbPPkzR1F8+IsbFuRuCbdSdR4005XOrWvzToF1Ylj9bxzHybMLEst
gbNdSSgERvgkWmgdBhstvlb5s/TRUC+Vm59Fx2I1vEap38ZFIekcfagusYeRC3z7
l1Ix+UFzuoMiSoD5//GVdHn3IJXwFyB9rFXosMayplbGwM89eNWeN0G0eKow8C1Z
fGrIaMyRCRP4nwTjqYbCdLr2MkQNvQIDAQABAoICAF7zLJ9Y5ViuIhrnGfubKjBx
AjBsxaU4XkHfFcbIeOKAI5t1I6rxvbU8eXEYy+U56aDJEPdBasCv/XT+dWb22Y8B
Oers7idjdBGeYvkcGOyZbJ2aba1sIkLB/TXCYoXi3o7a0GjbNFnc6ywb1Dksgbkc
GJ0uet09a4yqcMMkLsA74Xl0kE5HiLn8J5DGVK5zYXsg3XJ6w8jkDUtY/Yz+Gt2Y
jdd4Ff3lU0J+zdwiYsPPPf8j8WjlknkYJSV0ZLMKZ1mj0eO2jiwqq75doLF++bzL
idU8VWXgyQ678BV01fIeAIZxS/s4Rfp+ghkD0HIXmbxralzxc6iHKF/99Nmhzm1o
/1PxIqTkso1G1MvizXgr54Uxdv7N01nuL+nDp4q1kBieCqAfkDbbbk9NQb/BUntx
ZZH2VJxFk8iit8O9BLPM5xiwsdx0QNeYEYQ+fXl75QCLN2zEMaPeOXpV6zWy2NR4
P+eUEmOC+8Uj44/k21R/Zf46SAEB9YZPmAmq7rW9ACj17sj6e2F1hsVStMy3aG3h
59GG+sxMSIHwMJ/xB9r+xfaoX4iUapogy1N8pKyYL2CT6c2VB+wBW0gJsuxEGIt3
x5LugOkCiArTOxTO54tTNeO/5+G+PkYrZwQazCuj9PQPTymHd4ieh61t/8CpasxT
faIJQt+GxtrBWI8Pc2h1AoIBAQDn22N6+XkouiQcg+sunLFwT5jxQsUZIOVAjx8r
WFoCW6onzltldxrpP+dx0nOaeBbwHTCRDYrHJhA3bmpaXjBYI8MunfYzHTxmCS1p
0/cGCMhcZc4dokOh60c1C9/UTG5hAEUAB9kP5C3H1OoL63OM24XQl7hwwX7WFOdL
VzzADDssLlfhsWRuXa9H5uD2ziqmWE6EZE9Jx5UlolgGpAGcS4YoJi5PaMnYdIJF
Cpf4gqhtuuUWD7brF9QCKF+e2lLqt4FHSrInqUIYD8HL4xToDPdKfxzUrI3S9dDh
g7yWWIRKR1W2IFSxBCwedLHl7VGpmgJ+RVovsTbnU+DLplGnAoIBAQDDktp+6FJP
WorkWUOUWLz4Ao3R3Cd/s7zZlhyNd2fjonH4uBry+X0Vunz2525YtOEVXcVM8Mqa
KDRyluAwp9pHYc3mhqGafWjoyH1+aDbkALSRcrGw1MkodqgSqxSt1RjgjXwbJb9Y
wUQSTxd7eJym2WtWAp0WQjH20ygMLu4Lt79HK6M+L0hi9lcxbNNxlQEC5FKgplLn
urpACHtzrUiIBfpu0LJL0E3dUytQUSVXE02R8j8STRO4lu3n90lZktEl0XuHEHqr
JXn+p1EhgxpMaYbKr+/v1dFc1RFnaDJO1b2IIaX4psKPPjF408EGqzwXeUen4RLJ
oaaDSTftN+n7AoIBACBe8w6yUgYrpusMSAOkAOoLUvEsP1R40UkoMlPc7AQ0RBd2
qjAKZwl10JyFo3pHlfxENwmpeFzBpbX3hoXDbMCBjbiueTc9t7cPRPXnkC+Zfk/Y
LuTYSNUMgk6Xr9J2MVr9rKSKc/XSB8pEocC0SNe7tn0fEbM8cLb3CCvurB6sFn7e
oYpzN/BoyBYj1/jdY/sBjUTStHc6lEpC1kNnFop5yOtGGWUg3j2IVr/I8NrTcyyO
0Xk5DHLaStFaTa9iD/2RTU1k0mbTLNUrLgWHWN3lIYmXIbFXvh1cEKPLvsLG7QFp
4D+jV++3A2nlJQlTDvm89OgoSqUp+t5lSZdlSzUCggEBAJ+BA+aA/7Bsfd6i1rUE
coorOxMvZJ+ILbuf7AWMnxROhnl9Xa1QwS2ZfRW5xoteajyMz79imzqDE9NpLctA
+otBPzaGEwL2yTshWQhhYnMuCBaf3kAEK1NvAsDG+wSTScjKW6+gZ6Cxbx0nmFVB
FzIVHK93Tjq7HhjaOk1FcSvpXn1jH641zem4U4Ch6wk1py9+m80eGXuZFRHoWRcM
+pzFk2wRlXizmO2rSSYmKDgOLDOdyMbaSf1ASyPm0NHXJfCcGw0a6ZDv7cE9ILQe
QrKTVjW0rBGE5025EIqvtmgJdpyyJLTY/NDqvlp3CXSw7z+N0F0g+bustStZ6dz0
v0UCggEAXsErHCyXn4LGb77CKdqLPC+VzXUtpY7ydBBOZ/4jemRdGn1YjgDPBrOl
tESL90Ir1F36zAQOenEOn2VIfCX0DWFLKA5FE2dRM/7X79yTOFwZ2n9Ubz0ulNVH
zHB2eSHsUhhVszRgqXFwWWwDnkqB7V8HkEXGodl77qf79KL6BQdBj9HbX/4Es1KS
C4OedUoFIgkvDppiG3mS9JftlHpKM60ckDpkTREdbsRxy2UEjXSdaW/ycJne+xYs
KKwq1IWDGJYoAfcH6f/9ipG/tC7e5ckUXIQO2bQdtVwqpL0b2VneiWdK4F8EmdiZ
SSGDNVUC8knNaz9M5HYwvqUl1if8yg==
-----END PRIVATE KEY-----
File renamed without changes.
185 changes: 185 additions & 0 deletions lib/hx509/data/openssl.1.1.cnf
Original file line number Diff line number Diff line change
@@ -0,0 +1,185 @@
[ca]

default_ca = user

[usr]
database = index.txt
serial = serial
x509_extensions = usr_cert
default_md=sha1
policy = policy_match
email_in_dn = no
certs = .

[ocsp]
database = index.txt
serial = serial
x509_extensions = ocsp_cert
default_md=sha1
policy = policy_match
email_in_dn = no
certs = .

[usr_ke]
database = index.txt
serial = serial
x509_extensions = usr_cert_ke
default_md=sha1
policy = policy_match
email_in_dn = no
certs = .

[usr_ds]
database = index.txt
serial = serial
x509_extensions = usr_cert_ds
default_md=sha1
policy = policy_match
email_in_dn = no
certs = .

[pkinit_client]
database = index.txt
serial = serial
x509_extensions = pkinit_client_cert
default_md=sha1
policy = policy_match
email_in_dn = no
certs = .

[pkinit_kdc]
database = index.txt
serial = serial
x509_extensions = pkinit_kdc_cert
default_md=sha1
policy = policy_match
email_in_dn = no
certs = .

[https]
database = index.txt
serial = serial
x509_extensions = https_cert
default_md=sha1
policy = policy_match
email_in_dn = no
certs = .

[subca]
database = index.txt
serial = serial
x509_extensions = v3_ca
default_md=sha1
policy = policy_match
email_in_dn = no
certs = .


[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_ca # The extensions to add to the self signed cert

string_mask = utf8only

[v3_ca]

subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
keyUsage = cRLSign, keyCertSign, keyEncipherment, nonRepudiation, digitalSignature

[usr_cert]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectKeyIdentifier = hash

[usr_cert_ke]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, keyEncipherment
subjectKeyIdentifier = hash

[proxy_cert]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectKeyIdentifier = hash
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:0,policy:text:foo

[pkinitc_principals]
princ1 = GeneralString:bar

[pkinitc_principal_seq]
name_type = EXP:0,INTEGER:1
name_string = EXP:1,SEQUENCE:pkinitc_principals

[pkinitc_princ_name]
realm = EXP:0,GeneralString:TEST.H5L.SE
principal_name = EXP:1,SEQUENCE:pkinitc_principal_seq

[pkinit_client_cert]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectKeyIdentifier = hash
subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitc_princ_name

[https_cert]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
#extendedKeyUsage = https-server XXX
subjectKeyIdentifier = hash

[pkinit_kdc_cert]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = 1.3.6.1.5.2.3.5
subjectKeyIdentifier = hash
subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:pkinitkdc_princ_name

[pkinitkdc_princ_name]
realm = EXP:0,GeneralString:TEST.H5L.SE
principal_name = EXP:1,SEQUENCE:pkinitkdc_principal_seq

[pkinitkdc_principal_seq]
name_type = EXP:0,INTEGER:1
name_string = EXP:1,SEQUENCE:pkinitkdc_principals

[pkinitkdc_principals]
princ1 = GeneralString:krbtgt
princ2 = GeneralString:TEST.H5L.SE

[proxy10_cert]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectKeyIdentifier = hash
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:10,policy:text:foo

[usr_cert_ds]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature
subjectKeyIdentifier = hash

[ocsp_cert]
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# ocsp-nocheck and kp-OCSPSigning
extendedKeyUsage = 1.3.6.1.5.5.7.48.1.5, 1.3.6.1.5.5.7.3.9
subjectKeyIdentifier = hash

[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = SE
countryName_min = 2
countryName_max = 2

organizationalName = Organizational Unit Name (eg, section)

commonName = Common Name (eg, YOUR name)
commonName_max = 64

#[req_attributes]
#challengePassword = A challenge password
#challengePassword_min = 4
#challengePassword_max = 20

[policy_match]
countryName = match
commonName = supplied
88 changes: 59 additions & 29 deletions lib/hx509/data/pkinit-ec.crt
Original file line number Diff line number Diff line change
Expand Up @@ -2,50 +2,80 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7 (0x7)
Signature Algorithm: sha1WithRSAEncryption
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=hx509 Test Root CA, C=SE
Validity
Not Before: Apr 26 20:29:40 2009 GMT
Not After : Apr 24 20:29:40 2019 GMT
Not Before: Mar 22 22:25:06 2019 GMT
Not After : Nov 21 22:25:06 2518 GMT
Subject: C=SE, CN=pkinit-ec
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:df:d7:32:eb:d6:71:78:19:5d:4f:59:6a:85:12:
20:2f:97:61:aa:e8:6e:71:ac:b7:de:42:82:2a:8b:
8b:33:86:d3:fc:4e:a5:49:9a:ca:19:6b:1b:ab:3d:
fd:4d:c5:7a:f4:a0:10:b2:a0:8c:05:3a:d7:55:e5:
c9:f5:89:67:07
pub:
04:c0:2b:8e:f3:0c:c3:1b:88:94:eb:4e:6a:12:f2:
fb:63:99:77:a2:13:7a:16:ce:48:dc:48:9a:83:91:
5e:a9:b8:ab:17:77:94:ae:55:09:8d:69:4a:a4:a8:
6b:77:12:01:fb:3c:6f:cd:b1:e3:02:be:63:b1:43:
8d:8f:df:8c:75
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Subject Key Identifier:
BB:8C:16:71:C8:21:FB:21:0F:81:11:A1:BB:43:12:C8:EF:C8:DA:64
77:9B:74:4B:75:90:50:CE:20:C3:00:9B:A5:23:F7:69:A8:C7:CC:34
X509v3 Subject Alternative Name:
othername:<unsupported>
Signature Algorithm: sha1WithRSAEncryption
08:6e:66:b5:58:e0:e3:fb:15:04:11:89:f0:73:a0:d1:17:c4:
b8:7e:dd:ce:34:fb:7b:ab:ae:bb:af:6f:4d:47:1f:02:f8:e7:
7c:c9:33:37:7e:7c:2c:2a:4a:26:38:e1:e5:a9:dd:7c:e1:f8:
5a:2c:c7:6f:26:aa:f2:b0:7f:d4:85:0a:33:b7:ec:df:93:fe:
e4:04:a0:3e:e2:65:ac:1a:f4:b0:50:d6:cf:9e:bb:ce:90:ca:
34:7a:13:f5:6f:30:bd:ec:af:c5:b9:dd:fa:bc:37:b8:34:6e:
bb:12:5e:aa:d2:bf:91:64:d8:fe:c0:fb:9a:b0:10:ba:95:02:
be:9b
70:02:b8:13:0f:d9:2b:7a:e9:42:5c:82:6a:9d:ea:f8:51:dc:
a9:2e:67:ec:c3:cb:67:48:fe:6a:bd:58:86:67:c2:1f:d4:a0:
dc:7d:17:41:93:8d:e0:67:60:01:60:cc:34:1f:0e:b0:fc:9b:
5f:f6:cf:91:2b:a3:ec:28:5b:80:ff:31:21:14:5b:3c:a2:5c:
6b:3b:32:94:de:ab:03:d9:41:70:c1:4f:4e:49:4d:63:8f:9a:
8b:be:14:87:b0:df:bc:64:83:e1:99:ce:e6:77:12:5a:43:e3:
3b:d7:e9:10:5e:68:36:38:de:88:c2:78:af:97:a3:a2:4e:bf:
a9:2d:e1:98:f4:9a:35:ec:b4:2a:70:18:09:99:ff:80:fb:73:
49:75:47:54:31:7a:e1:43:28:4b:53:71:81:92:4c:42:db:9b:
52:38:ad:90:47:db:4e:da:75:6f:37:14:ce:56:6e:06:d0:40:
8e:df:f1:71:23:98:ee:b4:43:b7:77:3a:1c:a5:a3:6f:3e:d3:
5f:86:0b:6d:d4:b8:4a:2e:8a:e0:d7:d2:75:5f:ca:bc:9c:e2:
d8:b9:04:bf:ec:8a:1e:78:28:f5:13:73:9c:dd:2c:10:73:55:
cf:40:96:8d:8a:b4:1c:79:bd:aa:01:de:b2:de:c4:30:04:11:
af:d5:fb:cb:28:44:25:02:ab:b3:68:22:02:1b:99:b1:96:eb:
f7:f3:ad:6e:32:76:67:be:bb:78:bc:46:9a:1c:b3:8e:66:39:
eb:cb:d8:76:c8:06:e5:79:1e:f0:fa:54:3f:a1:ea:ff:60:e8:
fb:55:d9:1c:47:3a:e7:67:df:c8:69:1d:d1:9a:56:96:2b:01:
79:ad:22:f2:7a:3b:e6:be:32:84:9a:e3:50:db:89:69:c1:3e:
19:09:d5:b3:3c:2c:08:90:8b:93:aa:39:ae:48:90:ec:cf:79:
3d:15:91:86:3e:38:0e:0a:99:b1:d9:78:14:59:17:44:c0:76:
70:a0:7a:92:64:2a:60:04:aa:ce:6b:b1:d5:c1:3b:e8:1b:58:
6f:7d:dd:dc:90:49:55:e1:37:5a:7b:75:89:da:08:c1:a5:33:
c9:f9:0d:4a:1d:08:e0:a8:be:3f:0e:a2:e0:10:71:92:50:f8:
75:33:98:7c:be:c9:2f:c8:7c:b2:19:94:14:59:0b:1c:ca:bc:
34:ff:03:a4:3c:f0:bd:ac:c8:f6:63:8f:59:d3:eb:65:e9:96:
9b:21:a9:94:a7:7d:fe:dd:62:cd:77:62:6a:58:38:de:63:4c:
0c:c3:ea:09:4f:6a:80:76:07:59:ba:15:d2:b4:c1:46:1e:11:
50:5b:be:8d:8e:21:4e:78
-----BEGIN CERTIFICATE-----
MIIB7TCCAVagAwIBAgIBBzANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA5MDQyNjIwMjk0MFoXDTE5
MDQyNDIwMjk0MFowITELMAkGA1UEBhMCU0UxEjAQBgNVBAMMCXBraW5pdC1lYzBZ
MBMGByqGSM49AgEGCCqGSM49AwEHA0IABN/XMuvWcXgZXU9ZaoUSIC+XYarobnGs
t95CgiqLizOG0/xOpUmayhlrG6s9/U3FevSgELKgjAU611XlyfWJZwejczBxMAkG
A1UdEwQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBS7jBZxyCH7IQ+BEaG7QxLI
78jaZDA4BgNVHREEMTAvoC0GBisGAQUCAqAjMCGgDRsLVEVTVC5INUwuU0WhEDAO
oAMCAQGhBzAFGwNiYXIwDQYJKoZIhvcNAQEFBQADgYEACG5mtVjg4/sVBBGJ8HOg
0RfEuH7dzjT7e6uuu69vTUcfAvjnfMkzN358LCpKJjjh5andfOH4WizHbyaq8rB/
1IUKM7fs35P+5ASgPuJlrBr0sFDWz567zpDKNHoT9W8wveyvxbnd+rw3uDRuuxJe
qtK/kWTY/sD7mrAQupUCvps=
MIIDcDCCAVigAwIBAgIBBzANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMCAXDTE5MDMyMjIyMjUwNloYDzI1
MTgxMTIxMjIyNTA2WjAhMQswCQYDVQQGEwJTRTESMBAGA1UEAwwJcGtpbml0LWVj
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwCuO8wzDG4iU605qEvL7Y5l3ohN6
Fs5I3Eiag5FeqbirF3eUrlUJjWlKpKhrdxIB+zxvzbHjAr5jsUONj9+MdaNzMHEw
CQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0OBBYEFHebdEt1kFDOIMMAm6Uj
92mox8w0MDgGA1UdEQQxMC+gLQYGKwYBBQICoCMwIaANGwtURVNULkg1TC5TRaEQ
MA6gAwIBAaEHMAUbA2JhcjANBgkqhkiG9w0BAQUFAAOCAgEAcAK4Ew/ZK3rpQlyC
ap3q+FHcqS5n7MPLZ0j+ar1YhmfCH9Sg3H0XQZON4GdgAWDMNB8OsPybX/bPkSuj
7ChbgP8xIRRbPKJcazsylN6rA9lBcMFPTklNY4+ai74Uh7DfvGSD4ZnO5ncSWkPj
O9fpEF5oNjjeiMJ4r5ejok6/qS3hmPSaNey0KnAYCZn/gPtzSXVHVDF64UMoS1Nx
gZJMQtubUjitkEfbTtp1bzcUzlZuBtBAjt/xcSOY7rRDt3c6HKWjbz7TX4YLbdS4
Si6K4NfSdV/KvJzi2LkEv+yKHngo9RNznN0sEHNVz0CWjYq0HHm9qgHest7EMAQR
r9X7yyhEJQKrs2giAhuZsZbr9/OtbjJ2Z767eLxGmhyzjmY568vYdsgG5Xke8PpU
P6Hq/2Do+1XZHEc652ffyGkd0ZpWlisBea0i8no75r4yhJrjUNuJacE+GQnVszws
CJCLk6o5rkiQ7M95PRWRhj44DgqZsdl4FFkXRMB2cKB6kmQqYASqzmux1cE76BtY
b33d3JBJVeE3Wnt1idoIwaUzyfkNSh0I4Ki+Pw6i4BBxklD4dTOYfL7JL8h8shmU
FFkLHMq8NP8DpDzwvazI9mOPWdPrZemWmyGplKd9/t1izXdialg43mNMDMPqCU9q
gHYHWboV0rTBRh4RUFu+jY4hTng=
-----END CERTIFICATE-----
6 changes: 3 additions & 3 deletions lib/hx509/data/pkinit-ec.key
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgL/JpadcZH3wtaXm9
hbeKhG4YsKoN/WffC88YldqhFYChRANCAATf1zLr1nF4GV1PWWqFEiAvl2Gq6G5x
rLfeQoIqi4szhtP8TqVJmsoZaxurPf1NxXr0oBCyoIwFOtdV5cn1iWcH
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg38AlgS7f0d6rvR6u
mLJVGl/UF04RYiIeWsVJYUNS7RKhRANCAATAK47zDMMbiJTrTmoS8vtjmXeiE3oW
zkjcSJqDkV6puKsXd5SuVQmNaUqkqGt3EgH7PG/NseMCvmOxQ42P34x1
-----END PRIVATE KEY-----
171 changes: 125 additions & 46 deletions lib/hx509/data/pkinit-proxy-chain.crt
Original file line number Diff line number Diff line change
@@ -1,70 +1,149 @@
-----BEGIN CERTIFICATE-----
MIICMTCCAZqgAwIBAgIJAOFd/6I9Oly5MA0GCSqGSIb3DQEBBQUAMB4xCzAJBgNV
BAYTAlNFMQ8wDQYDVQQDDAZwa2luaXQwHhcNMDkwNDI2MjAyOTQwWhcNMTkwNDI0
MjAyOTQwWjA1MQswCQYDVQQGEwJTRTEPMA0GA1UEAwwGcGtpbml0MRUwEwYDVQQD
DAxwa2luaXQtcHJveHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANKxpMj4
is1Zy+3RQfaZyhIbPkK+1237l10YqJmh5vB4WF+VriouCw8bXK/Q84rnGlr48fYa
3qquiuT7TzUyBJ/vGMhuBosnO4zI3usM7wcp9zfmykesP/5ef1HRe8Lv2F1HZkLc
6N4jo5lIGtnlnXe4qJjbjTPsY4x0PVl5QV0DAgMBAAGjYDBeMAkGA1UdEwQCMAAw
CwYDVR0PBAQDAgXgMB0GA1UdDgQWBBStm+lnDlopIzCh6tdbGhDyHDDdlzAlBggr
BgEFBQcBDgEB/wQWMBQCAQAwDwYIKwYBBQUHFQAEA2ZvbzANBgkqhkiG9w0BAQUF
AAOBgQB/udiUzrV5n+klF473NEMaajNvxC/u4/60vHXt6U42U4zHWWRuWTMDkPA/
6LorSPIk+ZvWLAFHVR2EdeVFZzxbsb9IAsM+giZxv7bYfloBZHhbzc3r8IDSZa1H
totfxDb/wZrFAbNiuuAdmKuRGxwGYE4ykw3ebLSuoRYPI2Szxw==
MIIFODCCAyCgAwIBAgIJAJd7zCsMMPvAMA0GCSqGSIb3DQEBCwUAMB4xCzAJBgNV
BAYTAlNFMQ8wDQYDVQQDDAZwa2luaXQwIBcNMTkwMzIyMjIyNTA3WhgPMjUxODEx
MjEyMjI1MDdaMDUxCzAJBgNVBAYTAlNFMQ8wDQYDVQQDDAZwa2luaXQxFTATBgNV
BAMMDHBraW5pdC1wcm94eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
AM1Z218qhKJXqYoQ/5DZgDYNtgJ9QLkPF0vsu6cScVhykomP1H2Qjj3+u6ZFB9oj
YS/ynPgkCjwexA7nDGVxfrR0OksDNFGHwCu/O1wagzyeImgvYYzPlKyFqT+0IN0U
TgEoMdtXUduxmJGr0wEr2aMeiETUGZmRc02icTPZIznhf9elXmAp7EQspjtN9P04
OCkVygr/FKkeI7XsZR8Ekzqdaf400g1Cy+X2kMvnRs/Tyf3qp/xv1RG7cDz+vfiB
8S/Vd2zSyBFboOZZi0xVo2vEs9nzBbmTQFAFINSEtIjJWb9Tupz4YwU/xK9bq2G7
/eOrt4e9pXry1gUKNN/qZIEkbaebhWxW6twMVO/nyXlnklpF1PvPKHsWP2JqhJK7
9SZcqZkeRit1wlwXsWhb+Zzl27K74P1WgNQF9lbPwhQ6bPmadirCs0kkMBDjmh4U
SJe/5wIOLVPY0KrhQeC7Vn+hkCxqRTwZQuLKDWUKgd4jmvsjfLYAZVQfGUBX1x7D
Wng44pW7ytOSbn/4pAu38FGGLbPcKNw+cRRtHtBpWiCthDIJ6gOmJo8JngaU2Iss
ozmxfGZsdQscUEFVwL5X9YaBpWcGKKxZH7UXq3S3wOEm2yQ6/UrdJnuP+xIYFEiA
c7tQIFBYoX11+/cZGyVZmn8ESM4ytw9QqmxxaDAEdaJjAgMBAAGjYDBeMAkGA1Ud
EwQCMAAwCwYDVR0PBAQDAgXgMB0GA1UdDgQWBBSU/W8lX964Gjrb5YqSo3zg3XLl
vzAlBggrBgEFBQcBDgEB/wQWMBQCAQAwDwYIKwYBBQUHFQAEA2ZvbzANBgkqhkiG
9w0BAQsFAAOCAgEA2bcpIO8UZ7eDFPtIZd6BWVrQZ5Dj+LZA0KV2v+FjoZQN0/w6
gzloDy0x3yym6lOtCNPnjxcYP2yfGl5WZet1VXCR+KXXHGID2MkOXhXTCH7eSCGC
GZpOsSEWs+CXyP/X5B85nkweK8MzLRdJc4Ilxf1UMMOdobgQnRq41NgWyQxA8xLR
jEeGV+CD5dvteyqBeXvq4IBBUTqAiyoH57XXZRPwWH7z3h9f7B4GdoQuRBQK+idM
hLgtQ9nkT+DDyoMC6iAtIVwntxsAIg5rUSkQ6RgS3ap6SC94+v3q5V2BJaJl/R+0
X5ybK2hRKWsUAvU280UX/xT5EGeokHwegI+F7yQflTGI1p090uhBYZvWYj2G8wf5
nlE7a2h8IG3SmS7qUlKe+RyPwHce+jgHU0aS3ROxreLGf/VX1k3yR2Vk0wpVWFis
WeC7U5g+iqv/UomqxpFwP3iH8RJhL3eGYVmatHIXjm838wepofexqUL4UKoY/t+h
FmMusCz2SFZFbgOHF1Vd9C3c/mr6J4HbYju1hO09iOFuQmoo4CjNjdKyLvP1HSap
g7IPdLP0f++1gGcRq8AkFC9U/vZx5OPwjIku645WeOBoLhFcSoLxyhMeekSNXpwS
WHArnvVC7cmuvuzmzf5+XqmBzSD0RWGK09drTZdryXuzv8djbeqldeRr1Zg=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6 (0x6)
Signature Algorithm: sha1WithRSAEncryption
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=hx509 Test Root CA, C=SE
Validity
Not Before: Apr 26 20:29:40 2009 GMT
Not After : Apr 24 20:29:40 2019 GMT
Not Before: Mar 22 22:25:06 2019 GMT
Not After : Nov 21 22:25:06 2518 GMT
Subject: C=SE, CN=pkinit
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Public-Key: (4096 bit)
Modulus:
00:b2:47:42:dc:46:f8:94:e3:66:2b:f9:26:14:56:
41:68:e1:7a:04:cd:55:45:ae:e0:a8:48:80:33:58:
fc:86:4f:e8:67:62:89:f7:d4:ba:d1:bb:9a:6a:83:
1b:4e:01:b5:7c:9e:b2:d2:bf:84:21:98:58:1d:b6:
4d:fa:af:f2:e5:e8:d4:d6:78:a3:06:da:69:15:09:
d8:fa:07:09:97:cf:1a:3b:2c:69:b2:58:a2:0b:48:
4e:37:11:2c:f5:7a:8f:50:e4:40:14:29:28:30:ac:
0b:b5:0a:1e:60:b4:9a:d4:8d:bc:38:c9:2f:a9:d1:
35:e7:c9:d4:18:66:1c:15:2d
00:e4:e6:1a:b1:de:91:30:34:8a:c7:f2:d9:0a:09:
82:13:46:e9:db:c8:54:1e:0e:b0:b0:0a:e3:a3:b5:
55:3c:6f:f8:45:8f:24:ed:56:c5:16:23:aa:ad:86:
5a:5a:e0:8f:a2:f5:82:59:cc:70:b7:45:cc:1b:44:
a7:49:4b:ff:63:28:9d:01:22:79:ca:1a:6a:2b:75:
f8:40:c0:f0:93:b1:ab:85:cd:af:88:ac:30:f3:cb:
42:87:fc:be:76:bb:fd:1c:a4:45:7a:66:37:47:ea:
aa:bf:c4:4b:47:fb:5b:ab:3f:c1:22:a9:06:f2:61:
3d:5b:20:51:fc:ce:a7:82:74:6f:3d:ac:68:d6:78:
a2:77:83:26:af:23:63:20:3f:21:6e:29:1f:55:4c:
a6:d0:5a:51:e5:96:c1:cd:22:03:22:ee:de:42:3c:
82:4d:29:20:c6:be:85:5b:04:3a:5f:8b:c7:e8:4e:
aa:3c:8e:dd:0d:d8:e5:d0:ff:0b:52:37:40:51:0d:
33:f7:a8:05:07:76:dc:48:20:cd:52:38:a4:1f:44:
11:cf:6d:58:a9:5a:9a:34:cb:93:07:30:e3:66:7b:
dc:d3:0b:6b:a2:1c:3f:19:ec:0b:0c:ea:29:6c:75:
4d:7a:86:cf:35:87:9e:50:15:f3:34:73:0e:ac:4b:
a5:aa:1f:a2:f9:d5:8f:34:bd:5f:19:ae:22:8c:7f:
f7:ca:64:e6:ed:42:75:e5:92:9c:53:53:b7:66:68:
e5:07:eb:08:40:ec:bd:7c:ae:b0:c4:a5:4b:d7:4b:
58:86:05:a8:91:db:ee:7a:3f:c4:fd:83:e5:7b:cb:
d0:8c:87:68:3b:83:67:e5:6a:5e:fa:28:b5:ee:07:
b1:0d:6a:93:1e:b0:c7:5c:57:fd:ce:e2:9c:0f:5e:
fe:41:cf:20:f2:1d:88:52:00:d4:83:fe:5b:d7:87:
49:b0:78:2b:a7:60:c2:55:c6:c3:a2:6d:16:04:7f:
8b:12:f7:65:c6:91:41:53:d8:ac:70:c0:3d:83:d8:
e0:6c:bb:3e:48:b8:c2:72:be:c0:35:61:40:ff:9f:
97:18:9e:c7:39:0f:93:36:8f:0e:a6:3c:6d:5b:fd:
89:6a:bb:ee:5e:43:f8:0d:29:7a:cf:23:bf:0b:c1:
29:76:ae:a2:9a:73:b2:d0:b9:bd:48:51:25:8a:6b:
a9:c5:07:94:26:03:10:74:7b:fc:b7:5d:8f:2d:97:
55:11:3e:7c:04:89:0e:b9:b9:73:2a:6c:5b:12:19:
65:92:48:64:d5:4f:2c:79:3f:16:ad:65:97:21:db:
3c:30:68:67:aa:42:14:86:59:57:b0:79:15:9e:a3:
05:4f:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Subject Key Identifier:
E8:3F:1A:8B:C2:8A:9C:F9:B4:4F:95:D9:55:29:0C:A5:0B:0E:13:C6
7A:C6:DB:B8:D2:75:D1:8D:BB:72:AE:B5:25:6E:6F:8C:AF:63:3A:4D
X509v3 Subject Alternative Name:
othername:<unsupported>
Signature Algorithm: sha1WithRSAEncryption
b5:ab:c2:d5:f8:30:fc:bb:b3:53:c2:42:a0:f1:4d:a0:5c:92:
1a:c7:dc:01:df:42:6a:d2:c8:79:18:ae:a7:09:8e:ea:1c:97:
80:93:b1:e3:23:4d:ca:15:f5:f8:c2:d0:38:5d:0d:76:7b:41:
47:f1:a4:77:26:86:2c:69:2a:5c:86:32:00:09:da:04:3c:d6:
30:9d:a3:0a:e2:b1:a6:36:2f:ff:3c:80:d6:e7:2a:8b:49:dd:
d8:24:98:7a:15:0a:29:f0:4b:30:ae:73:b5:af:70:7a:3a:b0:
40:27:a7:4e:74:8c:46:1e:2f:bb:cc:57:63:30:bf:b1:38:81:
10:bd
7f:5c:76:fd:3d:ef:0c:7f:70:c7:09:d3:5c:c1:b6:40:25:47:
a3:6a:bf:4e:ad:d1:e6:cc:92:86:b6:6a:42:3d:4f:bc:f1:6f:
fd:7e:22:52:9c:dc:a6:0b:71:98:80:44:cf:f1:91:bb:50:c8:
15:cd:8c:d8:9c:7d:8d:69:61:1b:4c:66:40:77:44:45:33:9c:
9a:04:01:a1:4b:82:3a:d7:39:97:27:90:a6:71:9a:b1:9c:ce:
60:01:8b:a5:6f:39:a3:e1:75:de:3c:5c:61:66:a5:50:db:0f:
4a:03:32:8d:dd:e5:b6:ab:6a:b2:53:6a:4c:c9:99:74:f7:f5:
1e:a5:06:1a:d3:64:26:c5:77:f4:a6:40:1a:c4:7e:22:05:a6:
a5:25:f7:5d:74:a5:c9:86:c0:3a:88:2e:6e:0e:58:4f:e5:6e:
e9:2a:34:2a:1d:1d:a4:e4:74:f3:a5:e5:56:5d:5f:02:c4:eb:
c7:12:f2:55:6a:f1:6c:ec:6e:b8:c1:2d:aa:4a:7d:ed:91:c8:
78:1b:b7:b9:37:17:32:ee:1b:b5:d9:5c:98:d2:cf:d8:c6:90:
a5:c9:f1:eb:8d:2c:d4:90:b2:8c:e5:53:9a:66:20:92:8b:a2:
0c:8b:76:9b:5f:5b:39:77:69:67:a7:8c:de:10:57:85:45:a4:
8f:85:3a:59:5f:fc:0c:70:de:1c:67:33:5e:9b:a5:21:3d:bd:
2e:de:3e:c2:0d:cf:8f:52:43:92:01:cc:47:da:af:47:85:69:
94:d3:9f:c9:d5:5d:50:ca:27:a5:bb:c0:53:12:e0:e8:3c:ed:
0d:bd:47:97:af:be:b8:f9:0c:10:2a:79:21:3c:15:ef:c0:a5:
eb:33:38:93:5b:a3:de:1a:97:eb:c3:db:04:1f:e8:f4:23:10:
ff:2d:1e:9b:4e:1f:8e:27:7d:71:34:e2:be:74:a2:62:69:9a:
83:7b:6e:9e:e4:a2:7c:84:82:ff:83:b3:cd:d2:0f:74:05:72:
b8:b0:45:23:b6:cd:04:25:2d:58:7f:92:ce:68:f9:ba:d0:9e:
a8:e1:f8:c0:86:0e:aa:ee:f9:af:ff:5c:bf:46:76:08:b1:83:
e7:66:8b:ca:1b:8f:f4:9f:6a:ac:71:4e:3a:d1:77:fd:97:81:
ff:0e:d0:d1:4a:7e:6d:94:e6:8c:e1:28:92:b1:68:83:5a:62:
48:0d:26:ee:28:60:57:ff:52:b8:1e:8c:03:d8:fb:c1:6e:4f:
fd:7a:46:0b:0f:c8:05:ad:3a:a4:68:be:fd:30:62:ce:f2:0a:
b1:34:2c:95:e7:e2:91:ec:a3:c6:4e:2d:a5:fe:09:45:84:38:
9c:d7:f4:0b:18:22:9d:df
-----BEGIN CERTIFICATE-----
MIICMTCCAZqgAwIBAgIBBjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMB4XDTA5MDQyNjIwMjk0MFoXDTE5
MDQyNDIwMjk0MFowHjELMAkGA1UEBhMCU0UxDzANBgNVBAMMBnBraW5pdDCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAskdC3Eb4lONmK/kmFFZBaOF6BM1VRa7g
qEiAM1j8hk/oZ2KJ99S60buaaoMbTgG1fJ6y0r+EIZhYHbZN+q/y5ejU1nijBtpp
FQnY+gcJl88aOyxpsliiC0hONxEs9XqPUORAFCkoMKwLtQoeYLSa1I28OMkvqdE1
58nUGGYcFS0CAwEAAaNzMHEwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0O
BBYEFOg/GovCipz5tE+V2VUpDKULDhPGMDgGA1UdEQQxMC+gLQYGKwYBBQICoCMw
IaANGwtURVNULkg1TC5TRaEQMA6gAwIBAaEHMAUbA2JhcjANBgkqhkiG9w0BAQUF
AAOBgQC1q8LV+DD8u7NTwkKg8U2gXJIax9wB30Jq0sh5GK6nCY7qHJeAk7HjI03K
FfX4wtA4XQ12e0FH8aR3JoYsaSpchjIACdoEPNYwnaMK4rGmNi//PIDW5yqLSd3Y
JJh6FQop8EswrnO1r3B6OrBAJ6dOdIxGHi+7zFdjML+xOIEQvQ==
MIIFODCCAyCgAwIBAgIBBjANBgkqhkiG9w0BAQUFADAqMRswGQYDVQQDDBJoeDUw
OSBUZXN0IFJvb3QgQ0ExCzAJBgNVBAYTAlNFMCAXDTE5MDMyMjIyMjUwNloYDzI1
MTgxMTIxMjIyNTA2WjAeMQswCQYDVQQGEwJTRTEPMA0GA1UEAwwGcGtpbml0MIIC
IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5OYasd6RMDSKx/LZCgmCE0bp
28hUHg6wsArjo7VVPG/4RY8k7VbFFiOqrYZaWuCPovWCWcxwt0XMG0SnSUv/Yyid
ASJ5yhpqK3X4QMDwk7Grhc2viKww88tCh/y+drv9HKRFemY3R+qqv8RLR/tbqz/B
IqkG8mE9WyBR/M6ngnRvPaxo1niid4MmryNjID8hbikfVUym0FpR5ZbBzSIDIu7e
QjyCTSkgxr6FWwQ6X4vH6E6qPI7dDdjl0P8LUjdAUQ0z96gFB3bcSCDNUjikH0QR
z21YqVqaNMuTBzDjZnvc0wtrohw/GewLDOopbHVNeobPNYeeUBXzNHMOrEulqh+i
+dWPNL1fGa4ijH/3ymTm7UJ15ZKcU1O3ZmjlB+sIQOy9fK6wxKVL10tYhgWokdvu
ej/E/YPle8vQjIdoO4Nn5Wpe+ii17gexDWqTHrDHXFf9zuKcD17+Qc8g8h2IUgDU
g/5b14dJsHgrp2DCVcbDom0WBH+LEvdlxpFBU9iscMA9g9jgbLs+SLjCcr7ANWFA
/5+XGJ7HOQ+TNo8OpjxtW/2JarvuXkP4DSl6zyO/C8Epdq6imnOy0Lm9SFElimup
xQeUJgMQdHv8t12PLZdVET58BIkOublzKmxbEhllkkhk1U8seT8WrWWXIds8MGhn
qkIUhllXsHkVnqMFTzMCAwEAAaNzMHEwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAw
HQYDVR0OBBYEFHrG27jSddGNu3KutSVub4yvYzpNMDgGA1UdEQQxMC+gLQYGKwYB
BQICoCMwIaANGwtURVNULkg1TC5TRaEQMA6gAwIBAaEHMAUbA2JhcjANBgkqhkiG
9w0BAQUFAAOCAgEAf1x2/T3vDH9wxwnTXMG2QCVHo2q/Tq3R5syShrZqQj1PvPFv
/X4iUpzcpgtxmIBEz/GRu1DIFc2M2Jx9jWlhG0xmQHdERTOcmgQBoUuCOtc5lyeQ
pnGasZzOYAGLpW85o+F13jxcYWalUNsPSgMyjd3ltqtqslNqTMmZdPf1HqUGGtNk
JsV39KZAGsR+IgWmpSX3XXSlyYbAOogubg5YT+Vu6So0Kh0dpOR086XlVl1fAsTr
xxLyVWrxbOxuuMEtqkp97ZHIeBu3uTcXMu4btdlcmNLP2MaQpcnx640s1JCyjOVT
mmYgkouiDIt2m19bOXdpZ6eM3hBXhUWkj4U6WV/8DHDeHGczXpulIT29Lt4+wg3P
j1JDkgHMR9qvR4VplNOfydVdUMonpbvAUxLg6DztDb1Hl6++uPkMECp5ITwV78Cl
6zM4k1uj3hqX68PbBB/o9CMQ/y0em04fjid9cTTivnSiYmmag3tunuSifISC/4Oz
zdIPdAVyuLBFI7bNBCUtWH+Szmj5utCeqOH4wIYOqu75r/9cv0Z2CLGD52aLyhuP
9J9qrHFOOtF3/ZeB/w7Q0Up+bZTmjOEokrFog1piSA0m7ihgV/9SuB6MA9j7wW5P
/XpGCw/IBa06pGi+/TBizvIKsTQslefikeyjxk4tpf4JRYQ4nNf0Cxgind8=
-----END CERTIFICATE-----
Loading